Samsung is building its own Android platform for the enterprise

Hiding in plain site at the Galaxy S III launch was Samsung's enterprise approach to Andoid. Credit:Vernon Chan via Flickr

As RIM tries to reinvent itself with BlackBerry 10 and Microsoft tries to gain a secure foothold in the smartphone market with Windows Phone, we're often told that one of those two platforms will emerge as the eventual third platform that might rival the marketshare of iOS and Android. Often an appeal to business and enterprise users is seen as part of the lure that will carry one of these platforms forward.

While it's reasonable to debate which of these platforms might that mythical third platform, that debate stems from a false assumption that the mobile space is currently dominated by just two platforms (iOS and Android). I'm not saying that there's some hidden platform out there. Rather, it's becoming increasingly difficult to consider Android as a single platform.

The open nature of Android has caused it to diversify across an incredible range of devices. With so much diversity, some forks of Android can credibly considered to be their own platform. The Kindle Fire and Nook tablets are Android-based, meaning that Android is doing the heavy lifting, but their interfaces, app markets,and setup processes have been tailored so much that for practical purposes, most people don't consider them to be Android devices.

A new kind of Android fork

Another company is beginning to develop its own platform based on Android as well. In this case, however, it isn't differentiating itself based on its interface or app/content stores. Instead, this new Android-based platform is being built around the ability to secure, manage, and integrate with key enterprise systems in ways that go beyond what Google builds into the stock versions of Android.

The company building this new platform is Samsung and that platform is the company's SAFE (Samsung Approved For Enterprise) program.

Samsung is the biggest Android manufacturer on the planet and it offers a very complete range of Android devices, many of them designed for the consumer market. With Apple's iOS devices take the mobile enterprise crown from RIM and the BlackBerry, Samsung developed its own strategy for getting its own slice of the enterprise pie.

In order to compete against Apple in the business and enterprise market, Samsung chose to address a core Android issue: the platform's fragmentation. Fragmentation is a general Android headache with dozens of manufacturers making hundreds of different devices, many of which get tweaked by manufacturers and carriers. That diversity means that not every device will support the same security and management features.

It also means that the Android update cycle for existing devices is long and complex, meaning there's rarely a clear timeline for when a given update will reach a given device on a given carrier. All to often, there are devices that simply stop getting major Android updates or even smaller patches.

Fragmentation of this type or on this scale simply doesn't happen with iOS because Apple develops the OS, builds the hardware, and prevents carriers from tweaking either. Apple also releases a new major iOS update every year that, on average, supports the past two generations of hardware. The bulk of important security and management capabilities were baked into iOS 4. iOS 5 and 6 included just a handful of additional mobile management policies. That means the vast majority of iOS devices ever made can be a pretty good fit for enterprises. In many ways, Apple's model isn't that far off from the model that allowed RIM to be so successful for many years.

Samsung's SAFE program, developed with some of the top mobile management vendors and carriers creates a uniform baseline standard that meets key enterprise needs including deep integration with Exchange, on device encryption, broad VPN support, and mobile device management (MDM) with a broad range of supported policies.

Samsung creates the hardware for the program and integrates a wide range of MDM policy capabilities into the Android OS that will run on that hardware. In doing so, the company puts in far more MDM capabilities than are found on other Android devices including its own security APIs. In certifying devices, MDM suites, and other enterprise vendors like networking giants Juniper and Cisco, Samsung has create a secure and enterprise-grade Android ecosystem.

Walking the middle ground

In many ways, the SAFE program is a blend of the approaches that RIM and Apple have taken towards business sector. RIM delivered a product that could be managed and secured with over 500 policies using the company's BlackBerry Enterprise Server (BES). That delivered a very secure environment, one that IT and security professionals welcomed. It also positioned RIM as a single vendor for smartphones and related management infrastructure.

Apple, on the other hand, took a very different approach when it introduced true enterprise mobile management in iOS 4. The company created a framework that covered the majority of critical needs like passcode policy enforcement, remote wipe, Wi-Fi and VPN configuration, and the ability to restrict access to various iOS and device features, but far fewer policies than RIM offered. Apple didn't initially set out to provide its own MDM server. Instead, the company invited third-party companies to provide over the air management solutions (more recently, Apple has introduced the tethered deployment and management tool Apple Configurator and an over the air Profile Manager feature for its OS X Server platform, which is aimed at small businesses and workgroups).

Samsung's decision to build the policy framework in a way that is much broader and granular than Apple's -- the company offers over 330 policy options -- positions SAFE certified devices as more flexible enterprise-oriented options compared to Apple's iOS devices. At the same time, the company has followed Apple's example in opening that framework up to other vendors. That key move ensures that most enterprises will be able to take advantage of the security, management, and integration features of SAFE devices using an existing mobile management console -- not to mention one that can also manage iOS devices and non-SAFE Android devices as well.

