Google knows the importance of keeping your information safe; and they work diligently to ensure the Android experience, for both consumers and businesses, is one centered on device and data security. This is especially true for enterprise users, where the possibility of personal and business data overlap can occur. If your staff works with Android and you’re a customer of Google Mobile Management, you will soon notice a fairly important change coming with version 7.55 of the Google Apps Device Policy.
The change is simple, yet crucial, and one that helps Google to promote the use of Work Profiles. Why? Simple. The sandboxing of business data should be a top priority for businesses, which is why Google has shifted the Google Apps Device Policy such that it will now, by default, utilize an Android for Work, IT-managed work profile for those customers that meet specific requirements. Said requirements are:
- Your company uses Google Mobile Management (GMM) for Android
- Android at work is enabled for the entire organization (or an organizational unit)
- The organization using GMM and is whitelisting apps in managed Play
- Devices must support work profiles
- The Google Apps Device Policy app being used for enrollment is version >= 7.55
Should your company/devices meet the above requirements, when you enroll new devices, users will now find a default work profile available. With this work profile, users will be able to access the managed Google Play store and install apps that have been curated and whitelisted by the GMM administrator. This enabled policy will also provide well-defined separation between personal and corporate data in such a way that the GMM administrator cannot accidentally remove a user’s personal data. This works in conjunction with the other features an administrator can manage through GMM:
- Device password strength
- Device password length
- Number of invalid passwords allowed before the device is wiped
- Number of recently expired passwords that are blocked
- Number of days before a device password expires
- Number of idle minutes before a device automatically locks
- Application auditing
- Remote account removal from a device
- Remote wipe a device
- Device policy app version requirements
- Number of days device is not synced before wiping
- Blocking of security-compromised devices
- Configure Wi-Fi networks
- Manage network access certificates
This is a change that is long overdue. When a company makes use of Mobile Device Management for staff/employees, the idea is to ensure the integrity and security of sensitive data. Without a work profile in place, company data is not sandboxed from personal data and that is a disaster waiting to be unleashed.
With an Android For Work profile in place, it becomes significantly more challenging for anyone to steal company data. If you’re unsure of the importance of work profiles, consider these features:
- Supported devices will isolate corporate data and personal data, so users only need work with one piece of hardware
- Administrators can curate and whitelist applications that are needed/required for corporate use
- IT administrators cannot erase personal emails, photos, or other personal data (but can easily wipe the content within the work profile)
Can users opt-out?
In a word, yes. If your corporate policy allows for opting out of using a work profile. Should you do this? Clearly the choice is up to your company, but there is a reason Google is opting to bring about this change. In the current mobile landscape, security of corporate data has become an unavoidable issue. With more and more vulnerabilities found on the major mobile platforms, and users frequently working with a single device, for both personal and company data, providers and manufacturers have to do everything they can to protect the interests of both companies and individuals. This change in the Google Apps Device Policy should go a long way to aid in that protection.
So long as users don’t opt out.
When does the change take effect?
Starting June 5, 2017, the release of the Google Apps Device v7.55 will include this change. The release will be available to all G Suite editions.