Although Bring Your Own Device (BYOD) is not hitting the front page on a weekly basis anymore, it is still relevant. The hype may be over, but enterprises are now working to find practical remote access solutions for managing the variety of mobile devices utilized by employees at home and at work.
BYOD policies often classify mobile devices according to their operating systems. Thus, administrators have to work with one of the following: Apple iOS, Google Android, Windows and BlackBerry. With Android for Work, Google is helping enterprises that deploy Android devices by offering a mix of apps, technologies and designs to separate and control business and personal use on mobile devices. Google uses elements of Samsung KNOX, specifically, mobile device management (MDM) and containerization technology, to separate work from personal data and apps within the device, similar to what BlackBerry 10 has been providing for some time.
Android for Work also includes an enterprise version of Google Play, allowing employees to install only those apps that have been authorized by the network administrator. Personal and business use is separated by users logging in through different profiles. Once an application has been designated as a business app by the network administrator, it is possible to control data traffic and access rights. This does not affect other applications, since business apps are in their own separate area.
Google devices with Android 5 (Lollipop) already have Android for Work integrated. Older versions of the operating system can be upgraded by downloading the app, available through the Google Play Store. Android uses the multiuser support in Lollipop, standard encryption and SELinux security mechanisms for this purpose.
Android for Work itself, however, is a technology, only becoming a product when it integrates with its many partner solutions. Almost every major MDM manufacturer indicated its support right from the outset, including Airwatch and Mobilelron. The big device manufacturers also want to integrate with Android for Work.
In addition, of course, a VPN solution has to be installed and operational on the end-user device, to secure the data connection outside of the enterprise network. The VPNs of several manufacturers will be supported by Android for Work, allowing for secure connection between mobile devices and enterprise networks. The fact that the focus is on the Internet clearly shows that the security of mobile devices isn’t feasible without VPN.
Google Play for Work also has several integrated APIs, allowing management solution vendors to administer applications on end-user devices. This enables administrators to remotely install and remove applications. The apps available in the Play for Work app store can also be limited and only authorized for certain employees.
Additionally, administrators can see which apps users have installed and how many licenses are being used. If so designed by the app developer, more restricted settings are also possible. Administrators can activate or deactivate features of those apps, input user data or change configurations. The communication between Google Play and end-user devices is SSL encrypted. One example for such an app, which is fully configurable by the administrator, is, not surprisingly, the Google Chrome browser.
Each enterprise uses Android for Work in its own domain, even if the Google page only contains an infrastructure for hosting the applications. Therefore, enterprises can provide applications exclusively to their employees, who are the domain participants; other Play Store users do not see these apps. Alternatively, large enterprises can also look after their own APK hosting. Here, as well, access to the program packages is only possible through the enterprise network or a VPN.
The security features of Android for Work are so important to Google that there is even a separate whitepaper which, besides general security information about Android, explains the container principle of Android for Work in detail. One thing is certain: Android for Work will not solve the BYOD issue single-handedly, but with its design and being anchored deep in the operating system, it provides a suitable approach to separating apps used for work and home. In addition, with a compatible, secure and manageable VPN solution, connection to the enterprise network is no longer an issue.
Want to learn more about seamless roaming? Download our whitepaper “Seamless Roaming in a Remote Access VPN Environment” to find out more.
– The value of seamless roaming
– The risk of unstable applications
– How seamless roaming redirects the VPN tunnel