This effort shouldn't be too much of a hindrance for many organizations, Borg says, because many of the latest versions of Samsung Android smartphones are likely to be compliant with a company's security requirements. "If you stay in the Samsung universe, there are viable, robust security solutions [that] work with the MDM tools," he says.
Stop supporting old Android versions. Enterprises should set a specific stop date for older OS support, to ensure that users have up-to-date versions of Android, Sepharim Group's Egan says. He also recommends that companies not use Android for much more than email, "and then only on 'safe' devices."
New security efforts will make Android more secure
Within the Android ecosystem, efforts are being made to improve Android security.
For example, Samsung offers Knox, a containerization technology for higher-end Samsung Android devices that's designed to create a virtual partition on the devices that would insulate corporate-managed apps and data from attack. "Samsung Knox is the first real security solution coming out for Android," Egan says. However, Knox is no cure-all, given several limitations: It currently works with just a handful of Samsung devices and only a small number of MDM tools, and it requires a monthly per-user fee in addition to the normal MDM fees.
Still, the container approach looks promising for delivering the kind of security enterprises will need with Android devices. "Containering or sandboxing can protect data files or applications [within the container], so that container can be used for corporate communications and file storage," Borg says. "A phone could have no other security [provisions], but as long as there is a secured container then the overall security of the device is less important."
Another potentially effective approach is the use of "multiple persona," where there can be distinct identities that go all way to the kernel of the OS, Borg says, so you can have multiple instances of the OS running concurrently on the same device. "You can have one persona for work and one for personal use; it's like a firewall within the device," he says. "From IT's perspective that's probably the ideal solution."
But this type of solution hasn't seen wide adoption. There's a lot of resistance on the part of users, Borg says, because it gets in the way of using the device. BlackBerry 10 OS supports this capability when used with BlackBerry's Enterprise Service 10 server, and a few multiple-persona options for Android devices are available from companies such as Divide and General Dynamics, though they work only a subset of current devices.
Don't let security fears thwart Android adoption
Although security concerns about Android are justified, companies need to avoid taking an extremely restrictive approach and damaging the user experience, says MobileIron's Rege. "The risk that is underrated is that creating on overly restrictive environment will drive employees to unsafe behaviors," he says.
Sign up for CIO Asia eNewsletters.