Enterprise Android Adoption: A CIO’s Big Dream Or Worst Nightmare?

Editor’s note: Neil Florio is responsible for global marketing strategies and demand generation programs for Fiberlink’s MaaS360 product. Follow him on Twitter.

It seems we are living in an Android-dominated world, as the leading mobile open-source OS owns 60 percent of the consumer mobile device market. However, as Bring Your Own Device (BYOD) gains rapid momentum, the same cannot be said of the enterprise space. Many CIOs find themselves in a catch-22 position of satiating employees’ thirst for using the Google-based juggernaut while addressing the very real concerns of protecting corporate data and providing standardized management.

This is supported by the fact that there are now more than 550 Android device types, 48 manufacturers, and a multitude of carriers worldwide. To complicate things further, many of these manufacturers and carriers have installed custom variants of the OS and added software to differentiate their offerings from the rest of the continuously growing Android herd. This is great news for consumers as it offers them choice, but it sends chills up the spines of CIOs who have relied for years on efficient management through standardizing only a few devices.

Each version of Android has improved management and security capabilities, but the vast array of devices on the market means it’s unlikely that enterprises will ever deal with only one device type. This doesn’t negate the prominence of Android in the enterprise, it simply means CIOs must arm themselves with the right protective measures. The heterogeneity of the Android platform means that enterprises looking to run the OS have a multitude of management uncertainties, such as device controls, data usage and encryption — something that all CIOs dread.

When a CIO makes the decision to adopt Android, one of the first issues he faces is user management. There is no inherent capability in the Android platform for extending and revoking privileges to individuals, tracking their usage, or notifying IT when devices violate policies and action must be taken. This is a stark contrast to the standardization offered by Apple iOS Exchange ActiveSync (EAS) Support. Android natively does not support many of the EAS policies, leaving the responsibility to the device manufacturer and the CIO to figure out what does and doesn’t work.

In addition to managing users, the CIO now has to handle increasing volumes of data, spread across various parts of the business. The more recent versions of the Android platform support 4G networks, which consume data with a voracious appetite. However, because many carriers charge by gigabytes consumed as well as minutes of talk time, the business can be liable for significant overage charges if a device surpasses the limit. Users are often unaware of how much data they’re using. Additionally, many devices can be used as mobile hotspots, effectively acting as a Wi-Fi modem for other devices, giving away data to all who come in range.

But perhaps the biggest concern to CIOs when considering Android adoption, above data and user management, is encryption. Encryption of data is a key requirement for enterprises, from the standpoints of corporate policy as well as industry compliance such as PCI-DSS. Prior to the release of Honeycomb (version 3.0) in February 2011, Android devices did not have any kind of hardware encryption. Sadly, Honeycomb was solely for Android tablets. A year later, close to 80 per cent of the existing Android phones on the market are running Android versions that do not support encryption, with the most prevalent being versions 2.2 and 2.3. This presents a substantial risk for email, calendar, and contact information being compromised by prying eyes.

The latest version of Android 4.0 does support device encryption and runs on both tablets and smartphones, but because it was released late in 2011, it’s not running on most devices. As a result, with more employees bringing Android-enabled devices into the workplace, CIOs must take extra measures to encrypt Android devices. Certain CIOs are already exploring a more flexible approach to enterprise application management, which lets them automate security rules, continuously monitor devices and detect any threats. It also provides them with dashboards highlighting compliance metrics, as well as granular information on device and network use.

Android is here to stay, especially as BYOD programs pick up speed. We have already seen certain manufacturers, such as Samsung, adding additional enterprise features to support with their SAFE program, allowing IT administrators to remotely manage mobile applications and overall device functionality.

In order to remain secure and compliant with industry standards, CIOs need to refer to examples such as mobile device management when looking for a more agile way to protect and manage the wide range of available devices, versions, and idiosyncrasies. Only then will they have any hope of ensuring that enterprise adoption of the world’s most popular mobile operating system turns into a dream and not a nightmare.