Best BYOD management: Containment is your friend
For its part, RIM is working on adding this capability to its BlackBerry Mobile Fusion MDM software, possibly as soon as May 2013. (Mobile Fusion runs on Android and iPhone devices as well as on the BlackBerry.) Peter Devenyi, senior vice president of enterprise software, says RIM's offering will be "a containerized solution where one can wrap an application without the need to modify source code so you can run it as a corporate application and manage it as a corporate asset."
"Using these tools you can put together a pretty complete, fully wrapped productivity suite that's encrypted and controllable," says Jeff Fugitt, vice president of marketing at mobile integrator Vox Mobile. So far, however, the customer base for the technology is relatively small.
Forrester analyst Christian Kane describes app wrapping as an "application-level VPN" that lets administrators set policies to determine what the app can interact with on the user's device or on the Web, and what access the app has to back-end resources. It also allows for remote wiping of the container, including the app and any associated data.
"Application wrapping is not mature," says Gartner's Redman, and the existence of competing architectures in this nascent market is holding back growth. But the adoption of app wrapping for enterprise and third-party apps will increase, he says, as the technology is eventually integrated into the larger and more established MDM platforms.
The downside to app wrapping is that each application must be modified, which means administrators need access to the app's binary code. That means some apps that come preinstalled on Android or iOS phones may not be supported. Also, implementations may work more smoothly with Android devices than with iOS because of problems getting binary code for apps sold via Apple's App store. For this reason, wrapping tools tend not to work with iPhone apps. For example, Mocana's Mobile App Protection product doesn't support the email client on the iPhone, or other built-in apps for that matter.
Users can get access to the binary for free iOS apps, but for paid App Store wares, IT needs an agreement to buy direct from the provider and bypass Apple's store.
"Apple overlooks the issue of app wrapping today and changing apps [bought] from their store, but by their rules you're not supposed to do that. They could clamp down and not allow that, although so far they haven't," says Redman. Apple declined to comment. (See "Where Apple and Google stand.")
The third approach to containment is to create a virtual machine that includes its own instance of the mobile operating system -- a virtual phone within a phone. This requires that the vendor work with smartphone makers and carriers to embed and support a hypervisor on the phone. The technology isn't generally available as yet, but devices that support a hypervisor may eventually allow users to separate personal and business voice and data.
VMware's offering, VMware Horizon, is still in development. It will support Android and iOS, and functions as a type 2 hypervisor, which means the virtual machine runs as a guest on top of the native installation of the device's operating system.
Having a guest OS run on top of a host OS tends to consume more resources than a type 1 "bare metal" hypervisor that's installed directly on the mobile device hardware. It's also considered less secure, since the underlying host OS could be compromised, creating a path of attack into the virtual machine.
Another vendor, Open Kernel Labs, offers a type 1 hypervisor, which it calls "defense-grade virtualization." Today the technology is used mostly by mobile chipset and smartphone manufacturers that serve the military. The company has yet to break into the commercial market, says Redman.
Developing a type 1 hypervisor that interacts directly with the hardware is impractical, argues Ben Goodman, lead evangelist for VMware Horizon. "We moved to a type 2 hypervisor because the speed at which mobile devices are being revised makes it nearly impossible to keep up."
As to security, VMware is working on an encryption approach similar to the Trusted Computing Group's Trusted Platform Module standard as well as jail-break detection.
Performance won't be a problem, Goodman promises. "VMware Horizon is optimized to run extremely well, and performance is exceptional." However, VMware declined to provide the names of any of early adopters who might speak publicly about the product.
Israeli startup Cellrox Ltd. offers its own twist on virtualization for Android devices. The technology, called ThinVisor and developed at Columbia University, is neither a type 1 nor type 2 hypervisor but "a different level of virtualization that resides in the OS and allows multiple instances of the OS using the same kernel," says CEO Omer Eiferman. It offers the product to cellular service providers and smartphone manufacturers, as well as to large enterprise customers.
Problems and promise
Not all containerization products support iOS, which powers the iPhone and iPad, the smartphones most commonly found in enterprises. While Apple has 22% market share worldwide compared to 50% for Android, in the enterprise those numbers are reversed: The iPhone commands a 60% market share versus just 10% for Android, according to Gartner.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
MDM and beyond: Rethinking mobile security in a BYOD world
Regardless of who purchased the mobile device, if it's being used for
business purposes, it needs to fall under IT's umbrella of protection.
Delivering Enterprise Information Securely on tablets & smartphones
A technical how-to guide-updated for Android 4.2,iOS 6.1, and Windows
Phone and Surface 8
- Best Practices for Making BYOD Simple and Secure BYOD goes mainstream: Formalizing consumerization-and getting it under control
- Review: Box beats Dropbox - and all the rest - for business Box trumps Dropbox, Engyte, Citrix ShareFile, EMC Syncplicity, and OwnCloud with rich mix of file sync, file sharing, user management, deep reporting and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Bring Your Own Device (BYOD) White Papers |