Tag Archives: Android enterprise

Investment bank Jefferies mobilizes teams with Android

We recently showcased how banks around the world are using Android to work more productively, while maintaining the rigorous security standards required in the financial services industry. One use case where Android helped enable remote working was for personal “Bring Your Own” devices (BYOD). 

At Jefferies, an investment bank based in New York City, 85 percent of their work devices are employee-owned. It’s essential that bankers are able to access corporate apps and data on the go, and the Android work profile has been key to enabling the Android BYODs across the organization.

Jefferies has evolved its mobile strategy to focus on empowering employees to be able to access and use essential internal resources and web apps, and connect in real-time with rich collaboration services. This requirement was critical as senior bankers frequently travel yet still require access to in-house finance systems while away from the office. Transitioning to Android Enterprise enabled the BYOD fleet with single sign-on (SSO) to secure access to corporate resources and achieve a high level of employee efficiency.

Android Enterprise’s work profile allowed Jefferies to enable and connect their global workforce through a BYOD program. “The Android work profile means we can provide secure access to corporate data and apps for the large number of our employees who use their personal devices at work,” says Mittul Mehta, vice president, platform security engineering at Jefferies.

Being able to offer a BYOD strategy has given employees flexibility and choice, and for Jefferies has helped increase user adoption and reduced the training demands on the IT department. IT has seen further efficiencies from a quicker onboarding process (requiring only minutes to set up the device), to fewer tickets submitted by users.

Jefferies uses the managed Google Play store to distribute both web and native apps to its employees. When it comes to accessing legacy apps, Android Enterprise works alongside a solution from Hypergate that provides on-premise SSO authentication to Jefferies’ Windows authentication infrastructure. This allows Jefferies to support a hybrid cloud environment and ensure that the user experience is seamless; employees can use the native Google Chrome app on Android to securely access internal websites wherever they are in the world.

Jefferies’ success with Android has been demonstrable. “[Users are now able to] complete their work on their phone in a fast, effective and secure way,” Mehta says, “while getting reassurance that the work profile data separation means that their personal data stays private.” You can learn more about how Android benefits your organization’s employees at the Android for employees website.

Work productivity and security score a 10 with Android 10

Android 10 is officially available, and it delivers a wealth of helpful features to employees and more security and control for IT. 

This release not only marks the 10th version of Android, but also highlights our strong, sustained investment in enterprise features going back to Android 5.0 with the introduction of the work profile and many other management tools.

While we’ve accomplished a lot since then to make Android even more secure and powerful for businesses, we know our work is never done. In Android 10, we’ve focused on being even more helpful and useful for employees, enabling them to work smarter on their terms. And we’ve worked on giving IT more trust and assurance for whatever use case suits their business needs.

More privacy for employees

We’re providing employees more flexibility and privacy when using a corporate-owned device. Organizations can now provision company-owned devices into work profile mode using zero-touch enrollment or other enrollment methods, so employees can enjoy even more privacy when using their work device for personal reasons and IT admins have one consistent way of managing across company-owned and BYOD devices.

Enrolling work profile setup

Corporate-owned devices can now be provisioned with a work profile through zero-touch enrollment or QR code.

Android 10 also offers a new privacy section in settings, so employees can see all their web, app, and ad setting controls in one place. There are also more fine-grained controls for location data so employees can give an app access to location only when the app is in use. 

Making work easier for employees...

The newest version of Android provides even more tools to make everyday tasks easier, like the expansion of smart replies in all app notifications so any business application can offer default suggestions for replies and actions. With Live Caption, a new system-level tool that captions any video on your device, employees can follow along with video conference calls and live business presentations without missing a word.  

Smart reply for enterprise

Smart Reply can suggest actions based on notification content.

Employees on a work profile device can also choose their favorite input method for their personal profile while IT can still mandate a specific keyboard for the work profile. Compatible calendar apps can also show work events alongside personal events so employees can see everything in one view. 

With Focus mode, currently in beta, employees have a great tool to tune out distractions and concentrate on getting work done. This is a great companion to Turn Off Work, for disconnecting from work apps on nights, weekends or holidays. 

