Most IT managers take a pretty authoritarian view on patches and updates for their desktop and laptop computers. Systems get patched when IT says they should be patched, how IT says they should be patched, and everything has to be kept up-to-date … or else.
This approach increases security by ensuring that systems are protected from the latest threats, but it also increases reliability: By synchronizing application and operating system updates, IT can make sure business-critical applications are fully tested in the target desktop environment.
So why don’t IT managers apply this same approach to enterprise mobile devices?
The answer is, they can, they should and an increasing number do. All the major mobile phone platforms no longer require physical connection to a desktop device for software updates. Instead, software updates and security patches have moved to an Over-the-Air (OTA) model. This means that devices can download updates using Wi-Fi or, if data quotas are not a problem, even cellular networks. In the world of OTA updates, this detethering of mobile devices suddenly gives IT managers a lot more opportunities for managing and controlling the update process, because when a device can download updates at any time, everything gets a whole lot simpler.
What is FOTA?
When updating Android platforms, developers and system vendors use the acronym FOTA for “Firmware Over the Air,” to make it clear they’re talking about updating not just applications, but the underlying operating system of the smartphone, tablet or any other Android device.
In the U.S., most Android phones get their firmware updates through the carriers’ networks, with versions and timing determined by the carriers. However, IT managers can take control of the update process through specialized device management tools. Samsung, for example, calls this “E-FOTA,” for “Enterprise FOTA,” indicating that the control shifts from the carrier to the enterprise.
How E-FOTA gives IT greater control over updates
Because FOTA mostly happens in the background, the IT manager has the option to control exactly what updates are pushed, when they are pushed and how users are prompted to reboot their devices to make use of the patched or upgraded operating system. FOTA has the same security infrastructure as the rest of Android — all updates have to be properly signed to let the user device check that it is receiving only authentic and verified updates.
FOTA moves smartphone patching and updating from the users, who used to drag their phones to a desktop and plug it into a USB port, to an OTA process controlled by carriers and enterprise IT departments. With tools such as Knox E-FOTA, the IT manager uses a cloud-based console to take control of the entire patching process. This improves security and reliability of mobile devices to match expectations of desktop devices: synchronized updates managed in such a way that applications and operating systems all mesh together.
There are a few advantages of enterprise IT taking control of firmware updates for mobile devices:
- Users don’t have to take any specific action
- Software versions can be synchronized across groups of users
- Update testing and approval are managed and predictable rather than chaotic and reactive
- Updates can be done on a schedule — out of working hours if appropriate, or immediately if an urgent need comes up
IT leaders will find that these make up an exact reflection of the benefits they saw in managing updates on desktop devices.
How to build an effective incident response plan
Get this free guide on how to respond to mobile security breaches — or thwart them altogether. Download Now
IT managers who want to make sure that mobile devices — now as mission critical as laptops and desktops in many organizations — are secure and reliable should consider taking control of FOTA as a first step in building a solid mobile computing base.
Keeping devices and their data truly secure requires comprehensive lifecycle device management. Samsung combines device security, deployment and management in Knox Suite, which includes Knox Platform for Enterprise, Knox Mobile Enrollment, Knox Manage and Knox E-FOTA in a single license with one sign-on.
Learn best practices for thwarting mobile security breaches and responding when they occur in our guide, Building a Cyber Incident Response Plan.