Android mobility best practice advisories

Whether it’s ubiquitous access to information or advanced new sensors that can model 3D space, one of the most exciting aspects of mobile devices is their potential to change the way we do business. Often that transformation can be dramatic, bringing new questions and challenges for IT decision makers tasked with building new infrastructure, managing device configurations and working with new partners.

Today we’re publishing the first in a series of best practice advisories that share recommendations for deploying and using Android in the enterprise. This advisory focuses on five best practices for securely deploying and maintaining your Android devices:

  • Distribute public and internal applications via the Play Store to take advantage of the security benefits and convenience of Play’s updates. Android recommends disallowing installation from “unknown sources,” as apps installed from outside the Play Store have a higher incidence rate of malware.
  • Research OEM and carrier partner commitments to Android’s monthly security updates when deciding which devices to purchase and support. Consider restricting access to sensitive company information on devices that don’t receive regular updates.
  • Store company data separately from personal data when using a personal device for work (BYOD). Separate storage ensures personal apps can’t access corporate information, and also ensures that the employee’s personal photos, music and apps remain private.
  • Use policies to require encryption to protect stored corporate data on devices with access to company information. For additional security, customers should consider using full disk encryption and requiring a PIN or password to start the device.
  • When managing a range of devices, ensure that your Enterprise Mobility Management (EMM) solution takes a best-available approach to management that uses the latest APIs supported on a given device. This enables newer management capabilities to be used even if there are older, less-capable devices across your fleet.

We recommend using these guidelines and those in future advisories as a reference when configuring your mobility environment to make the most of the extensive security and productivity benefits in Android.

How Google Cloud securely enables modern end-user computing

The era where the majority of employees work solely from a gleaming corporate headquarters is giving way to the era of the cloud-based mobile worker. Enabling your workforce to get work done from anywhere increases productivity, improves collaboration, and strengthens employee engagement. But it also can create security and compliance challenges.  

At Google Cloud Next ‘19 in April, we delivered a presentation on how Google Cloud securely enables modern end-user computing. It’s a timely, essential topic given the reality we now operate in.

Our ecosystem of end-user computing products is built on Google Cloud Platform (GCP). GCP delivers a foundation that prioritizes security by default, leverages purpose-built infrastructure, and offers powerful proprietary security controls. GCP allows users to integrate an extensive ecosystem of partner tools, and provides validation against some of the most rigorous global security standards such as the ISO 27000 series.

In addition to this infrastructure foundation, our multilayered approach to end-user computing embeds security at the application, user, and device layers. Let’s take a look at the Google Cloud end-user computing stack:

security from data center to device.png

Application security
End users increasingly access apps through browsers, and Chrome Browser provides secure, trusted access to these cloud apps across platforms. We’re continuously working to improve the security of Chrome Browser, helping you safeguard customer and business data across your enterprise. For example, features such as Google Safe Browsing, regular security updates, sandboxing, and site isolation keep your enterprise and users one step ahead of potential threats.

In addition, we take a proactive and intelligent approach to security with all of our G Suite apps, including Gmail, Docs, Drive, and more, automatically blocking many threats that confront your users and automating protection. G Suite gives admins a simple, streamlined way to protect users, manage devices, ensure compliance, and keep your data secure. Transparency is core to Google’s DNA, and we want to be clear that you—not Google—own your own data. We do not sell your data to third parties, there is no advertising in G Suite, and we never collect or use data from G Suite services for any advertising purposes.

User security
In the mobile enterprise, users expect to be able to work from anywhere, on any device, on any network. This new reality requires a new approach to user security.

user security.png

We developed BeyondCorp,  a “zero trust” enterprise security model to help ensure security in this mobile, cloud-based, perimeterless new world. BeyondCorp shifts controls from the network perimeter to individual users and devices, granting access based on identity, device state, and context. This gives IT more granular control and lets users work securely from any location, on any device.

Implementing Cloud Identity, our unified identity, access, and device management solution, is a great step towards enabling BeyondCorp in your organization. Cloud Identity provides enhanced account security with multi-factor authentication and works seamlessly with FIDO security keys, including Google’s Titan Security Key, to provide an extra layer of protection. Additionally, now your Android phone is also a FIDO security key, providing a strong and convenient defense against phishing and account takeovers.

Device security
Google offers a variety of Android and Chrome enterprise devices in multiple form factors and price points. Both Android and Chrome devices are secure by design and employ a defense-in-depth security model. Features like verified boot, application sandboxing, on-device encryption, and regular background security updates, help ensure rock-solid, always-on device security. For more details on our approach to Android and Chrome security, check out our recent blog post where we cover the findings from Gartner’s Mobile OSs and Device Security: A Comparison of Platforms report.

device security.png

Devices are only as secure as the software tools that users run on them.  Google Play Protect is the world’s most widely used anti-malware solution, with 50B apps verified daily and over 2 billion devices protected. With Managed Google Play, you can push, update, and remotely configure apps protected by Google Play Protect for your users on both Chrome and Android devices, protecting them from side-loading risks in third-party app stores.

Security from the data center to the device
With interlocking defenses—from infrastructure, to application, to user, to device—our goal is to deliver a multilayered security solution that works up and down the enterprise end user computing tech stack, so your organization can be more mobile and more productive, without sacrificing security. If you’re interested in learning more, please watch our Next session and reach out to us to keep the conversation going.

Research reveals how to make mobility work best for your business

It’s essential for businesses today to use technology to solve problems and become more efficient. Of course, this kind of digital transformation doesn’t happen overnight. There are lots of new tools to explore to help move your business forward. If you’re managing user devices, you know that finding the right balance of empowering users and protecting the business is essential.