...And for IT

We previously gave organizations the ability to freeze device updatesfor up to 90 days. In Android 10, admins can now push system updates manually from a file, so they can schedule them when devices are idle or to save network bandwidth. There’s also a new feedback channel for apps, so admins can see the status of managed configurations and get confirmation that settings have been applied.

New for Android 10, Project Mainline makes it easier to update core OS components in a way that's similar to how apps are updated: through Google Play. With this approach, selected Android components are updated faster without needing a full over-the-air update from the device manufacturer. As a result, IT organizations enjoy more seamless security and privacy fixes and consistency improvements across their device fleets without a lot of extra work. 

Raising the bar on security

Android 10 features more than 50 security and privacy improvements that benefit both IT organizations and employees. Some of the enterprise features include the ability to block the installation of apps on the personal side via unknown sources on devices with a work profile, to reduce the risk of malware. IT can also set a private DNS server on a fully managed device and require DNS over TLS to avoid leaking URL queries.

With the deprecation of Device Admin for enterprise use in Android 10, apps will get new tools to check the quality of screen lock credentials. For example, an email app can query the complexity level of the device screen lock and direct users to create a stronger password if the security policy isn’t met. 

Set lock screen

Apps requiring a lock-screen can now check the quality of the password.

Other improvements include enabling TLS 1.3, a more secure and private networking protocol, by default and additional platform hardening efforts to make any vulnerabilities much more difficult to exploit. For more information on Android 10 security improvements check out the Google security blog. 

Get started with 10

Android 10 is available starting today on Pixel phones and we’re working with a number of partners to launch or upgrade devices to Android 10 this year. For more information on the Android 10 enterprise features, visit our developer page.

Android’s Zero-touch enrollment momentum builds with new partners

Android zero-touch enrollment simplifies mobile deployment of corporate-owned Android devices, making large-scale rollouts faster, simpler and more secure. With zero-touch enrollment, administrators can configure devices online and ship them with management, apps, and specific configurations already in place—so employees can open the box and get started right away.

Our partners are an important part of how we grow zero-touch worldwide. We’ve added more than 100 new partnerships this year, empowering their customers with the benefits of a streamlined and secure mobile rollout. 

Customers are able to deliver large scale roll-outs quickly, with less friction and greater security for organizations, IT and employees. With zero-touch, users see an intuitive onboarding that requires just a few steps with the Setup Wizard. In addition, partners have greater flexibility in device support, with capabilities for Wifi-only, dedicated devices and tablets.

We’re seeing tremendous growth with partners, most recently in the Asia-Pacific region. Today, we’re pleased to welcome partners from Australia: Skywire, Vodafone Hutchison Australia, JB Hifi, Multimedia Technology, Optus; Singapore: M1; The Philippines: Smart Communications, Globe Telecom ; Thailand: A2 Network, DTAC; Japan: KDDI Corporation, NTT Docomo; Hong Kong: 1010 Corporate Solutions; Indonesia: Telkomsel, Malifax, Indosat; PT. Satya Amarta Prima; Taiwan: FarEasTone, Cipherlab, Chungwa; Malaysia: Maxis; New Zealand: Sato, PB Technologies; China: RugGear, Lenovo; India: Appobile Labs

Zero-touch enrollment is a key feature in how companies around the world are using Android to mobilize their teams. Recent Gartner research validates this trend, with businesses in particular embracing devices that meet the elevated standards of Android Enterprise Recommended.

Learn more about zero-touch enrollment and explore our partnerships in the Enterprise Solutions Directory.

How Android helps law firms make their case with mobility

Information privacy and security are essential for businesses in the legal industry. Legal teams want the convenience afforded by mobility, while devices must adhere to strict management and data protection standards. Several major law firms are choosing Android Enterprise solutions for the security, flexibility and management capabilities to keep their teams connected while giving IT peace of mind about secure access to sensitive case information.

How Android keeps teams connected at Howard Kennedy LLP

Howard Kennedy LLP is a London-based law firm that sought to ensure that their teams could securely access essential case files from mobile devices, instead of needing to bring the paper files or pull out their laptop.  When the time came for devising this strategy with the IT team, the firm’s partners made it clear that they didn’t want employees to have to carry personal and work devices.

