Category Archives: Android

zIPS and “Android for Work”

zIPS, the leading mobile threat defense solution, now provides tailored protection for Android for Work use cases.

Enterprise IT and security professionals have been working with corporate end-users for decades to keep their desktops, laptops and servers secure. So you might think that those professionals would have a lock on what users will tolerate when it comes to securing corporate resources.

Most of the hard-earned insights into end-user tolerance for security tools and policies can be thrown out though when it comes to mobile devices. Users have grown accustomed to seeing patches and security updates installed automatically on their workplace PCs. But those same users can balk if you want to make changes to their phones.

User Resistance to Mobile Device Security

That resistance stems from three key sources.

  1. Many don’t believe that their smartphones are actually at risk. They simply assume that iOS and Android are inherently secure.
  2. End users are the admins of their mobile devices (unlike other corporate devices) but many simply don’t take the time to apply patches or implement other security measures.
  3. Some fear that corporate mobility and security tools may invade their privacy, such as by reading their personal emails or snooping through their files and apps.

In reality, smartphones are at risk (see the related post on Zimperium’s 1Q Threat Data) and the right security tools (specifically, Zimperium’s) don’t infringe on privacy. But end-users nevertheless have underlying concerns that cause them to resist much-needed security tools and policies.

The Best of Both Worlds with Android for Work

Google recognized the conundrum early on, and introduced a solution to it: Android for Work. (Google has since rebranded the product as simply “Android,” but we will use the older name here for clarity.) Android for Work introduced many new capabilities and features, but our focus here is that it allows IT to create separate partitions on a single phone, with the business’s data and apps on one side and the user’s personal data and apps on the other side.

At first glance, this seems to deliver the best of both worlds. Since users would not have access to install apps on the business’s partition, IT could be confident that enterprise data isn’t put at risk by unauthorized personal apps. In addition, end-users could be confident that the personal data on the user partition is not subject to snooping or to remote wiping by the business.

A Multi-Partition Strategy

That rosy outlook is largely justified. The separated-partitions approach that Android for Work employs, in combination with other underlying features, really does deliver the intended high-level benefits of corporate security on the one side and personal privacy on the other.

Still, there remains a significant gap in the multi-partition strategy. Directly or indirectly, an end-user may create a situation that allows a hacker to gain access to, and control over, the entire device. For example, a user could download a malicious app onto their partition, and the malware could compromise the entire device and read from both partitions.. Or, the user could connect to a rogue Wi-Fi network, subjecting communications from both partitions to snooping from anyone on the same network. In those scenarios, hackers could potentially have visibility and even gain access to both partitions–thereby compromising the business’s security.

Closing the Multi-Partition Security Gap with Zimperium’s zIPS

Fortunately, there is a way to close that gap. zIPS is now fully compatible with Android for Work. zIPS can reside simultaneously and independently on both partitions, detecting malicious apps in each partition and providing real-time, on device detection of zero-day device exploits and risky networks that can compromise both sides.

To make zIPS implementations on Android for Work even more user friendly, we optimized zIPS to reduce duplicate alerts for the device and network attacks that impact the security and privacy of both the consumer and business partitions.

In short, if you are thinking about leveraging Android for Work to keep both your end-users and your IT and security professionals happy, you can do so with confidence. Just add zIPS to your Android device to enable the most advanced real-time mobile security solution on the market today.

If you are interested in combining zIPS and Android for Work to create the perfect mobile security solution for your enterprise, please contact us for more details. We’re happy to help!

The post zIPS and “Android for Work” appeared first on Zimperium Mobile Security Blog.