Google stops ignoring enterprise, adds EMM to Android

Summary:How could it have taken so long for Google to do this? At least their decision to use Knox makes sense, given that it has traction and credibility.

For many years now it has been clear that fragmentation of the Android platform has been an impediment to enterprise support for it. If you're an administrator, especially one with security responsibilities, you've had to be worried about letting Android onto your network. If you've done so, you've probably limited it to Exchange ActiveSync access.

Must See Gallery

Tax refund buying guide: 10 mobile devices from $150 to $17,000

With the average American getting nearly $3,000 of their money back from the government many are looking to treat themselves to a new mobile device. Matthew Miller has ten recommendations for you.

Finally  Google has announced the incorporation of MDM/EMM APIs, specifically Samsung's Knox, into Android . Those acronyms, if you don't recognize them, are Mobile Device Management, the old and now disfavored term, and Enterprise Mobility Management, the newer term.

MDM was essentially invented by BlackBerry to give administrators some basic control over devices and applications. The API was ripped off by Apple for iOS.

In the meantime, numerous third parties like MobileIron and AirWatch (now owned by VMWare) built onto the primitive MDM standard to create a more comprehensive set of capabilities which have come to be called EMM, the best parts of which help to protect personal and business use of the device from each other.

Because of their market dominance in the enterprise, iOS devices have always had the best support from third parties. But it wasn't just their market share; the fact that Google would not build the basic APIs into the operating system in a standard manner meant that third-party products were limited in what they could do, and had to do it differently on Android devices from different handset companies.

Since they waited so long, Google allowed even the EMM market on Android to fragment some, but incorporating Samsung's Knox is the smart thing to do. Samsung has been attempting to fill the enterprise gap in Google's products for a long time, and one credible plan for enterprise support for Android has been to limit it to Knox devices.

You might think that Samsung would hesitate essentially to give an important advantage away to their competitors, but a more credible Android platform is good for all Android companies, especially the biggest one, Samsung. It also looks like Google isn't taking over Knox, but that Samsung will retain some control over it. Presumably (we only have a press release now, not a spec) the only part of Knox incorporated into Android is the client support, not any of the management tools or control of the app store, which will remain third-party opportunities.

The result of all this will be a platform that enterprises can feel a lot better about supporting in BYOD programs. There are many security weaknesses in Android relative to iOS, but building top-notch EMM into the OS allows enterprises to mitigate most of them. You can prevent users from allowing third-party app stores, from going into developer mode, or from rooting the device. You can force applications and updates onto the device. You enforce encryption of data at rest and in transit. You can prevent access of the enterprise data by non-enterprise apps and vice-versa.

The market for mobile devices and applications just got a lot more exciting. Good move by Google to open up new opportunities to their OEMs.



Topics: Security, Google, Mobile OS


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.