Top 5 Android security tips for the enterprise

2. Implement Google's Device Policy

This should be one of the first things to be installed on a device before it is deployed, and should be part of any firm's BYOD policy. Google's Apps Device Policy is a free application that ties administration of devices to a Google account. Once the Apps Device Policy application is installed, the user selects a Google account for the device to be associated with. The administrator of that Google account can set remote access rights and administration tasks.

Google Device Policy allows administrators to track device, which can be particularly handy for those firms that operate with employees on multiple sites. However, for enterprises the most important administration task is the ability to lock and erase devices remotely. The ability to do so could be the difference between unauthorised access to sensitive data and the cost of merely replacing a device.

The downside to Device Policy is the need for a Google Apps account. The cost of this starts at 3.30 per month, but deals are available for larger firms. However, organisations should weigh up the monthly cost of Google Apps against the potential damage done by outside access to data and consider it as an addition to the mobile operator subscription charge.

1. Use the file system encryption

IT admins work on the premise that employee smartphones and tablets will be lost or stolen, so when it does happen steps can be taken to minimise impact to the business.

Users who may be carrying gigabytes worth of data on their device should have the same mindset to help prevent confidential information from falling into the hands of a third party. The best way to do this is to use Android's file system encryption.

Google introduced file system encryption in Android 3.0 Honeycomb and has brought it to smartphones with Android 4.0 Ice Cream Sandwich. Android's file system encryption requires the user to enter a passphrase that is used to generate a key which in turn is used to encrypt the device's file system.

Once the Android device's file system is encrypted, a task that can take over an hour depending on the storage capacity of the device, the user will have to enter the passphrase initially used to generate the key to unlock the device. Although Google uses industry standard AES128 encryption, it is only as strong as the passphrase used to generate the key, therefore using one that includes letters and numbers is recommended.

Encryption is important even if you have Google's Device Policy up and running because a device has to connect to the internet before it can swallow the poison pill. This means unencrypted data can be read while the device is kept in aeroplane mode. If devices are encrypted using a strong password, users can be safe in the knowledge that data cannot be lifted from the device without access to considerable computation power used to crack the encryption.

Overall, Google's Android offers a number of features to help organisations control and track devices. Our five tips to keen Android devices secure are all quick and easy but ultimately user education is the key.

Android's security features such as file system encryption and Google Apps Device Policy can be set by the system administrator but users need to know that using open Wi-Fi hotspots and failure to update regularly can pose a security risk. By putting our tips into practice alongside educating users, firms can mitigate against costly and embarrassing security breaches.