Managing Android in the Enterprise
Android devices are coming on strong with consumers. In Q3, it claimed a remarkable 27% of tablet device sales worldwide, which is a stunning result, given that all of the buzz was in the iPad camp. Even more impressive, AT&T, original home of the iPhone, reportedly doubled its Android phone sales in the same quarter. Despite fears that Google would spook its partners by jumping into the Android hardware space, consumers seem to be beating a path to their collective doorways. Given this, it is worth getting ahead of the impacts of a likely population explosion of enterprise user supplied devices of the Android persuasion.
It is for this very reason that a recent article in Network World about Android’s potential issues for the enterprise mobile device management caught my eye. If you are responsible for managing mobile IT infrastructure, chances are you already appreciate that Android isn’t just one thing, or even a closely related series of individual things. Rather, it is a basic mobile OS framework upon which device vendors can build, allowing full customization and ample opportunities for the device vendor to differentiate and position products. A lot of popular, relatively low cost Android consumer devices are very light on security features. This stands to reason, because for most consumers, beyond a certain fairly fundamental level, security is just inconvenient. Device manufacturers would far rather build in features that attract customers
In terms of managing and securing Android device access to enterprise assets and infrastructure, relying on well hardened perimeters is probably going to be less successful and efficient than prioritizing and addressing critical threat scenarios. If I had to choose one threat scenario as a place to start fortifying Android device defenses, it would be creating strong privacy and security for mobile messaging streams. Here’s why:
Recently, I’ve been hearing more and more about a mobile hacking technique known as ‘spearphishing’. Unlike older phishing techniques which broadcast malware-laden spam in hopes of snaring the naïve, spearphishers use sophisticated mechanisms to steal personal information, accrete enough of it to concoct highly authentic looking bait, and then approach a specific target impersonating a highly trusted source. Some documented spearphishing incidents have achieved large scale, effectively infiltrating entire institutions’ IT infrastructure. Moreover, they can go undetected for long periods of time if their activities are not aimed at causing disruption, but instead at harvesting valuable data. Before a facing management of a significant crowd of weakly protected BYOD Android devices, have some built in precautions that keep enterprise messaging streams from becoming a playground for spearphishers.