How three companies are coping -- even thriving -- amid the Android explosion.


CYBERSPACE, JANUARY 6, 2014 (COMPUTERWORLD) By Tam Harbert - As the little green robot known as Android wends its way into the enterprise, it's teaching useful lessons that are reshaping corporate attitudes toward the BYOD movement.

Analysts and CIOs say the multifaceted nature of the mobile operating system is forcing companies to make key decisions about what they will, and won't, control in bring-your-own-device programs -- and those decisions are in turn cascading across all operating systems and devices.

While Google's operating system has far surpassed Apple's iOS in worldwide mobile market share -- Android had more than 79% of the smartphone market in the second quarter of 2013, while iOS fell to 13%, according to IDC -- Apple still dominates the enterprise.

According to a June 2013 activation report from mobile software maker Good Technology, 75% of the mobile activations at Good's Fortune 500 clients were for iOS devices.

Why? Corporate IT views iOS, a closed system, as a standard it can rely on.

In contrast, the common wisdom is that Android's fragmentation makes it dangerous, difficult and costly for corporate IT to manage.

As of July, at least 11,868 different Android-based devices were available from more than 1,700 different brands, according to a report by OpenSignal, which researches wireless networks and devices.

Android's huge consumer market share makes it a big target for hackers. It's also vulnerable because it has an open-source architecture and comes in multiple flavors.

A July 2013 report by the U.S. Department of Homeland Security and the FBI found that 79% of all mobile malware threats last year targeted Android.

With statistics like that, it's no wonder corporate IT gets nervous about Android.

Inching Its Way In

Nevertheless, as IT departments start to embrace BYOD, it's only a matter of time before the predominant consumer mobile platform starts raising its profile in the enterprise.

There are signs that, that is starting to happen. The percentage of corporate iOS activations has been declining. Good Technology reports that figure fell five percentage points since early 2012, while the share of Android activations rose by five points. In fact, Android tablet activations nearly doubled during the first quarter of this year, making up 12% of tablet activations, according to the report.

"It's inevitable that [Android devices] are going to be used for work, whether the company allows it or not," says Christian Kane, an analyst at Forrester Research. "So for any organization, it's not a question of if, it's a question of when and how."

Today, IT departments are all over the map in terms of when and how they allow Android into the corporate fold. "They might be still trying to figure it out, or they may be a ways in," Kane says.

Regardless of where they are on the Android curve, however, most enterprises know that the days of standardizing on one mobile operating system are over. "Everyone acknowledges that you have to be as platform-agnostic as possible," says Kane.

Top Smartphone Operating Systems

Operating System Q2 '13
Market Share
Q2 '12
Market Share
Year-over-Year Change
Android 79.3% 69.1% 73.5%
iOS 13.2% 16.6% 20.0%
Windows Phone 3.7% 3.1% 77.6%
BlackBerry 2.9% 4.9% -11.7%
Linux 0.8% 1.8% -35.7%
Symbian 0.2% 4.2% -92.3%
Others 0.0% 0.2% -100.0%
Source: IDC Worldwide Mobile Phone Tracker, Aug. 7, 2013

Tackling Tough Questions

Most enterprises treat Android tentatively, at least at first. They'll start by allowing a limited number of devices and operating system versions and only allow access to email.

That reduces the risk and gives IT a chance to work through thorny questions as they arise, says Bob Egan, CEO and founder of Sepharim Group, a mobile enterprise consultancy. "You have company email and personal email, so it starts the process of thinking about things like privacy and support," he says. "You have to start educating users, changing your IT support processes and building in policies."

Egan adds that this learning applies to more platforms than just Android. As IT gains experience, it will ultimately figure out how to protect enterprise applications and data regardless of which mobile platform is used. "Android is perhaps the poster child that is driving IT to wise up and decide that it should trust nothing," he says.

Most companies haven't allowed BYOD access to corporate applications yet, but Kane says he expects that to begin to change within the next six months. As more organizations decide to give employees access to enterprise systems via their personal devices, they will have to figure out how to handle application security. "That's something most companies haven't tackled yet," he says. "That, along with data security in general, will be the next challenge."

BYOD PROGRAM- Bring Your Own Device

Computerworld asked three CIOs to explain where they stood with Android and their BYOD programs. Here's what they had to say.

Starz Entertainment: Managing Android's Diversity

Starz Entertainment, a premium cable content provider, had been supplying corporate-owned BlackBerries to qualified employees for years. Then employees started bringing in their own phones -- first iPhones and later various Android devices. They all wanted to connect to the network.

IT tried to accommodate the requests, but "the frequency of the releases and the quirks and differences between the Android devices drove us nuts," says Judy Batenburg, vice president of IT infrastructure and operations at Starz. "We had 20 to 30 different Android phones floating around the enterprise. Trying to keep up with it all just became impossible."

Android in the Enterprise Android's Malware Problem

According to a recent study by the U.S. government, 79% of all malware in mobile operating systems resides in Android.

That malware can come from a variety of sources, says Bob Egan, CEO and founder of Sepharim Group, a mobile enterprise consultancy. Legitimate applications can be infected within the Google Play store, and some users "sideload" applications from sources other than the Play store.

But the biggest threat is the free-for-all nature of upgrading and patching the many versions of the operating system. The study, conducted by the Department of Homeland Security and the FBI, found that 44% of Android users still have versions of Gingerbread that were released in 2011 and have known security holes that were patched in later versions.

The report, which was published to alert police, fire, EMS and security professionals to the problem, cited known threats and suggested mitigation strategies for each.

Threat: SMS Trojans represent nearly half of the malicious applications circulating on older versions of Android.

Mitigation: Install Android security suite designed to combat such Trojans. It's available for purchase or free download from the Internet.

Threat: Rootkits log a user's location, keystrokes and passwords surreptitiously.

Mitigation: Install Carrier IQ Test, a free application that can detect and remove the rootkits.

Threat: Fake Google Play domains trick users into installing malicious apps that can then steal sensitive information from the mobile device.

Mitigation: Install only approved applications and follow IT department procedures to update the operating system. Install and regularly update antivirus software.

Tby am Harbert

To impose some order on the chaos, Starz recently adopted a new program under which employees can use either corporate-owned or personal devices. Batenburg calls the approach "managed diversity." (Both the concept and the term come from Gartner, she says.) The new policy gives employees a say over their mobile devices, but also provides a way for IT to control costs and rein in confusion.

"The quirks and differences between the Android devices drove us nuts"
. Judy Batenburg, VP of IT Infrastructure and Operations, Starz Entertainment

The program consists of three categories: corporate-liable, shared liability and true BYOD. Employees are placed in one of the categories based on their jobs. Executives and road warriors -- those who are highly mobile and/or highly dependent on a mobile device -- are in the corporate-liable category and are eligible for company-issued phones.

Shared liability is for people on technical teams who may not travel widely but still depend on mobile devices to do their jobs. These employees buy their own mobile phones or tablets, and the company helps pay for the service plan.

The true BYOD category is for everyone else -- employees who want access to the network and are willing to pay for their own phones and data plans.

The company uses mobile device management (MDM) software from MobileIron on all devices that connect to the corporate infrastructure, whether they're company- or employee-owned. That software enforces password policies, allows the company to search a device if it is subject to e-discovery in a lawsuit, and enables Starz to wipe devices that are lost or stolen, says Batenburg.

In the corporate-liable category, the company gives users a choice of iPhone or Android, but it has standardized on the Samsung Galaxy S3 and S4, which limits the time and energy that IT needs to invest to provide full support.

For the shared-liable and the BYOD programs, employees can use any Android phone. IT offers limited support for network connectivity problems and issues related to the MDM software. For anything else, "we'll refer them to the vendor," Batenburg says.

Some of the problems associated with Android have eased as the operating system has matured, says Colin McGuire, director of infrastructure at Starz. "After [Android 2.3] Gingerbread, things kind of calmed down," he says, noting that some of the biggest problems regarding connecting with email have been fixed. And iOS isn't immune to such hiccups: "We had similar problems with iOS early in its life," he says.

Starz is phasing out BlackBerries, which still make up about 30% of the mobile phones in the organization, says Batenburg. She expects that most BlackBerries will be replaced by iPhones. Currently, 57% of the phones are iOS devices and 12% are Android, while 95% of the tablets are iPads, she says.

Batenburg doesn't expect Android devices to predominate, even in the BYOD group. Perhaps because Starz is in the entertainment industry, where Apple products have always ruled, iPhones are far more popular. "The novelty of the Androids wore off," she says. "We're seeing less interest in those."

But if more Androids do come, Batenburg is ready. The segmented approach allows full support for employees who most rely on their mobile devices, while freeing the company from having to support a multitude of devices.

Batenburg's advice to others confronting an Android invasion is to standardize. "Pick a vendor and a couple of devices and say, 'This is what we'll support,'" she says. "If they want anything else, they are responsible for their own device." Ricoh Americas: All Devices Welcome

Ricoh Americas started allowing its 9,000 employees to bring their own mobile devices to work more than three years ago. At first, fearing the chaos that Android fragmentation might cause, the IT department imposed restrictions, allowing only iOS and one particular version of Android, says Tracey Rothenberger, CIO, senior vice president and chief process officer.

