Today, iOS dominates the enterprise. This has been the case for a few years now, and reports like Good Technology's report show that iOS is at 72 percent of the enterprise, while Android is at 26 percent.

There is a good reason for this. The out-of-the-box Android does not really allow for much restriction, setup automation (like pre-setting up Exchange mail, contacts, and calendar for example), and visibility into the device. This is in stark contrast to iOS, which has, since 2010, been baking enterprise-friendly features into the core OS. Certainly BlackBerry (both BB7 and BB10) which arguably set the standard for enterprise mobile security back in the early 2000s, still have the most restrictions and control, even if customers are not buying them like they used to.

The second issue with Android is the different vendor versions. If you were an enterprise deciding to allow a Bring Your Own Device (BYOD) policy, could you really mandate which devices your employees must purchase? Probably, but it would be a very unpopular BYOD program.

Speaking of different variants of Android, it is actually the manufacturers that have stepped up to make Android enterprise-friendly. Let's refer to the MDM Matrix that shows what MDM policies are supported by which mobile OSes.

If we look in column C we see out-of-the-box Android, the version that you'll find on a Nexus, or Google Play edition of a device. You'll notice that while it supports all of the password restrictions you'd want, beyond that there is not much. Now look at columns D, E, F, and G where you'll see versions of Android by Samsung, LG, Lenovo, and Motorola (the latter two soon to be combined into Lenovo). You will notice that all of these vendors have added enterprise-friendly controls like the ability to disable the camera, disable screen capture, disable copy/paste, disabling synchronization while roaming, etc.

As an enterprise you will be concerned with data leakage. You do not want data, be it in email, documents, or corporate apps, being shared with non-employees. So you'll want to limit features like copy/paste, or screen capturing for example.

With that in-mind, if you wanted to craft a BYOD program for your company, iOS seems like a natural fit with its baked-in controls. Android is tough because of its varying level of controls based on the vendor. One way to address this is by adopting a container like the ones provided by Good Technology and Divide. The container creates a uniform application of controls across all Android devices. The drawback of course is that your users must now adapt to different email, contacts, and calendar apps.

If you were to adopt a Company Owned (CO) or Company Owned Personally Enabled (COPE) then you could simply look at a table like the MDM Matrix, and decide which MDM vendor provides the controls you need, and purchase only those devices. Certainly the most obvious choice is Samsung since they provide by far the most controls and restrictions in the Android space, particularly with its relatively new KNOX service.

If you decide on CO or COPE, you can control the devices you purchase, which then allows you to control them the way you want. The benefit to the employee is that they do not need to learn two separate email, contacts, and calendar apps.

Today, it seems that not only are Apple and Samsung the leaders in the consumer space, but in the near future, also in the enterprise space. What are your thoughts on Android in the enterprise? What devices has your company chosen? Have they adopted BYOD, CO, or COPE?


Reader comments

Android in the Enterprise: The ball's still in the manufacturers' court


This is exactly what KNOX is for. Yes I agree it should be an option and not a mandate, but it is what it is. Samsung is looking to kill Blackberry and take some of that enterprise pie away from apple.

You are going to see more and more of this from the likes of HTC, LG and Sony in the next few years. It is a space that they can ill afford to ignore if they want to continue selling devices to consumers (they are connected since that is the definition of BYOD).

Hopefully someone does the right thing and makes it an option. I do not care if you have to do a full on wipe to enable it....

Unfortunately these same programs for security get rid of the option to root, since rooting shows the device as incompatible and compromised for BYOD principles.

Posted via Android Central App

As of right now you can get around tripping the counter on Knox. No idea about future versions

Posted via Android Central App

BTW, root is not secure in nature so yes, that option needs to be gotten rid of in the enterprise model.

Honestly if a company is using a container like good for enterprise, they only need to take care of the security and encryption of the container. Having root by it self won't explicitly compromise that. That and there ways to trick good to work with a rooted phone....

Posted via Android Central App

You realize you just made the case for Knox? If you can get around a container, it is kinda pointless.

And no IT Admit would or should let a rooted phone on the network. It is not good business practices at all.

Posted via Android Central App

There needs to be a way to elevate privileges for certain things, such as ways to reboot the phone (securely) and gps control, so that it can be useful without draining the battery. I understand that there are advantages to having location services always on for a business that wants to track a phone, but location services is not necessary to accomplish this - it's already triangulated from cell towers.

Android should have incorporated something like this already, but has neglected to do so, so people pursue full scale rooting of their phones for things that could be handled in a much more trivial fashion. Such an ability is ALREADY available on any desktop/laptop, and has been for years. Android is essentially based on a Linux kernel that would easily support this, and it could still be easily controlled by corporate IT admins.

I would argue that its not androids fault, but rather that companies like standardization. They want to support only one kinda phone. I would say the only reason android has an enterprise presence is due to BYOD.

Posted via Android Central App

no, it is not about standardization, it is about security. They want to put a policy in place and have it followed across the board (well I guess that is a form of being standard) as it should be. As an IT admin, it is counter productive to have different standards for different devices, not to mention a nightmare to admin.

The more you know. very informative read. So is this something Google can address? like bake it into the stock android that they give to the oems to then flavor?

I think that this is exactly what Google should do. As long as the manufacturers do not remove it later, I think it would be the best move.

