This content is part of the Essential Guide: Mobile endpoint security: What enterprise infosec pros must know now

Android security policies all enterprises should adopt

Securing Android devices in the enterprise can seem like an uphill task. Applying these Android security policies might reduce the struggle security professionals face.

Companies seeking to improve Android security might view it as an impossible process. "For many companies, Android remains a challenging chameleon, with dozens of OEM variants, running on hundreds of hardware platforms," says Lisa Phifer, owner of Core Competence Inc., pointing out the reason for this struggle. It is especially difficult in a BYOD environment. However, it isn't beneficial to focus on each little detail. Instead, address the larger issues by instituting broadly applicable Android security policies.

In this podcast, Phifer discusses the top five Android security policies that any organization can implement and enforce in order to mitigate the most prominent Android threats out there.

Listen in to hear Phifer's concise and practical Android security policies, which start with shrinking the threat landscape. A large portion of threats is easily avoided: exposure to malware infection and unpatched security bugs. With an established minimum acceptance criteria, such as allowing business use of only "Google experience" devices that are running with an Android OS 4.3 and up, your enterprise will be seeing a significant reduction in Android vulnerabilities.

Other Android security policies include choosing to containerize instead of relying on Android platform security. Some options include a self-authenticating encrypting application, an encrypted data container or the Android for Work option that has been built into Android 5. Shouldering the responsibility of securing your own business applications and data should ensure that, in the event of a guessed PIN or lost device, your enterprise is protected from a data breach.

Another step that seems obvious but that remains important is making sure that devices and applications are kept up to date. This is as simple as allowing automatic updates where possible and periodically checking for the latest updates.

Listen to Lisa Phifer's podcast about the top Android security policies that your organization should adopt.

Next Steps

Learn about Android's WebView vulnerability and Google's policy not to patch it

Find out what Google's Android Security Rewards program does for security development

Read about the top challenges to Android device management

This was last published in June 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal