With more businesses expecting enterprise-grade mobile devices to last longer than the average consumer smartphone replacement cycle, keeping those devices secure is a growing challenge.
According to a survey by Zebra Technologies, 51% of businesses want their mobile computers to last more than five years, some of which are still powered by legacy “green screen” Telnet-based systems or Windows mobile operating systems.
Getting support for these older operating systems is next to impossible, given that those systems have reached their “end-of-life” where software and security updates are no longer provided.
Even for a modern mobile operating system (OS) such as Android, security updates usually end after three years – well short of the five or more years that enterprises need. This gap between OS and hardware lifecycles can create an exposure to ever-present security risks, said April Shen, director of enterprise visibility and mobility at Zebra Technologies Asia-Pacific.
While some enterprises may look to replace their mobile devices with newer ones to take advantage of the latest – and more secure – versions of operating systems, some may be reluctant to do so, given that many enterprise-grade mobile devices are built to be rugged and hence can last longer.
So what can enterprises do? Like companies such as Rimini Street that provide third-party support services for enterprise software, Zebra Technologies, through a product called LifeGuard, delivers regular security patches on a monthly or quarterly basis.
“All security updates that we release also come with detailed release notes that share guidance on the specific vulnerabilities being addressed as well as detailed installation instruction,” Shen said. “All of this has resulted in a unique, industry-leading level of OS security support.”
But that does not mean that all of LifeGuard’s security patches, which address various threat severity levels, need to be applied all the time. Shen said businesses should evaluate the patches in accordance with their IT policies to determine if the patches are required.
“We also understand that software updates may carry a certain level of functional risk. For example, customers may want to assess the individual vulnerabilities addressed in each release, as they may already have taken steps to mitigate some of these vulnerabilities through measures (such as application white listing and lock task mode).”
Of course, there will come a time when enterprises will need to replace their devices for good. That will set off a chain of tasks such as porting existing apps to the new devices and operating system, and testing the apps before deploying them.
Shen said because LifeGuard continues to provide legacy OS security support for one year in the form of quarterly updates, enterprises will have enough time to migrate to the newer OS smoothly and securely.
The catch is LifeGuard is only available for newer Android-based devices from Zebra. Legacy products may either have LifeGuard support or some lesser security support profile.