jan peuker, raoul neu: enterprise android for the win
TRANSCRIPT
Droidcon 2012
Enterprise Android – for the win?DroidCon 2012Jan Peuker, AccentureRaoul Neu, Elca Informatik
Droidcon 2012
«The purpose of an organization isto enable ordinary humans beings to do extraordinary things» Peter F. Drucker
Large Organizations have to strictly follow rules and laws Very risk averse, very security and privacy aware Rigid development standards and quality assurance
Large Organizations are internationally spread IT as business enabler, not feature- but productivity-
driven IT usually outsourced – documentation and processes
mandatory We look at corporate internal applications
Droidcon 2012
What makes Android so interesting for the enterprise?
Captain Jean-Luc Picard: There's an aura around him.
Lieutenant Geordi La Forge: Well, of course, he's an android.
Droidcon 2012
Standards = Cost efficency
Droidcon 2012
iOSWindows [mobile|embedded|CE|phone]
Challengers
Very strong C-Level visibility, favorite in BYOD schemes
Very good enterprise features, particularly for update and hardware services
Strong device and mail encryption
Development requires separate infrastructure
Windows CE is the standard mobile productivity platform
Broad range of rugged and hardware (SAM) secured devices
Very good enterprise features, very strong Outlook integration
WP 7 incompatible, Windows Embedded 8 could be game-changer
Most importantly, though, they care.
Droidcon 2012
«I had a problem so I thought to use Java –now I have a ProblemFactory»
Droidcon 2012
«We seek peaceful co-existence» Capt. Remmick
or: Supporting multiple platforms
The right choice: Native, Hybrid or Cross-Platform No silver bullet. Analyze your requirements & constraints.
MEAP: Advantages & Drawbacks Pro’s in integration and governance. Con’s in usability and
native features.
Droidcon 2012
ThickClient
WebClient
RichClient
Cross-Code
Generator
VM /Runtime
WebStarter
Generic UI Native UI
Generic Code
Native Code
HybridApp
*) the uncanny valley, see http://martinfowler.com/bliki/CrossPlatformMobile.html
How much it fits enterprise standards
How much users actually like it*
Droidcon 2012
«How can you be certain they're receiving us?» Capt. Picard
or: Supporting multiple devices
Blacklists vs Whitelists Trusted Certificates vary between device/api/provider
API & Development Issues HttpUrlConnection vs DefaultHttpClient Different Bouncycastle algorithms and hardware security
features Missing XML validation
Licensing 3rd party software. Best technical solution Business model
Droidcon 2012
«Mr. Data, is that the trouble I believe it is?» Capt. Picard
or: Supporting multiple apps
Dealing with enterprise release and life cycles Always be ready to release. Think of test environment and
repositories
Intergalactic Continuous Integration Not out of the box: strong & exotic hardware requirements
Missing Distribution Channels Android stays behind its competitors
Droidcon 2012
SSH
SVNtrunk
SVNbranch
Droidcon 2012
How do you manage the diversity of rules and guidelines in an enterprise?
Droidcon 2012
«The bureaucratic mentality is the only constant in the universe» Dr. McCoy
Governance is key Enterprises applications require transactions and
accountability Device state and user assignment must be maintainable E-Mail, Clipboard, Intents and Caches often not properly
secured
Security is key Device Encryption and Application Safety are mandatory Trusted context either via virtualization (BizzTrust, VMware) or
encryption e.g. with hardware modules (3LM, Certgate, Ageto) Tradeoff: Most sophisticated protection is not integrated in
standard Android. Requires rooting, which itself is a security risk.
Droidcon 2012
«One of the advantages of being a Captain is being able to ask for advice without necessarily having to take it.» Cpt. Kirk
Bring your own device (BYOD) Most employees do not want complex device
passwords or full control over their device and route all internet traffic over VPN*
Currently no distinction between Corporate/Private data (except for dual-boot or application-level encryption)
Rooting and malicious software must be recognized Connectivity
Connectivity should usually established over secure channels
Android does not support Proxy Authentication, Wi-Fi configuration
Tethering and Bluetooth cannot be controlled*) Which, luckily, is currently impossible anyways
Droidcon 2012
Missing features:What will the future bring?
Droidcon 2012
«Reports of my assimilation have been greatly exaggerated» Cpt. Picard
Missing ecosystem features Enterprise Market with CA for trusted applications OTA Update API without Google account Clear Chrome (Jelly Bean), Motorola and Samsung strategy Understanding of enterprise features with app makers
Missing security features MDM which supports user certificates, CA’s and network config Wi-Fi Proxy Authentication, Full VPN routing, EAP-SIM Real ASLR and storage encryption for corporate/private stores E-Mail and Exchange features for S/MIME and two-factor auth Robust Synchronization (SyncML), Robust Service and SSL API
Droidcon 2012
Recap Align to enterprise policies, prepare for non-market
distribution Embrace development standards, KPI’s and lifecycles Thoroughly manage traceability, accountability and
privacy Prepare for integration using secure Webservices and
XML Prepare for fragmented device base and users who
need to be supported by – in the end – yourself (incomprehensible pain)