And according to research firm IDC, the mobility enabled by cloud-native tools and devices like Android is a key way businesses can address the challenges they face in a fast-paced tech world—namely security, compatibility, and device capabilities. Mobility generally, and Android in particular, has the potential to help teams collaborate across devices and work in new ways.IDC recently published new research, sponsored by Google, that describes how organizations can take advantage of business solutions, platform security, customizable hardware options, and user-friendly management and deployment capabilities to best equip their teams for success.

In its series of whitepapers that make up the research, IDC identified the three most important considerations when choosing the right mobility solution: security, solution breadth, and a good experience for IT and end users. IDC also found that Android performed well in all of these categories.

Flexibility and security for the cloud worker era
Cloud workers—a growing workforce segment, made up of those who work an average of 4.6 hours a day in browser-based business apps across multiple devices—depend on the ability to work across devices and with colleagues and customers without tech barriers. With more data than ever generated and shared through cloud and other enterprise systems, these workers require real-time access to the right information.

In its research, IDC found that Android is a strategic mobility platform that can address these needs, with our secure mobile OS, ecosystem of OEM and software partners, and underlying management capabilities. In addition, the research found that Chrome and G Suite also fit the bill for these business needs, and can create the path for a business to solve problems and work quickly at scale in new and innovative ways.

Here’s a deeper look at each of the digital transformation pillars IDC researched.

Security remains both a top concern and potential barrier to mobile deployments, according to this mobility research. Business IT teams face challenges with compliance, mitigating issues from lost and stolen devices, and combatting unauthorized access to sensitive data. Whether issuing devices or trusting employees to use their own in the workplace, security concerns are always there.

In its report, IDC found that “The idea that a company’s most sensitive data and systems are a few finger-taps away is a concern for many IT security and risk professionals. This is why mobility in general comes up as a top security challenge, and makes IT decision-makers skittish about the technology.”

Android’s layered defense strategies and continuous innovation help to keep business data secure and accessible whenever your team needs it. Backed by the expert teams at Google, security and privacy are a top priority for Android, enabling businesses to work seamlessly in the cloud.

Android’s multilayered approach to security uses hardware and software protections, and is backed by the built-in malware defense of Google Play Protect. By being open, Android benefits from the shared knowledge of the wider security community, earning third-party validation for its robust enterprise security features.

Solution breadth
Along with security challenges, business IT teams are also exploring which mobile devices to deploy to users, who need to connect easily and quickly to get work done without running into operating system or other compatibility issues. Device choice isn’t one-size-fits-all, and users’ needs vary. For mobile deployments to work, businesses have to be able to address the security, manageability and pricing challenges. Platform and ecosystem flexibility, including device choice, will power these users’ success.

For enterprise success, a platform must offer a diverse range of mobile device types, price points and apps that address a variety of use cases. With the variety of Android device options, teams can build custom solutions on hardware that suits their needs.

Many organizations are turning to Android Enterprise Recommended to choose devices and services with confidence. We validate devices and the enterprise mobility management and managed service providers to make sure they meet an elevated set of standards for enterprise users.

IDC notes in its research that a rising use case for enterprise needs is dedicated mobile devices. These are fully managed by the enterprise, and used in customer settings like kiosks or digital signage, or for employees handling inventory management or logistics. Two-thirds of enterprises have dedicated devices in use, with Android growing fastest in the market. This is particularly the case with rugged devices, which are growing at five times the market rate of mobile devices generally, according to IDC.

The diversity in device types and price points offered by Android give organizations flexibility, so you can match the appropriate device for each use case.

IT and user experience
A major challenge that IT departments often face is striking the right balance between security and granting employees flexibility in how they use their devices. This tension is especially evident with mobile devices, as many workers want leeway when using personal devices for work.

Android is uniquely positioned to strike this balance with our work profile capability, which separates personal and corporate data on a device. This ensures strong security safeguards and controls for company data and apps while giving users privacy for how they use personal apps on the device.

Dive deeper into IDC insights
This IDC research has plenty more detail on how enterprise mobility paired with cloud-enabled solutions can boost businesses in today’s competitive landscape. Explore the findings and learn more about how a mobile, connected workforce can deliver on digital transformation.

Master mobility with these 7 Android Enterprise sessions at Cloud Next ‘19

From office professionals to front line employees in every industry, Android is powering the world’s workers by securely connecting them to the cloud.  At Google Cloud Next, happening on April 9-11 in San Francisco, CA, we’ll be presenting a number of informative breakout sessions on Android security, app building, Android Enterprise Recommended and more. We’ll also preview the upcoming version of Android.

If you plan to attend the event, here’s a more detailed look at what you can expect in some of the sessions. Click the links below to reserve your spot.

  • What’s New and Next in Android Enterprise: As Android has become the platform of choice for enterprise mobility, learn how to tackle the biggest issues facing mobility strategies today, from balancing security and privacy to providing user experience productivity boosts.

  • How Android has Redefined the Approach to Mobile Security: Android multi-layered security uses hardware and software protections and the power of machine-learning to helps protect devices at the application layer. Learn how Android has proved that open doesn’t mean unsecure, with third party validation determining that the Android platform provides the most robust security features available to enterprise.

  • Privacy & Wellbeing: A New Approach to Mobility: Companies need to earn trust and acceptance from employees. Learn how Android Enterprise features were built with employees in mind, delivering industry-leading privacy and digital wellbeing features.

  • Beyond the smartphone: New Use Cases for Android: Android has a device for every task and use case. Learn how dedicated devices are being used and managed across industries, often as part of a broader device fleet, to transform workflows, improve data sharing, and increase productivity.

For more on what to expect at Google Cloud Next ‘19, take a look at the session list, and register if you haven’t already. We’ll see you there.