Within nine months, those restrictions came off. "It was much easier than we thought it was going to be," says Rothenberger. "The reality is that [Android's multiple flavors] have not been that significant of a challenge for us."

Today, Ricoh maintains a corporate-liable program, primarily for back-office and administrative employees, says Rothenberger. The standard platform for that program has been Android, but "recently we've been getting great pricing on prior generations of iPhones," he says. We don't dictate whether employees should buy Apple, Android, Windows Mobile or even BlackBerry. Tracy Rothenberger, CIO, SVP and Chief Process Officer, Ricoh Americas

Everyone else in a BYOD program can choose any type of device they wish.

"We don't dictate whether employees should buy Apple, Android, Windows Mobile or even BlackBerry," Tracy Rothenberger, CIO, SVP and Chief Process Officer, Ricoh Americas

The breakdown of devices in the company today is 60% Android, 30% iOS and 10% other, Rothenberger says. 

In order to access corporate email, employees must agree to a "code of conduct" and download an app, part of Lotus Notes, that allows Ricoh Americas to enforce certain policies, such as password requirements and the ability to wipe the device.

IT manages the mobile devices through Notes, but is looking for a new MDM system. Rothenberger expects that BYOD will spawn an environment where employees build their own apps, and he wants an MDM system capable of handling that. "Employees at all levels are going to be able to start creating apps," he says. "Someone in finance may come up with a great way to automate a workflow," for example.

Rothenberger says he hasn't experienced many problems with the diversity of Android versions. Most of the Android devices get automatically updated on a regular basis, either by the manufacturer or the carrier, who thoroughly vet the software before pushing it out to users, he points out. Ricoh Americas seems content to leave it at that. The degree to which fragmentation causes problems for IT "depends on how much the company is trying to control versus how much they are letting the users control," he observes.

That said, there are occasional challenges with Android. When the company develops its own internal apps, for example, IT has to ensure they run securely across all Android versions, says Rothenberger. "But it's not something that adds significant cost or time to our project deployments," he says. If there's a problem, IT decides whether it's easier to fix it or simply tell users that it won't work on a particular version of Android. "I can only remember one or two situations where we had to tell them an app was not appropriate for a particular version of Android," says Rothenberger.

Meanwhile, the company is replacing complicated enterprise applications with simpler, perhaps cloud-based, software, Rothenberger says. The BYOD program and the move to simpler applications are both components in a broader consumerization of IT strategy at Ricoh Americas, he says.

CareerBuilder: Gaining Control With MDM

CareerBuilder has had a BYOD program, along with a corporate-liable program, for mobile devices for two years, according to Roger Fugett, senior vice president of IT. For the 20% of the devices that are company-issued, CareerBuilder has standardized on iPads for tablets, but users can choose any iOS or Android phone. So far, the company is solid Apple territory: 78% of mobile devices are iOS, 20% are Android-based and 2% are other.

"We really haven't had anything that negative with Android, surprisingly." Roger Fugett, SVP of IT, CareerBuilder

The jobs website and staffing firm is just now deploying an MDM tool to assert some control over the personal devices, says Fugett. It's not that Android has caused many problems, but rather that CareerBuilder is preparing for broader device access in the future, he says. The company has encountered a few problems related to ActiveSync configuration and the variety of Android versions, but "we really haven't had anything that negative with Android, surprisingly," he says. In fact, he points out that IT had a bigger problem with the release of iOS 6.1, which had a bug that "basically brought down our Microsoft Exchange server."

Most employee-owned devices just access email. Some workers do use certain hosted applications to do their jobs, but in those cases security is built in to the service and therefore is not a worry. However, Fugett acknowledges, security will become more of a concern "as we turn on more services that allow employees to connect to internal, behind-the-firewall applications."

That's one of the reasons the company is implementing MDM -- so IT can be more of a gatekeeper. Although decisions have yet to be made, Fugett expects to control access by requiring specific operating system versions, prohibiting jailbroken devices and imposing other security policies. "Then we'll focus more on exposing internal apps or on-premises apps to mobile devices with more confidence," he says. Best BYOD Approach

In the end, the best approach to Android and BYOD in general is to start with good policies applied across all devices, Rothenberger advises. "You can't always foresee what will happen," he says, but if you have robust policies that cover contingencies, "that helps take a big worry off the mind of the CIO."

Harbert is a Washington, D.C.-based writer specializing in technology, business and public policy.

Chief News Editor: Sol Jose Vanzi
All rights reserved