Enterprise Security System Puts Android Under Lock and Key

The proliferation of smartphones has created headaches for security-minded IT departments everywhere, but a Motorola subsidiary aims to give system administrators more peace of mind with a solution for managing Android phones in business environments.

Three Laws Mobility (3LM), purchased by Motorola eight months ago, announced Tuesday that its management solution for Android phones is now ready for prime time. The offering allows organizations to remotely control Android handsets made by 3LM manufacturing partners.

3LM’s corporate mobile security and management for Android will deliver a unique architecture that enables IT administrators to empower users to bring their Android devices into the workplace and have these devices access and manipulate corporate data, according to the company.

One of the challenges to securing Android phones in business settings is that the operating system isn’t as enterprise-friendly as other smartphones such as Research In Motion’s (RIM) Blackberry and Apple’s iPhone. To address that problem, 3LM has had to cut deals with handset makers to modify their phones to make them work with the 3LM solution.

Among the handset makers in the 3LM fold are HTC, Sony Ericsson, Motorola, Sharp and Pantech.

Dumbing Down Smartphones

The 3LM solution allows encryption to be applied to all the data on a phone or just to corporate applications. Administrators can control what apps will run on the phone with white and black lists. Strong password enforcement can be implemented with the system, as well as the ability to wipe all data from a phone remotely.

Administrators can also remotely install mission-critical apps on all phones and block a user’s ability to remove or disable those apps. Device location and “breadcrumb” tracking can be performed with the system, too.

It also supports VPN access to the enterprise. That feature includes health and status checking. Before a phone gets access to the network, the system checks it to make sure it isn’t infected with malware or that business apps haven’t been tampered with.

By securing all aspects of a phone, the system addresses another problem with using smartphones in the enterprise: dumbing down the handset. That happens when an organization’s security requirements so limit the functionality of the phone that it reduces the utility of the device.

Security Backfill

“This is a step in the right direction for Android,” Michael Morgan, a mobile devices analyst with ABI Research, told LinuxInsider.

Single-platform solutions like the one offered by 3LM, though, can create problems for administrators and corporate purchasing departments. “They have to use one solution for RIM, one for Android, one for Apple,” Morgan explained. “It is creating a problem.”

Three Laws appears to be aware of that problem. It said in its announcement this week that it is working on making its system work with other phones.

Of all the smartphone makers, only RIM has security features baked into the system all the way from the handsets to the network server, Morgan noted.

“Android has been about an application execution environment and an ecosystem,” he said. “Now it’s trying to have others backfill in security solutions.”

Approaching security that way means Android probably will never be as secure as a platform like RIM, he added.

“But it will be able to offer key important stuff, such as locking down a device or remote wipe,” he said.

As with any new product, 3LM will be competing not only against other solutions but with corporate CFOs. “They’ve done the right thing,” Ken Dulaney, vice president for mobile computing in the San Jose, Calif. office of Gartner told LinuxInsider.

“The question becomes whether people want to spend the money for 3LM or just use something they already have, like [Microsoft] Exchange ActiveSync, which has some limited security in it, and it’s free,” he added.

1 Comment

  • While remote administration will appeal to micromanagers – it isn’t the solution for security. Encryption of everything is a fine idea. Black lists and white lists are good. But, opening a device to remote administration? DUHHH!

    Better idea: Set the phone up, IN THE SHOP! Lock it down as circumstances require, give it back to the user, and away he goes. DO NOT open up another vector for attack by enabling remote administration!

    I don’t enable remote administration on anything – modems, routers, desktops, laptops, phone, or anything else!

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Enterprise

LinuxInsider Channels