Everyone wants — or needs — to be able to work on a mobile device without compromising business data or personal privacy, but carrying two separate phones is often inconvenient. Highly mobile companies rely on Android’s work/home model, which essentially splits a mobile device down the middle in terms of app usage and data to achieve the ideal balance.
Android Work Profile gives businesses security and control over company data while respecting employee privacy. It’s one of the many security features built into Samsung business-ready mobile devices, such as Galaxy A Series, that enables anyone and everyone to unlock everyday awesome.
What’s in Work Profile?
Work Profile is an Android feature that creates security and privacy by partitioning a mobile device into work and non-work sectors. With Work Profile a smartphone can become a true dual-use device, with an isolated workspace and a private personal space.
1. Apps
When Work Profile is active, specific apps are loaded into the work side and a small briefcase icon marks them in the Android graphical user interface (GUI). You can even have two copies of the same app, such as Microsoft Outlook, for work and personal use.
2. Data
Another key part of Work Profile is the data partition that keeps the work and personal sides separate unless specifically configured to interact. Social networking apps, for example, often want access to a user’s entire contacts list. With Work Profile, you can have your company directory available in Contacts on the work side, but LinkedIn on the personal side won’t be able to see that information.
The mobile security top 10
Get your free guide to better securing the personal and work data on your mobile phone. Download Now
Full customization is available, and IT managers can allow connections between the two sides when a business reason requires it. A good example is the Calendar app: If you allow the work and personal sides of the device to communicate, the smartphone user can see their work and personal events together.
The goal of Work Profile is not just to keep enterprise data secure, it’s also to define privacy boundaries for the personal side. When Android Work Profile is in place, the user’s personal data and applications are kept private, outside of IT control.
3. Mobile device settings
The third major part of Work Profile is device and OS settings. In general, when a user creates a work side and links it to an enterprise mobile management (EMM) tool, the company’s IT team has full control over Work Profile contents and device-wide settings but only limited controls on the personal side.
Configuration functionality depends on how you choose to deploy Work Profile. In the newer versions of Android, there are strong controls to limit what the company can do to preserve user privacy on mixed-use devices. For example, the company can’t see which apps are installed on the personal side of the smartphone.
IT managers essentially have three different models to work with. (More details are available in Android Enterprise documentation.)
If it’s an employee-owned device in a Bring Your Own Device (BYOD) configuration, the company can only see data and settings within the device’s Work Profile. In Android documentation, this is called “Work Profile for Employee Owned Devices.”
If it’s a fully managed device with Work Profile, then the company has more control over the device than it would with BYOD. However, the personal privacy features of newer versions of Android limit the ability to see and control the personal part of the device. Older documentation uses the acronyms COPE (Company Owned, Personally Enabled), WPoCOD (Work Profile on Company Owned Device) and WPoFMD (Work Profile on Fully Managed Device).
The third model doesn’t include Work Profile. In this scenario, a device is fully managed by the company and isn’t intended for personal use. The acronyms COBO (Company-Owned, Business-Only) and COSU (Company-Owned, Single-Use) are used to describe this model.
How to set up Work Profile
There are many different paths to setting up Work Profile on company-owned or personally owned devices, but they all include the same major steps.
The first step in setting up Work Profile is non-technical. Users must decide how Work Profile will support security requirements and a mobility strategy. Create or update a thorough and accurate policy that covers the rights and responsibilities of both individual users and the company regarding a shared-use device, no matter who owns it. (Samsung Insights offers a number of articles on this topic, including, for example, BYOD and CYOD policy templates.)
Next, a business can select an EMM or mobile device management (MDM) tool. Any MDM tool can work, and there are plenty of options: simple and easy to use or powerful with lots of features, standalone or tightly integrated with a company directory, focused on mobile devices or inclusive of laptops and desktops. A solid policy can help simplify the process of selecting an MDM tool.
Once the chosen MDM tool is up and running, an IT team should define the policies that can be applied to all devices. These effectively define Work Profile and whatever other settings can be pushed to the device based on the selected model: fully managed with Work Profile or employee-owned (BYOD).
At this point, users can begin enrolling their devices in the MDM. This process has two steps: downloading the MDM client and authenticating and linking that particular device to the company MDM and the user.
You might want to build a very user-friendly path, linking your MDM download and enrollment to automated device deployment, for example. Or, you might direct users to a website to start the process of downloading the MDM client and enrolling the device. If you choose Samsung as your mobile device supplier, you can also take advantage of the Knox Solution Set, designed to simplify and manage device configurations, MDM enrollment and firmware management.
When you enroll a device in the MDM, policies can be applied automatically, including the creation and management of Work Profile. As needs evolve, whether they are new business apps or different security settings, you can centrally update the policy, and changes can be pushed automatically to all devices and enforced by the MDM client on the device.
The final step is user training. Although Work Profile is mostly self-explanatory, a few minutes of training on the privacy features and how to pause it can help employees have a better experience and greater confidence in their new dual-use mobile device.
Alongside gorgeous displays, high-resolution cameras and other features that end users love, a clear divide between work and personal data makes Samsung devices all the more appealing to businesses, especially when it comes to Galaxy A Series. From the entry-level A15 5G to the versatile A25 5G, higher-tier A35 5G, and powerful Galaxy Tab A9+ tablet, all Galaxy A Series devices feature a full suite of customizable controls that enable business leaders and IT managers alike to sleep better at night knowing workplace mobility isn’t jeopardizing enterprising security.
Get our comprehensive guide and template for developing a BYOD policy tailored to your organization. And find out more about how Samsung Knox Suite provides an end-to-end solution for complex mobility needs.
