Google stops ignoring enterprise, adds EMM to Android

Google stops ignoring enterprise, adds EMM to Android

Summary: How could it have taken so long for Google to do this? At least their decision to use Knox makes sense, given that it has traction and credibility.


For many years now it has been clear that fragmentation of the Android platform has been an impediment to enterprise support for it. If you're an administrator, especially one with security responsibilities, you've had to be worried about letting Android onto your network. If you've done so, you've probably limited it to Exchange ActiveSync access.

Finally Google has announced the incorporation of MDM/EMM APIs, specifically Samsung's Knox, into Android. Those acronyms, if you don't recognize them, are Mobile Device Management, the old and now disfavored term, and Enterprise Mobility Management, the newer term.

MDM was essentially invented by BlackBerry to give administrators some basic control over devices and applications. The API was ripped off by Apple for iOS.

In the meantime, numerous third parties like MobileIron and AirWatch (now owned by VMWare) built onto the primitive MDM standard to create a more comprehensive set of capabilities which have come to be called EMM, the best parts of which help to protect personal and business use of the device from each other.

Because of their market dominance in the enterprise, iOS devices have always had the best support from third parties. But it wasn't just their market share; the fact that Google would not build the basic APIs into the operating system in a standard manner meant that third-party products were limited in what they could do, and had to do it differently on Android devices from different handset companies.

Since they waited so long, Google allowed even the EMM market on Android to fragment some, but incorporating Samsung's Knox is the smart thing to do. Samsung has been attempting to fill the enterprise gap in Google's products for a long time, and one credible plan for enterprise support for Android has been to limit it to Knox devices.

You might think that Samsung would hesitate essentially to give an important advantage away to their competitors, but a more credible Android platform is good for all Android companies, especially the biggest one, Samsung. It also looks like Google isn't taking over Knox, but that Samsung will retain some control over it. Presumably (we only have a press release now, not a spec) the only part of Knox incorporated into Android is the client support, not any of the management tools or control of the app store, which will remain third-party opportunities.

The result of all this will be a platform that enterprises can feel a lot better about supporting in BYOD programs. There are many security weaknesses in Android relative to iOS, but building top-notch EMM into the OS allows enterprises to mitigate most of them. You can prevent users from allowing third-party app stores, from going into developer mode, or from rooting the device. You can force applications and updates onto the device. You enforce encryption of data at rest and in transit. You can prevent access of the enterprise data by non-enterprise apps and vice-versa.

The market for mobile devices and applications just got a lot more exciting. Good move by Google to open up new opportunities to their OEMs.



Topics: Security, Google, Mobile OS

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • They're copying BlackBerry 10

    But they still can't approach the security that BlackBerry offers.

    KNOX attempts to build a fortress upon an insecure technology, while BlackBerries are built for security from the ground up using a Unix based RTOS microkernel that gives a phone that is not only more secure, but faster, more reliable, and easier to use.
    • Depends....

      Android is build by advertisers, for advertisers. I'm sure the data that is mind from you is securely passed to its intended recipients... :-)
      • But..

        Is it "mind" or "mined" or is it poetic license for the future. Apple does the same thing, Windows is clueless and just follows the trends. Android as an advertising vector(?) - the devices and access should be free.
    • Also depends...

      On what Android you are talking about. Certain vendors have had their Android DoD approved, mostly Samsung. The big thing BB has going for it now seems to be security through obscurity as no one is using their platform.

      BB should have years ago go into the MDM (EMM, etc) business. They could have captured it and been the dominate player. But I went to RIM WES conf. back in the 90's and it was absurd how clueless the company was when they held open forums and all the things the attendees (enterprise people for the most part) were asking for RIM did not see a business need for. Now all those things are in iOS and Android. BB is going the way of Palm.
      Rann Xeroxx
  • Knox in Name Only

    I think as the story plays out over the next few weeks, you will find that Android At Work is about Knox in little more than name only. Google is helping Samsung, its largest OEM save face as Samsung throws in the towel on Knox...

    Google has built the 1st revision of its own container which is Knox like, but not Knox to build organic "at work" security into Android L and hardware futures.....