Can personal and corporate data securely co-exist on a single personally-owned device? Recent advances in mobile operating system capabilities targeted for the enterprise and enterprise mobile management (EMM) tools make securely distributing and maintaining enterprise mobile apps more a matter of data security than full device control.
[Article written for the Wall Street Technology Association's (WSTA) quarterly newsletter Ticker e-Zine]
____
Is the corporate-owned mobile device still relevant? Recent advances in mobile operating system and hardware capabilities targeted for the enterprise and enterprise mobile management (EMM) tools are definitely reducing the number of such scenarios. The barrier to this shift has been an inability securely distribute and maintain personal and corporate apps and data on a single, personally-owned device, often referred to as Bring Your Own Device (BYOD). What’s changed?
Android Nougat and Android for Work
Android Nougat and Android for Work
Google’s Android mobile operating system has been regarded as less secure than Apple’s iOS, primarily because Android is an open system and default security settings—such as whole device encryption—lagged Apple’s implementation.
To combat this perception and court enterprise customers, in early 2015 Google introduced Android for Work, a suite of capabilities targeted for enterprise mobile computing needs.
With the release of Android Nougat, which included numerous Android for Work updates—and corresponding updates of leading enterprise mobile management (EMM) tools, Android Nougat-based devices can now cleanly segment and secure enterprise apps and data from personal apps and data.
Key capabilities include that enable and facilitate this separation of personal and enterprise include:
- Apps and data are separated based on work and personal profiles; visual cues distinguish work apps from personal apps
- Single sign-on simplifies enterprise app access
- Always-on VPN protects data in transit
- Distribution of enterprise apps through managed Google Play, self-hosted or hosted by Google—or through an EMM’s private app store
If your data security needs are deeper than most and you’ve standardized on Samsung or LG devices there are additional ways to ensure app and data security on personally-owned devices.
Samsung Knox and LG GATE provide an array of more extensive capabilities that ensure separation of personal vs. enterprise apps and data, including:
Samsung Knox and LG GATE provide an array of more extensive capabilities that ensure separation of personal vs. enterprise apps and data, including:
- Secure workspace “containers” isolate business applications and data from personal with government-grade security—potentially all the way down to the hardware layer, if required
- Enterprise users can switch between the work apps and personal apps with PIN, password, pattern or biometric authentication
- Ability to permanently secure (without wiping the device) any stored enterprise data if device is lost/stolen or the employee leaves the company
- Integration with and extension of leading EMM tools’ security and distribution capabilities
Until recent catch-up work by Google and key OEMs iOS was generally regarded as the more secure and enterprise-ready mobile platform. This perception is somewhat ironic as Apple’s continued focus is on the consumer market rather than the enterprise.
The key differentiator, however, was security—Apple’s recent legal fight to keep iOS secure (even from governmental agencies) only enhanced their position.
The key differentiator, however, was security—Apple’s recent legal fight to keep iOS secure (even from governmental agencies) only enhanced their position.
From an enterprise perspective, however, Apple iOS is much more dependent than Android on EMM tools to manage apps and data for a several of reasons:
- Lack of a private/enterprise app store capability
- Lack of work/personal profiles to separate apps (although data can be secured)
- Lack of enterprise mobile management capabilities
Enterprise Mobile Management (EMM) Tools
Although both Android and iOS devices gain a great deal through EMM tools, arguably iOS is more dependent. In any case, the leading EMM tools also provide secure distribution and segmentation of personal and enterprise apps and data:
- Silent or on-demand installation of work apps and data/configuration updates
- Work/personal profiles to separate apps and data, including visual badging and even separation of notifications
- Single sign-on
- Disk encryption and secure VPN
Shift from Managing Mobile Devices to Managing Apps and Data
Unlike past scenarios where corporate-owned, fully-controlled mobile devices were required to secure enterprise mobile apps and their valuable data, now organizations have at their disposal a variety of tools with increasingly granular control—without invading employees’ private workspaces on their personally-owned mobile devices. Even older devices which don’t support, for example, Android for Work, can be effectively and securely managed using EMM tools.
Mobile technology has finally caught up with the initial promise of BYOD that employees can carry a single device that will work for both personal and business use.