Personally-enabled work devices were the right solution—these corporate devices use the Android work profile to keep personal and corporate apps and data separate on the same device, while also giving IT a vast array of device controls. 

“We've equipped our users with devices that they can use for just about anything, business or personal.” said Howard Kennedy IT Director Clive Knott. “More importantly, we've got those devices locked down in such a way that we have full control over what we do.”

By managing the devices with Enterprise Mobility Management provider BlackBerry, Howard Kennedy IT teams are confident in their device security and management tools. The IT team also uses managed Google Play to deliver the essential apps needed for their legal work. 

Android the right verdict for Brodies LLP

Brodies LLP, a large Scottish law firm, wanted to invest more deeply in mobility so its team of lawyers could access essential information quickly and securely from anywhere.

The solution was deploying a fleet of fully managed devices to its legal teams. With BlackBerry UEM partner Appurity, the firm implemented a secure and rapid device rollout.

“With Android zero-touch enrollment, and as part of our Mobile Managed Service when building and deploying devices for legal firms, we can deliver large-scale environments across multiple sites, with the required apps,” said Appurity Director Steve Whiter.

With managed Google Play, the firm deploys several apps to the Android work profile to support the legal teams’ work.  For example, the Rubus Android app, developed by Appurity Connect gives lawyers access to iManage, for accessing and tracking their key files.  iManage is a widely-used document management system for legal and finance customers, including both Howard Kennedy and Brodies. 

As part of its Android solution, Appurity securely enables this software on devices so fee earners and partners can send and file essential documents within a matter of minutes, and access, edit, and open them from virtually anywhere. 

“Android allows our employees to use consumer apps when they're sensible, while Android Enterprise connects everything back to our network in a secure way,” Brodies LLP IT Director Damien Behan said. “If you're in a meeting with a client and they ask you about a particular document, the ability to directly access the latest version of that document is invaluable. It's been a great advantage for our lawyers."

Enterprises across various industries continue to adopt Android in the workplace to support critical business needs.

Learn more about getting started with Android, and discover devices and service providers that are Android Enterprise Recommended.

Android Enterprise earns key security certifications

Data security and privacy are critical aspects to any enterprise mobility effort. With Android Enterprise, we’ve built features that give IT teams flexible tools and policies to keep corporate and personal data secure.

These efforts were recently validated by the ISO 27001 certification. This means that Android Enterprise information security practices and procedures for Android Management API, zero-touch enrollment and managed Google Play meet strict industry standards for security and privacy. 

Sound privacy, data security, organizational policy and practices are essential to gaining user trust. The ISO 27001 certification and SOC 2 and 3 reports confirm Google’s information security practices so that IT admins, users and other stakeholders have confidence about Android Enterprise security practices.

Granted by the International Organization for Standardization, ISO 27001 outlines the requirements for an information security management system. It specifies best practices and details a list of security controls regarding information risk management.

The SOC 2 and 3 reports are based on American Institute of Certified Public Accountants (AICPA) Trust Services principles and criteria. To earn this, auditors assess an organization’s information systems relevant to security, availability, processing integrity and confidentiality or privacy.

To earn these certifications, an independent assessor performed a thorough audit to ensure compatibility with the established principles. The entire methodology of documentation and procedures for data management are reviewed during such audits, and must be made available for regular compliance review.

Android is invested in a wide range of protections and management tools to help companies secure their data. This external validation, together with our ongoing efforts, is a testament to how Android Enterprise meets the highest privacy and security needs of today’s businesses.

OEMConfig supports enterprise device features

Android’s flexibility helps device manufacturers build diverse form factors with useful features to address a variety of business needs. But consistently delivering hardware options to organizations can be difficult because enterprise mobility management (EMM) providers often struggle to quickly support management for all these capabilities.   

To solve this problem, we’re launching OEMConfig, a new Android standard that enables device makers to create custom device features that can be immediately and universally supported by EMMs. Instead of integrating enterprise APIs from each OEM to support their custom features such as control of barcode scanners or enabling extra security features, EMMs can easily use an OEM-built application that configures all of the unique capabilities of a device. 

