Preparing for Android 10 & 11 End of Life: A Strategic Imperative for Enterprise IT

Endpoint Modernization Is Vital After Android 10 and 11 End of Life

Step one is migrating endpoints to the latest Android version as a means to help ensure the latest security posture.

“This is because OS updates provide the most robust protection while also delivering essential performance, connectivity and stability enhancements” beyond what standalone security patches can offer, says Google’s Sean Ginevan, head of global technology partnerships for Android Enterprise.

Beyond this, EOL for Android 10 and 11 can serve as a catalyst for broader endpoint modernization conversations within enterprise IT. As the IDC analyst report notes, “the next few years will redefine how enterprises think about device strategy.”

Within that modernization strategy, extended support roadmaps can play a key role. “Today’s Android manufacturers are offering unprecedented support, with up to seven years of security updates on many devices,” Ginevan says. This allows IT to plan more predictable refresh cycles.

Such an approach can help organizations with unique operational requirements — such as manufacturing or logistics — to ensure that, even as hardware ages, “there is a clear path for maintaining compliance and operational integrity,” Ginevan says.

DIVE DEEPER: How to prepare for the key videoconferencing system impacts with the end of Android 10.

Building a Proactive Zero-Trust Security Strategy for Android Devices

As businesses work toward endpoint modernization, proactive device refresh strategies will be an essential component of a zero-trust security framework. “Maintaining a strong security posture is a continuous process,” Ginevan says, and this is doubly true in a zero-trust framework, where trust “is never permanent; it is continuously verified.”

With this in mind, a proactive refresh strategy ensures that hardware has the latest security features available, but using the latest OS isn’t enough. “The OS must allow its security to be verified,” he says.

There are tools that help to support this, like  Device Trust from Android Enterprise, which allows devices to communicate real-time data directly to enterprise infrastructure. “This allows for automated policy enforcement that aligns to a zero-trust framework,” Ginevan says. If a device doesn’t meet a specific security threshold, IT leaders can implement policies to restrict access.

How to Secure and Future-Proof Android Devices Beyond End of Life

Even as businesses lean into endpoint modernization conversations as they address the Android 10 and Android 11 EOL situation, they can take additional steps to ensure the security of their present devices.

Android security is modular. Even on older versions, Google Play and Google Play system updates can continue to provide critical security fixes, Ginevan says. And Google Play services help to mitigate against exploits by patching common attack surfaces, such as the system web browser, independently of the OS.

In addition, he points to Google Play Protect, which is built into Android devices. By performing daily scans to identify and remove malware, it provides a critical safety net — one that operates independently of the underlying OS version.

Still, with Android 10 and 11 at EOL, “modernization is the goal,” he says.

To that end, he encourages leaders to use the Android Enterprise Recommended (AER) program as their North Star. This program simplifies the hardware selection process by identifying devices that meet Google’s strict standards for security, deployment and update frequency, he says, “and documents partners’ commitments for security updates and longevity.”