The secure enterprise Android dream awakens?

| 1 Comment
| More

Open source technology is not necessarily any less secure than proprietary.

There -- we've said it, do you feel better?

Industry protagonists, commentators, analysts, evangelists and (god forbid) even bloggers cum technical journalists (scum of the Earth of course) have been advocating the wider "robustness" (cringes at industry marketing-speak term) of Linux and open platforms for a long time now.

Let's look at the facts...

One of the UK's leading open source news commentary channels (apart from this one of course) combines open source ALONGSIDE security as its two central themes. Clue: begins with H and doesn't have any more letters.

IBM developerWorks writer Himanshuz.chd (not a very catchy name) says that the belief that a closed source software is secure is not true.
Android-Jelly-Bean-Logo.jpg
"The live and biggest example of this is the Microsoft family of operating systems. Everybody knows that these guys do not release the source code but still we have huge number of bugs and security compromises for Microsoft family of OS," he writes just last year - and the rest of the piece is worth a look too.

Fast forward to this week at Mobile World Congress Barcelona (¿would you like a jamon e queso bocadillo señor?) and there is more evidence, potentially...

SAP this week announced expanded Samsung For Enterprise (SAFE) certification for its (originally Sybase purchased) SAP Afaria mobile device management solution.

NOTE: In terms of quality, SAFE certified devices are "guaranteed to have met Samsung's security criteria" and feature what are described as 'enhancements' suitable for business use.

The firm then asserts that when SAFE devices are managed by SAP Afaria, businesses will be able to "manage and secure" large numbers of disparate users, bringing their own devices into the workplace to what is claimed to be the most "widely deployed" enterprise mobility management (EMM) solution in the industry.

According to Gartner, "Samsung commands over 42.5 percent of the Android market globally.

The enterprise-specific features of the SAFE programme could strengthen SAP's ability to deepen enterprise integration and support for the mobile devices most widely used by consumers and businesses - and this includes Android devices, because Samsung loves its Android line.

TECHNICAL NOTE: SAFE devices provide enhanced IT security protection through various policy groups such as Application Policy, Exchange Active Sync IT Policy, Encryption Policy, Native Email Policy, Various Restriction Policies (WiFi, USB, SD card, Bluetooth, camera, microphone, clipboard, etc), Location Policy etc.

"SAP currently has over 4,000 Samsung devices deployed internally around the world. The benefits of managing Samsung devices through SAP Afaria include unified management of multiple device models, streamlined installation of email accounts and enhanced security policies, including application white/blacks and SD card enablement/encryption," said the company, in a press statement.
Android jellyn.png
The companies now say that they will continue to work together to address the management and security concerns commonly faced by enterprises using Android devices.

The next step in the companies' planned collaboration is in Samsung KNOX, an end-to-end secure solution intended to provide "security hardening" from the hardware layer through to the application layer.

According to SAP and Samsung, "KNOX retains full compatibility with Android and the Google ecosystem, while engineering management enhancements, including its application container technology to support both BYOD and Corporate-Liable models without compromising corporate security or employee privacy."

NOTE: Corporate-Liable? The opposite of BYOD? OK, we'll go with it.

Are these solid enterprise-level instances of properly safe and robust open source mobile solutions? Yes they are. Will they win over customers in terms of implementation and deployment? Ah, now that's another question.

1 Comment

SAFE certainly looks like a step i the right direction. What I am missing is:

1. Trusted boot execution - mTPM functionality that enforces the integrity of the bootloader and kernel - effectively disabling rooting of the phone

2. information on how the encryption is done, especially where the encryption key is stored. Is it HW accelerated and stored? Compare with Apple lengthy document on iPhone and iOS security.

3. Expanding on the previous point - is the SD card encrypted with the same key as the device? If so, it would allow for offline brute force attack

Otherwise, seems that Android, and Android vendors, is starting to support security features I would expect from a business device.`

Leave a comment

(You will need either to sign in or enter a valid email address to comment.)

About this Entry

This page contains a single entry by Adrian Bridgwater published on March 1, 2013 12:43 PM.

Embedded industrial Linux drives Mars Rover was the previous entry in this blog.

Is Opera for Android an 'off-road' champion? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Categories

Archives

-- Advertisement --