Mandating consistent security standards with Android Enterprise
Android Enterprise devices provide a multilayer approach to security, check out these 4 areas of security to consider when choosing a device for your enterprise, Hardware, Operating System, Application and Network security.
It’s important that the devices are secure at the hardware level and you need be sure that your devices not compromised
Android GMS devices have built-in hardware security for enterprise deployments
- Verified Boot
- Trusted Execution Environment TEE
- Android Keystroke System
- Tamper Resistant hardware
- Biomentric authentication
- Hardware mitigation
‘Android Enterprise Recommended’ devices have higher level of requirements for Hardware and security, see some of the elevated security requirements below.
- Secure enrolment methods including Zero Touch
- Support the current shipping release + one letter upgrade.
- Devices MUST support Key Attestation
- Device manufacturers MUST support the Emergency Security Maintenance Release (ESMR) process
You need to be confident that the Operating System has the right level of security measures and controls to protect your company data and end user personal data.
Android has onboard OS security for enterprise deployments, here are some of its protection features
- Security Enhanced Linux (SELinux)
- Process isolation and sandboxing.
- Kernel hardening.
- OS Security and privacy features, Multi-layered defences
- Permission Usage Reminder & Permission Settings.
- Activity Recognition Permission.
- Google Play System Updates.
- Location Control.
- Background App Launching.
- Device ID Restrictions.
- MAC Randomization.
- Accessibility Usage Setting.
Enterprise’s need piece of mind that devices have defence against malware and potentially harmful apps
Android Enterprise Security defends against many categories of malware:
Backdoor, Billing fraud, Commercial spyware, Denial of service, Hostile downloaders, Non-Android threat, Phishing, Elevated privilege abuse, Ransomware, Rooting, Spam, Trojan and Uncommon & Mobile Unwanted Software (MUwS).
Here are some of the protections providing better privacy and robustness against known attacks include
- App signing
- App permissions
- Google Play Protect.
- Scans are done before installation.
- Google Play Protect scans and verifies more than 50 billion applications daily.
- Protects from PHAs being installed from unknown sources, because GPP scans any app that is installed, not just those from Google Play.
- Safe Browsing.
- Safe Browsing is a protection service that protects users from web-based threats such as malware, unwanted software, social engineering, phishing and deceptive sites.
When you connect your company owned devices to a network you need to know that it has the best level of control to secure your data-in-transit.
Android enterprise provides network security for data-in-transit and communications over the Internet for web browsing, email, instant messaging, and other Internet apps. Below are some support capabilities the controls available.
- DNS security.
- TLS by default
- VPN capabilities.
- Certificate services.
- Wi-Fi enhancements.