For example, Samsung offers Knox, a containerization technology for higher-end Samsung Android devices that's designed to create a virtual partition on the devices that would insulate corporate-managed apps and data from attack. "Samsung Knox is the first real security solution coming out for Android," Egan says. However, Knox is no cure-all, given several limitations: It currently works with just a handful of Samsung devices and only a small number of MDM tools, and it requires a monthly per-user fee in addition to the normal MDM fees.
Still, the container approach looks promising for delivering the kind of security enterprises will need with Android devices. "Containering or sandboxing can protect data files or applications [within the container], so that container can be used for corporate communications and file storage," Borg says. "A phone could have no other security [provisions], but as long as there is a secured container then the overall security of the device is less important."
Another potentially effective approach is the use of "multiple persona," where there can be distinct identities that go all way to the kernel of the OS, Borg says, so you can have multiple instances of the OS running concurrently on the same device. "You can have one persona for work and one for personal use; it's like a firewall within the device," he says. "From IT's perspective that's probably the ideal solution."
But this type of solution hasn't seen wide adoption. There's a lot of resistance on the part of users, Borg says, because it gets in the way of using the device. BlackBerry 10 OS supports this capability when used with BlackBerry's Enterprise Service 10 server, and a few multiple-persona options for Android devices are available from companies such as Divide and General Dynamics, though they work only a subset of current devices.
Don't let security fears thwart Android adoption
Although security concerns about Android are justified, companies need to avoid taking an extremely restrictive approach and damaging the user experience, says MobileIron's Rege. "The risk that is underrated is that creating on overly restrictive environment will drive employees to unsafe behaviors," he says.
When enterprise employees have a bad experience on their device, such as due to security-justified restrictions, they look elsewhere for enterprise productivity tools -- and this can drive them to take risky actions such as using unauthorized file-sharing apps, Rege says.
"If you approach Android with a mindset of fear, you will create an experience users hate and one that ultimately undermines your security policies," Rege says. "However, if you approach Android with a productivity mindset, you will create a great user experience while keeping data secure."
The strategies and tools are there today to let at least current and recent Android devices be productive additions to your technology portfolio, joining your iOS and BlackBerry devices.
This story, "A clear-eyed guide to Android's actual security risks," was originally published at InfoWorld.com. Follow the latest developments in mobile technology and security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.