Top devices

Samsung has focused on certifying some of its most popular products for SAFE. The Galaxy S III and Galaxy Note II both carry SAFE branding. While not the first devices to certified as SAFE devices -- previous generations of the lines including the original Galaxy Note and Galaxy S II -- these are the first to be branded and marketed as SAFE certified solutions. To encourage adoption of these devices in general as well as the brand awareness of the SAFE program, Samsung has instituted a trade-up program for both businesses and individuals to upgrade to SAFE devices.

Incorporating SAFE into its mainstream products is important. While IT and security professionals see the device as a unique and secure platform that happens to be Android-based, consumers simply see the devices as cutting edge Android devices.

Can SAFE succeed?

Viewed as a separate platform from other Android devices, SAFE offers administrators much of the feature set and management capabilities of the BlackBerry. More important, it offers a similar mindset towards policies. That makes it a very attractive platform.

It also leads to a crucial question: Can SAFE succeed as a platform in a sea of other Android devices, including some from Samsung itself that aren't SAFE certified?

Certainly for those companies that still issue corporate devices to users, SAFE is an attractive platform. It allows BlackBerry-style management and device lockdown. The problem is that the world has changed, and locked-down corporate devices are typically used in tandem with unmanaged personal devices. Simply put, the locked down corporate device is becoming rarer with each passing day.

Many enterprises who aren't jumping on the BYOD bandwagon are instead embracing the COPE (corporate owned, personally enabled) strategy. Companies using this approach provide corporate devices -- often ones that are popular in the broader consumer market -- that are pre-configured to work with enterprise systems, but are generally not subject to harsh management policies. Users are encouraged to use the devices as their own, and some companies even offer users the option to purchase their COPE device at a pro-rated cost if the employee leaves the company.

SAFE is a perfect fit for COPE.

BYOD, however, is quickly becoming the norm when it comes to enterprise mobility. Samsung may be building an excellent management platform on its top devices, but there's no guarantee every user will pick a device that's SAFE-certified.

Even within the BYOD paradigm, however, there are some ways that IT departments can make a push for SAFE devices.

BYOD policies are often drafted around the security potential of each device or platform.  Platforms that support broader security and management options are generally granted greater access to enterprise resources. If a company establishes SAFE devices from Samsung as a separate tier of devices compared to Android as a whole, it can encourage users to purchase those devices if they want expanded access.

IT departments that are more engaged with their users stand an even better chance of encouraging users to select these types of devices. That can mean an informational email detailing the added features and network access of SAFE devices or it can be even more proactive. Some mobile-first companies have established mobile support centers based around the Genius Bar model of Apple's retail stores -- a resource where employees can learn about mobile technologies, play with devices, share tips and information, and get technical support. That sort of environment is a perfect one for encouraging a specific platform or devices. Of course, organizations that offer cost-sharing options as part of a BYOD program stand the best chance of encouraging a specific platform or device since they tend to offer users a menu of available options, effectively making them very similar to COPE programs.

SAFE vs. Android

While SAFE is a more secure Android platform hiding in plain site, it's important to remember that the recent releases of Android do have some significant enterprise capabilities in and of themselves. This PDF brochure from Zenprise compares the major capabilities of Android Jelly Bean to SAFE. Samsung's own brochure highlights some as well.

The truth is that Android security has generally improved to the point where current releases have begun to level much of the playing field with iOS. SAFE takes those capabilities a bit further. Even with older Android releases, however, most MDM vendors provide an on-device agent that can deliver better security across a range of devices.

SAFE and IT

Is it something IT should embrace? Absolutely. IT should embrace every opportunity to add security and to grant the broadest feasible access to users. If you on an MDM product that is SAFE certified, then definitely embrace the program and certified devices. If you are selecting an MDM vendor, SAFE certification can be a way to narrow down your choices. From and IT and security point of view, SAFE is something that adds and enhances security and enterprise integration without requiring much effort -- why not embrace it?

That doesn't mean that IT should feel that SAFE offers a license to dictate device decisions and set restrictive policies that were standard practices in the BlackBerry era. Those days are gone. SAFE offers some of that functionality back as well as some Android-specific capabilities, but it isn't going to turn back the clock on how users interact with technology. If anything, SAFE and the fact that user choice is as integral to the program's success as IT involvement, illustrates the partnership that modern mobility is all about.  

Join the discussion
Be the first to comment on this article. Our Commenting Policies