Is Android ready for enterprise use?

Google Android isn't just for consumer users, but some IT managers have raised concerns over the OS's ActiveSync client and its encryption and security.

Scott Webster
Scott Webster has spent the better part of his adult life playing with cell phones and gadgets. When not looking for the latest Android news and rumors, he relaxes with his wife and son. Scott also is the senior editor for AndroidGuys. E-mail Scott.
Scott Webster
3 min read

With new features like turn-by-turn navigation and a self-correcting soft keyboard, Android 2.0 is enticing new customers who've never owned a smartphone.

But is Android ready for business customers? With support for corporate e-mail and calendar accounts, Google Android isn't just for consumers, but some IT managers have raised concerns over the operating system's ActiveSync client, its encryption, and its security.

A quick look around the Verizon forum indicates that users are confused on several fronts. We've already put to rest the confusion over its consumer data plans, but the Motorola Droid's Microsoft Exchange support remains a relevant issue.

As we see it, customers need to know two things: the Droid does not offer full ActiveSync support and the Android OS as a whole doesn't meet many corporate IT security policies--at least not out of the box.

In brief, the ActiveSync capabilities found within Android are similar to the iPhone. Both can synchronize e-mail, calendar, and some contacts; however, it lacks syncing Tasks/To-Do lists and Memos. Some users may consider those minor issues, but we think that IT managers would disagree.

On the other hand, its lack of real encryption is a serious concern. The security measures that are built into Android 2.0 are limited at best. Yes, end users can set up finger-swipe passwords for when their screens time out or after the handset reboots. And yes, Droid lets you secure your information with an alphanumeric password.

Unfortunately, that's about it. IT professionals can't define security policies, perform a remote wipe, or remotely provision handsets, which means that your IT manager would essentially have to physically touch every device to set it up. And if you lose your handset, your data might be as good as compromised. T-Mobile's Motorola Cliq allows for remote wipe, but only through the MotoBlur interface.

So what are your options? Two that we've found are Good Technology and NitroDesk's TouchDown. Both go above and beyond the native client and address many security concerns. For instance, Good Mobile Control lets IT managers determine which users are authorized for access, remote wipe handsets, define and enforce security protocols, and more.

TouchDown involves no third-party infrastructure to act as an intermediary between the Exchange server and the handset. Rather, it connects exclusively with the corporate Exchange server using ActiveSync and moves data directly from server to device.

Beyond enabling IT administrators to enforce PIN security to the corporate data, TouchDown also offers remote wipe support and the capability to connect to Exchange servers that require client certificates for authentication. What's more, an upcoming release will encrypt data stored within TouchDown's databases when requested by server policies.

The costs for Good for Enterprise for Android is based on server and client licensing and will vary depending on the number of licenses purchased. If you're interested in Good's Enterprise solutions, you can learn more at its Web site. NitroDesk is currently offering TouchDown at $10 per copy with unlimited updates. There's also a 5-day trial edition in the Android Market that gives full functionality for free during the trial period.