OEMConfig utilizes a feature in Android Enterprise called managed configurations, which allows developers to provide built-in support for the configuration of apps. With OEMConfig, EMMs can support all of a device manufacturer’s diverse set of controls without any incremental development work on their end.

Earlier this year, Samsung declared early support for a preview version of OEMConfig, publishing a Knox Service Plugin (KSP) app that enabled EMMs to support Knox Platform for Enterprise features. Since then, we’ve built out the final pieces of architecture to make it even more useful for customers and EMM partners. These include:

  • An enhanced schema with four-level nesting, to present complex policies to IT admins in a structured format

  • An update broadcast to instantly inform OEMs when policies have changed

  • A feedback channel to confirm the result of policies applied on the device

OEMConfig will continue to unlock more enterprise capabilities for business customers in a consistent manner, helping organizations move faster and go further in achieving their business goals. We’re excited to see what our customers will be able to do when they harness all the flexibility and innovation our ecosystem provides. 

More information for OEMConfig can be found here.

Next steps for enterprises transitioning to modern Android management solutions

Android Enterprise is the modern solution for managing devices that employees use for work, so that they can have flexibility while remaining productive. Android Q will be an important milestone for organizations transitioning from Device Admin-based management to Android Enterprise’s advanced management features, such as separation of work and personal data through the work profile, quicker enrollment, and tools like managed Google Play.

What’s changing in Android Q

When the final release of Android Q is available, the following APIs that were marked as deprecated in Android Pie will be removed entirely: password enforcement, disable camera and disable keyguard. 

The exact impact will vary for devices depending upon which Android API level the Device Policy Controller (DPC) targets. Here are some details:

  • On devices targeting Android Q, both admins and users won’t be able to use the features tied to the removed APIs.

  • On devices targeting Android 9 Pie, affected APIs will show in the device logs, although users won’t see any specific notifications.

  • On devices that run Oreo or below, there will be no impact. 

How to prepare

We have several resources to help organizations make this transition as smooth as possible. The Android Enterprise Migration Bluebook is a guide for IT managers who want detailed steps and best practices for moving from a legacy Device Admin deployment to Android Enterprise. This walkthrough video also outlines many of these key concepts for this transition. We also recommend reaching out to your organization’s EMM provider for additional guidance on migration.

Enterprise app management made simpler with managed Google Play iframe

Managed Google Play lets enterprise organizations distribute and administer apps for their teams to use at work. By using managed Google Play, IT departments can help to reduce the security risks that come from sideloading applications. Admins can give their teams full access to the Android app ecosystem or curate just the right apps for getting the job done.

Managed Google Play iframe makes app distribution even easier, as IT admins can do so without leaving the Enterprise Mobility Management (EMM) console. The iframe has tools for publishing private and web apps, as well as curating public applications into collections. Admins can then configure apps and securely distribute them to their teams.

Google Play work apps

The managed Google Play iframe showing the Search apps page.

To help users find the apps they need, IT admins can now group whitelisted Android apps into “collections” that users can access from the managed Google Play store on their device. For example, admins can create a collection for frequently used apps or one for apps in a category related to expenses. They can then change the order in which those collections appear and the order of the apps bundled in those collections.

Admins can now publish a private Android app directly from an EMM Admin console. Simply upload the APK and give the app a title. It will then appear in the managed Play store —  within minutes as opposed to the hours previously required by using the Google Play Console.

Admins can also distribute web applications to their managed Google Play store—these run in a standalone mode in Chrome and provide similar functionality to a dedicated Android app. The UI can be customized to fill the entire screen or show the device’s navigation bars.

Managed Play web apps

Admins can publish a web app for their teams and customize display elements.

Enterprise mobility developers can visit the Google Developers documentation to add the iframe to the console and get specifics on implementing app management, distribution, permissions, and other essential features. 

We recommend that customers contact their EMM provider to determine their support for the managed Google Play iframe. To get started with device management, explore the Android Enterprise Solutions Directory.

Banks find that investing in Android pays off

Banks around the world have been turning to Android to help them with a mobile-first approach for their organizations, backed by multi-layered security and privacy protections. Many banks and financial institutions are now deploying or trialling Android Enterprise solutions, which provide choice via a range of fully-managed devices as well as enabling BYOD programs.

Enhancing productivity with flexible, personal solutions

With Android, financial teams can adopt efficient working environments, both internally and externally as they work to deliver enhanced customer experiences. Ben Groeneveld, Director of Enterprise Mobility, Chat and Collaboration at the Standard Chartered Bank, explains how Android has helped employees work more productively by securely accessing corporate information on their mobile devices: “Android has enabled us to scale our mobility strategy so that employees can use their own devices knowing their privacy is protected, thanks to the Android work profile. We're able to rely on platform-level native security that meets regulatory obligations, and our colleagues can work more flexibly, knowing that their personal apps and data have been kept separate and private.”

Yorkshire Building Society (YBS) is the third largest building society (similar to a credit union) in the U.K., and has created a flexible work environment for employees with Android. YBS initially deployed Android-powered kiosk devices to the larger retail branches and customer-facing mortgage brokers, but expanded its deployment to a set of standardized handsets that extended services beyond email and calendar to intranet access and third-party corporate applications. Andrew Ellison, YBS IT Desktop End User Computing Delivery Manager, says a secure and stable digital environment was critical, with Android Enterprise providing the perfect mix of device management and delivering secure corporate applications and services to teams while giving them a personal experience: “The robust, secure, and flexible management offered by Android was a key differentiator, as it means we’ve been able to give people the tools to work more flexibly, helping us achieve efficiencies with a flexible working policy.”

Delivering on industry security requirements

Android’s multi-layered security protections, validated by Gartner, gives banks the information they need to deploy Android across their organization. CaixaBank, the number one retail bank in Spain, has deployed over 22,000 Android devices to its employees as part of its plan to put technology at the service of employees and customers. According to Pere Nebot, Chief Information Officer at the bank, “Android helps our employees offer the best customer experience while complying with the highest security requirements established in the banking industry. The deployment is adding additional productivity capabilities and functionalities to our workforce, allowing our employees to offer a full range of services from any location.”

Companies in tightly-regulated sectors like banking set an incredibly high bar for any technology solution or platform they deploy. With the Android Enterprise Recommended program, banks can select devices that meet these elevated enterprise requirements. For HSBC, the program provides a guide for its mobility strategy. John Burton, Head of Product Management for Client Services, says, “We’re only going to consider supporting Android Enterprise Recommended devices within our ecosystem. For us, that means we can set a baseline for the manageability of the device, the way it's enrolled, level of security patching it gets and the consistency of the device.”

Android offers layered security defenses and a breadth of device solutions that meet the rigorous needs of financial service institutions. Employee-friendly options like the work profile and the device curation of Android Enterprise Recommended ease the burden on IT departments when it comes to management and device testing.

For guidance on getting started with Android, discover how the Android Enterprise Recommended program can help your organization find the right devices and services, validated for the elevated needs of enterprise use.

Research details Android growth in the enterprise

Mobility is key to building a connected workforce that can tackle today’s complex business challenges. According to recently-published IDC research, mobile platforms need to offer hardware choice, multi-layered security, and comprehensive management capabilities to enable digital transformation.

This infographic from IDC illustrates how Android meets these attributes, and demonstrates why Android has strong and growing adoption in the enterprise.

Security incidents are less frequent in Android-majority enterprises compared to iOS-majority deployments. IDC Infographic
"Android Taking Off in the Enterprise"

Among the key IDC findings:

  • 74 percent of U.S.-based IT decision makers believe Android Enterprise Recommended devices are more secure and enterprise-grade than iOS devices. A recently released Gartner reportdetails Android security performance.

  • 77 percent of U.S.-based multinational firms prefer Android devices.

  • Android-majority deployments have a higher satisfaction rate than a mixed or iOS-only fleet.

  • Android-majority enterprises experience eight percent fewer mobile phishing incidents, and five percent fewer issues integrating mobile devices with back end systems.

For more insights, explore the IDC findings to discover how Android powers mobile, connected teams and can help your company transition to a digital workforce.