Get Your Ultimate Guide to Knox Configure

Learn how to drive IT cost savings and business benefits with Knox Customization.

Download Now
Device Management

Managing Mobile Patches and Updates With E-FOTA Adds Security, Reliability

Most IT managers take a pretty authoritarian view on patches and updates for their desktop computers. Systems get patched when IT says they should be patched, how IT says they should be patched, and everything has to be kept up-to-date … or else.

This approach increases security by ensuring that systems are protected from the latest threats, but it also increases reliability: By synchronizing application and operating system updates, IT can make sure business-critical applications are fully tested in the target desktop environment.

So why don’t IT managers apply this same approach to enterprise mobile devices?

The answer is, they can, they should and many do. All the major mobile phone platforms no longer require physical connection to a desktop device for software updates. Instead, software updates and security patches have moved to an Over the Air (OTA) model. This means that devices can download updates using Wi-Fi or, if data quotas are not a problem, even cellular networks. In the world of OTA updates, this detethering of mobile devices suddenly gives IT managers a lot of opportunities for managing and controlling the update process, because when a device can download updates at any time, everything gets a whole lot simpler.

What is FOTA?

When updating Android platforms, developers and system vendors use the acronym FOTA for “Firmware Over the Air,” to make it clear we’re talking about updating not just applications, but the underlying operating system of the smartphone, tablet or any other Android device. In recent years, Android moved to something called “seamless updates,” also known as A/B System Updates. With seamless updates, Android devices have two slots (partitions) for the operating system on the internal “disk”: current and unused. Android runs from the current slot, while the unused slot is updated during the FOTA process. When an update has been staged and is ready to go, the operating system can reboot and the updated slot becomes current, while the old slot is marked as unused. If something goes wrong, the device falls back to the last known good partition.

Evaluate Your Mobile Security Plan

icon of a documentWhite Paper

Discover if you have the right mobile security plan for your business. Download Now

In the U.S., most Android phones get their updates through the carriers’ networks, with versions and timing determined by the carriers. However, IT managers can take control of the update process through their Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) tools. Samsung, for example, calls this “E-FOTA,” for “Enterprise FOTA,” indicating that the control shifts from the carrier to the enterprise.

Seamless Control

Because FOTA mostly happens in the background, the IT manager has the option to control very carefully exactly what updates are pushed, when they are pushed and how users are prompted to reboot their devices to make use of the patched or upgraded operating system. FOTA has the same security infrastructure as the rest of Android — all updates have to be properly signed to let the user device check that it is receiving only authentic and verified updates.

FOTA moves smartphone patching and updating from the users, who used to drag their phones to a desktop and plug it into a USB port, to an OTA process controlled by carriers and enterprise IT departments. With tools such as Samsung E-FOTA, the IT manager uses their MDM or EMM tools to take control of the entire patching process. This improves security and reliability of mobile devices to match expectations of desktop devices: synchronized updates managed in such a way that applications and operating systems all mesh together.

There are a few advantages of enterprise IT taking control of software updates for mobile devices:

  • Users don’t have to take any specific action.
  • Software versions can be synchronized across groups of users.
  • Update testing and approval are managed and predictable rather than chaotic and reactive.
  • Updates can be done on a schedule — out of working hours if appropriate, or immediately if an urgent need comes up.

IT leaders will find that these make up an exact reflection of the benefits they saw in managing updates on desktop devices.

IT managers who want to make sure that mobile devices — now as mission critical as laptops and desktops in many organizations — are secure and reliable should consider taking control of FOTA as a first step in building a solid mobile computing base.

Download our comprehensive 8-step guide to planning and deploying a CYOD initiative at your company.

Posts By

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

View more posts by Joel Snyder