Managing apps in an enterprise environment can be difficult, particularly when attempting to address Android’s hardware fragmentation. Luckily for IT administrators and app developers alike, BES12 was developed from the ground up with cross-platform functionality in mind to support BlackBerry 10, iOS, Windows Phone and Android devices. Android devices on BES12 offer three distinct options to support MDM needs, including app deployment for any enterprise or developer.
By supporting Android for Work, Samsung KNOX and Secure Work Space, BES12 offers a full suite of MDM options across the sea of Android devices in the BYOD/COPE/COBO space, ensuring that apps and the data contained within them are secure.
With the release of BES12.2, Android for Work and Samsung Knox -enabled devices can now leverage the BlackBerry Secure Connect Plus feature, which provides BES12 customers the ability to create a secure IP tunnel from Android devices to the enterprise network. BlackBerry Secure Connect Plus acts as a server component that streamlines behind-the-firewall access and provides an additional layer of encryption for corporate data in transit, enabling an end-to-end solution over BlackBerry’s secure network infrastructure and BES12. Further information on BlackBerry Secure Connect Plus can be found here.
Android devices which have their apps managed by Secure Work Space over BES12 utilize BlackBerry Secure Connectivity for transmitting data securely in an encrypted end-to-end solution. This protocol supports AES-256-bit encryption while providing access behind the corporate firewall without the need for a separate VPN, all through a single outbound BES port.
Android for Work
The first of the three Android solutions supported by BES12 is Android for Work, which happens to be a Google-led initiative that brings together OEMs, ISVs and EMMs, to harness the power of Android for the enterprise and to support mobile adoption in the workplace. Android for Work is supported as of Android 5.0 (Lollipop), and is available on the vast majority of recent Android devices.
The premise behind Android for Work, or AfW for short, is that it allows you to separate your business apps from your personal apps (also known as Profile Separation or BYOD mode), so you can use your favorite Android device for work and play. On the personal side, AfW protects your personal data so that your IT administrator isn’t able to see or erase your photos, emails or other personal data. From the perspective of an administrator, AfW with BES12 ensures that the end-user cannot share data between profiles, and that all corporate data is encrypted with the ability to manage it remotely.
With respect to deploying enterprise apps, Google Play’s entire catalogue of premium business apps is available to download through AfW. Additional functionality allows organizations to publish private applications to authorized devices, including the deployment and configuration of PIM apps.
BES12 secure app data flow from the handset to behind the corporate firewall via Android for Work.
Further information on BES12 support for AfW can be found here.
Samsung KNOX
The second Android solution supported by BES12 would be Samsung KNOX. Samsung KNOX is a containerized approach which builds Samsung’s defense-grade mobile security platform into Knox-supported devices released by Samsung.
A noted security feature of Samsung KNOX, on the device side, is that KNOX-enabled devices are encrypted from the hardware root of trust all the way to the Android Framework. KNOX adds and modifies security mechanisms in each layer of the Android stack, from the hardware all the way to the application layer, without affecting Android compatibility. The KNOX-specific management and remote control capabilities are also supported by BES12, including additional security enhancements (SEs) from Google and Samsung.
At the application layer, the KNOX container isolates applications and data inside the container from applications outside of the container. Conversely, applications residing within the KNOX container cannot share data with apps outside of it, unless the app inside the container is granted read-only access to data outside the container via a policy configuration. While app data within the container is secured with AES-256 encryption, data transmission from the container is secured via the aforementioned BlackBerry Secure Connect Plus protocol when used in conjunction with BES12.
Further information on BES12 support for Samsung KNOX can be found here.
Secure Work Space
The third option to manage Android devices over BES12 is via the Secure Work Space solution. Developed by BlackBerry specifically for BES12, Secure Work Space is also containerized solution while being made available to both Android and iOS devices.
Secure Work Space (SWS) offers dedicated/secured PIM, browser, and document editing apps. Additional apps can be securely uploaded, wrapped and then deployed to SWS users over BES12, allowing apps secure access behind the corporate firewall via the aforementioned BlackBerry Secure Connectivity protocol.
Further information on BES12 support for Secure Work Space can be found here.
Hopefully this has helped to clear things up a little when considering your options for managing Android devices over BES12, and also which solution works best for your app deployment needs. By supporting three distinct offerings in Android for Work, Samsung KNOX and Secure Work Space, BES12 empowers IT admins and Android developers alike the opportunity to easily and effectively secure data, encrypt traffic, and manage apps, all while maintaining Android functionally and providing the level of security BlackBerry is known for industry-wide.