Android is cleaning up in market share for smartphones, but it's still a dodgy bet in the enterprise. The security architecture has always been a few steps behind that of Apple's iOS, and even third party products have had a hard time filling in the gaps.
Now MobileIron, one of the leading Mobile Device Management (MDM) companies, is announcing improvements in their Android support with the goal of making it a safe choice for the enterprise. Already, according to the company, more than half of their customers are using Android devices under management by MobileIron; 30 customers have over 1000 Android devices under management. But IT still sees Android as risky, and deployed iOS devices vastly outnumber Android devices.
The highlights of the announcement are:
- Containerized Native Email. Mobile Application Management (MAM) products allow developers to "containerize" an app to make it manageable and to provide fine-grained security. But they can't containerize the pre-loaded Android apps like the Mail client. MobileIron, as part of a partnership with Divide (formerly Enterproid), will provide a containerized version of the native Android Mail client built from the Google Android distribution.
Because it's the standard Android Mail app, users will have a familiar experience and the app should work on all Android distributions. It can be managed from the same MobileIron console as other managed apps, allowing IT to impose policies such as: encrypt all content, run app in secure container, block copy paste with unprotected apps, run embedded URLs through MI secure browser, and so on.
- A containerized IBM Notes Traveler app. There are still many Notes installations and they are at very large corporations. A secure and manageable app will be appealing to these companies.
- Validated FIPS 140-2 encryption. Encryption for data at rest and in motion by MobileIron has been certified by an accredited lab for FIPS 140-2 Level 1. Support for this standard is often required for government agencies and regulated businesses.
- Secure tunneled browsing. Traffic to and from Web@Work, the MobileIron secure web browser, will travel through Sentry, the MobileIron secure gateway, making a device-wide VPN less necessary. Sentry provides a single sign on for both web and native apps under management, and uses Kerberos Constrained Delegation (KCD) to get a Kerberos ticket. This ticket can be used to access enterprise resources within the enterprise network.
- Samsung KNOX support. MobileIron is the first commercial licensee of Samsung KNOX. KNOX devices, such as the Samsung Galaxy S4, are not enabled for KNOX out of the box. You need a license key and a service to manage the device. MobileIron now provides that, using KNOX native facilities for containerization and policy.
MobileIron expects Android deployments in the enterprise to accelerate, in part because of a September recommendation by Garner that customers move off of Blackberry. Rather than be locked into iOS, they will grow their Android usage. For certain applications, such as ruggedized deployments (a market that had been dominated by the old Windows Mobile), Android is especially appealing, as OEMs can customize many features as needed.