Why would they be interested in it? If the OEM can do it, and they are dropping the nexus, why care?

Posted via Android Central App

"Under the "Silver" program, Google would pay manufacturers and carriers to produce phones designed to its specification, with a limit on the number of non-Google apps pre-installed, and a promise of speedy Android updates. In addition to running Google-controlled software..."

According to this very blog the silver program will still be running google's software and updated by them.

yeah but we do not know the particulars of the program. As of right now it is not Googles issue. That is subject to change...

The nature of the BYOD movement is "whatever device you bought, got for your birthday, etc. can be used to get your corporate data". If Samsung implements some cool enterprise features, but HTC doesn't, what do yo tell the employees who purchased HTC devices? You're out of luck until you buy a Samsung?
This is why it should go in at the source, and why Google should care.

no, you say it is an unsupported device and you will not allow it on the network. It is a common practice, and one that IS monitored.

In this day and age, with the high profile security intrusions, it is common practice. HTC can be on the network when they comply with corporate standards.

More market share in enterprise. Why should they not do it? No point in waiting around for OEMs to give their own take on it. If Google could create an enterprise-ready security standard across all Android phones, IT departments would only have one new thing to worry about instead of one from Samsung, HTC, Moto, etc. It would also put a blanket over Android that it's secure. If it's up to the manufacturers, then IT has to check your Android device compatibility and security - is it by the right manufacturer? Is it up to date? Is it a recently released phone? To the contrary, if it's baked into all Android versions 5.0+, that's all they have to worry about. The less headaches for them, the more Android can be pushed into the enterprise.

My company won't let me have native work email on my Nexus 5. I have to use the Good Technology app (which is God awful). They told me to switch to iOS if I don't like it. I just responded "No". They love me here.

The answer is simple. Google has never been about locking down their devices. Never. Not saying it won't ever change, but I have no problem telling my company to sod off and give me a BB or Iphone that they pay for and use my own device as I please. I work for a huge company so I'd be ignorant to say I know for sure, but the amount of Android devices I see next to BB/Iphone's on desks says a lot feel the same way. No, we don't need to have 2 devices on us at all times.

My company recently rolled out a BYOD program in addition to the old company-owed BlackBerries, which they still offer. They use Good's container app. The new BYOD program has not been a very popular.

I use a Note 3 to retrieve my work email on the go. A while back, somebody in the server department decided they would "improve" security on all connected devices, which ended up requiring a pin lock (not *so* bad) but it also disabled NFC, Bluetooth and WiFi. Any attempt to turn on these radios was met with an error message informing you the action was no longer allowed under the exchange security policy.

So I informed my boss that I would not be receiving work email on my phone anymore, and made sure that all my coworkers knew what was going on. The reversed the change 2 weeks later.

The company I work for has walked away from BB and is leveraging a 3rd party device management solution - for both iPhone 5s and Samsung's Galaxy S4 (we'll probably re-evaluate for the S5 - just timing). These are for company sponsored phones.

Leveraging the device management solution, we take advantage of BYOD - but then we give up some control over a personal device.

I'm fortunate to not be on call, etc. I'm no pressured into BYOD - and nor am I compelled to carry 2 phones (again).

It's evolving everywhere and will continue to be re-assessed where I am; there's significant interest in both platforms so long as we can continue to protect the data.

I don't think the dominance of ios in the enterprise space is due to security issues as much as you think. I think it is more of a demographic issue. Employees of large companies skew higher income and education, which is also how apple customers skew. Once you control for that, Android is likely proportionally represented.
I freely admit I don't have the stats to back up this claim, but it's my educated guess.

Posted via Android Central App

By your logic, you are not an iPhone user. It is idiotic (and circular logic) to state that smarter, wealthier (which don't always go together) people buy Apple products because they are smarter and wealthier. Quite the opposite - smarter, wealthier people can afford whatever device actually better meets their needs and wants. If what you say were true, Apple would have no need of their new, plasticy gizmos currently on the market next to the 5s.

Our large (20,000+ employees) company just switched to using "Google Apps for Business", so we're using Gmail, Google Calendars, Google Contacts, etc. To access the corporate accounts on my Android device, I had to install Google Apps Device Policy. This allows my company to enforce certain security measures, like requiring encryption, a PIN to unlock, and the two step verification procedure. There are no limitations on what device can be used. Similarly, iOS users install the necessary apps and they have the same access. Ironically, the company is no longer supporting BB, which is what all of the company provided phones used to be. We're a "high tech" company where security is important, so apparently it is already very possible to provide secure use of Android BYODs at an enterprise level.

My company has adopted BYOB and they have been allowing Android on the network since Ice cream Sandwich. I actually like the fact that my personal email is separate from my work email. It allows my to easily shut it off when I'm at home or on vacation. Something I wish I could do more.

Posted via Android Central App

My company has gone BYOD in the last year. We no longer provide any mobile device to any employee. That being said we do have of half the user base on iOS devices. When talking to people why they sent iOS instead of Android the response is normally the same, everyone else has one and its easier to use. Both iOS and Android devices under our policy have the same security measures in place including remote wiping the container.

So I agree that the idea the iOS is more prevalent in the enterprise isn't about features but what the users see as what's best for them. I must admit the most of the really techy users and most if not all of our IT support personnel are on Android.

Posted via Android Central App