Esper aims to bring devops-like approach to securing Android dedicated devices

Esper, a maker of cloud tools for Android device deployment and application management, today announced the launch of a new offering that seeks to make it easier for enterprises to secure dedicated devices such as point-of-sale systems, digital kiosks and display signage.

The company says its new devops for Dedicated Devices offering comes as the use of connected IoT and Android edge devices is exploding — but many remain difficult to update and secure.

The platform treats any kind of device state change as something that can be pushed through a devops pipeline, said Keith Szot, vice president of innovation and solutions at Esper. The company says that its offering extends the definition of devops — an approach uniting development and operations, which has transformed application development over the past 15 years — to include configuration of devices.

“Security fixes aren’t very useful if they break core device functionality and you should be able to test and deploy them using those same sophisticated devops principles we bring to your application software,” Szot said in an email.

Devops for Dedicated Devices enables customers to apply policies, configurations and updates in the field to devices from a centralized platform and at large scale, according to the company.

Key features include Blueprints, which allow customers to define device configurations and security, while managing devices that fall out of compliance (also known as “drift.”) The offering’s Pipelines feature can test updates to software and policy in strictly defined stages, so customers can validate changes before deploying them more widely to their fleets, according to Esper.

Additionally, the company’s Foundation for Android platform provides customers with further control over their fleet’s behavior while adding in monthly Android security patches and operating systems upgrades – “two things largely unheard of in the dedicated device space,” Szot said.

Considering that many dedicated devices are mission-critical, Esper says it improves total fleet security in part through enhancing visibility.

“When you manage your entire fleet from one piece of infrastructure, you know where every device is, what it’s running and what configurations are applied to it. You can’t secure what you can’t easily reach,” Szot said. “We take what are often fragmented and incomplete solutions and give customers a clean slate to manage on. With the use of dedicated devices exploding, companies need to manage thousands of devices remotely, Esper enables enterprises to identify devices that are out of compliance.”

Better way of updating

In terms of Esper’s devops deployment tools for device software and firmware, when enterprises integrate their existing devops tooling with Esper, developers can deliver software updates to the Esper Cloud automatically, he said. Operations teams can then deploy those updates with Esper Pipelines immediately, or on their preferred schedule with similar automation, Szot said.

Changes to device policy can be deployed in this fashion using Pipelines, as well, he said.

“This ensures that updates actually get where they need to and that policies are actually enforced when set,” Szot said.

The biggest change Esper is introducing is a centralized way to manage device system updates, across Foundation security patches, Foundation core OS upgrades and the company’s on-device management app (the Esper Agent), he said.

The Esper Agent is “essentially a small service worker that lives on every device our customers manage with Esper,” Szot said — regardless of whether they use Esper Foundation for Android.

“We now let customers stage and test these updates just as they would updates to their own apps,” he said.

The Blueprints feature, meanwhile, represents an overhaul of Esper’s approach to device configuration, according to Szot.

“The big security implication for our customers is greater customization and configurability in the field,” he said, given that Blueprints lets customers “adjust core device settings at any time.”

For instance, if an enterprise adopts a new policy that forbids any fleet device from utilizing USB connectivity, “you can make that change fleet-wide in just a few minutes using Esper Blueprints and Pipelines,” Szot said. “You can watch those changes roll out in real time and observe which devices they’re deployed to, then start assessing any failures with our new drift management feature.”

Customer traction

Esper reports it currently has more than 3,000 customers, with use cases that are “wildly different,” Szot said. Major verticals include healthcare, retail, logistics and transportation, restaurants, education and hospitality.

Disclosed customers include Taco Bell, Ordermark, Siyata Mobile, Spire Health, CLMBR, Inspire Fitness, ROMTech, JLT and BusRight.

The Bellevue, Washington-based company has raised $100 million in funding since its founding 2018, including its $60 million series C round in October led by Insight Partners.

Ultimately, “as an immense number of devices start coming online in public and semi-public settings, the number of potential attack surfaces goes up in tandem,” Szot said. “We’ve all seen a public display or kiosk showing the ‘blue screen of death.’”

Esper sees this as a “failure to enforce and properly validate fleet configuration and software updates,” he said.

In the past, there has been “no end-to-end way” to add new features or patch a critical vulnerability to an entire fleet of dedicated devices. “Esper is the first platform to truly take that infrastructure burden out of the dedicated device equation,” Szot said.

Current solutions on the market can provide pieces of what Esper offers — for example, “we’re not going to say we invented Android device policy configuration,” Szot said (though Esper is the first to apply it using devops, he says).

However, “that’s something anyone can do, because it’s a core feature of the Android platform,” Szot said. “Where we stand out is the scalability and integration of our platform. There’s no one else in the dedicated device space providing a full-stack solution.”