Best BYOD management: Work zones for smartphones
The third approach to containment is to create a virtual machine that includes its own instance of the mobile operating system -- a virtual phone within a phone. This requires that the vendor work with smartphone makers and carriers to embed and support a hypervisor on the phone. Such technology isn't generally available yet, but devices that support a hypervisor may eventually allow users to separate personal and business voice and data.
VMware is developing an offering called VMware Horizon. It will support Android and iOS, and function as a Type 2 hypervisor, which means the virtual machine runs as a guest on top of the native installation of the device's operating system.
Having a guest OS run on top of a host operating system tends to consume more resources than a Type 1 "bare metal" hypervisor that's installed directly on the mobile device hardware. It's also considered a less secure approach, since the host operating system could be compromised, creating a path of attack into the virtual machine.
Another vendor, Open Kernel Labs, offers a Type 1 hypervisor that it calls "defense-grade virtualization." Open Kernel's technology is currently used mostly by mobile chipset and smartphone manufacturers that serve the military. The company has yet to break into the commercial market, says Redman.
Developing a Type 1 hypervisor that interacts directly with the hardware is impractical, says Ben Goodman, lead evangelist for VMware Horizon. "We moved to a Type 2 hypervisor because the speed at which mobile devices are being revised makes it nearly impossible to keep up," he says.
As for security, VMware is working on an encryption approach similar to the Trusted Computing Group's Trusted Platform Module standard. It's also researching jail-break detection.
Performance won't be a problem, says Goodman, vowing that "VMware Horizon is optimized to run extremely well." But VMware declined to provide the names of early adopters who could discuss the product.
Israeli startup Cellrox offers its own twist on virtualization for Android devices. The technology, called ThinVisor, was developed at Columbia University. It's neither a Type 1 nor a Type 2 hypervisor, but "a different level of virtualization that resides in the OS and allows multiple instances of the OS using the same kernel," says Cellrox CEO Omer Eiferman. The vendor offers ThinVisor to cellular service providers, smartphone manufacturers and large enterprise customers.
Problems and Promise
One problem with containerization is that not all products support iOS, which powers iPhones, the smartphones most commonly found in enterprises. While Apple has a 22% share of the worldwide smartphone market, compared with 50% for Android devices, those figures are reversed in the enterprise: The iPhone has 60% of that market, versus 10% for Android devices, according to Gartner.
Apple's legendary secrecy about operating system enhancements means containerization vendors receive no advance notice and must scramble every time the vendor releases an update. The bottom line: Users may have trouble accessing corporate systems if they upgrade their personal iPhones too quickly. At University Hospitals, says Terry, "iOS changes often cause service interruptions while Good Technology's products are modified, tested, then released."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Workforce Mobilization for Improved Productivity A mobility research director from Aberdeen discusses reasons for extending legacy applications to mobile devices, and an integration strategist from Attachmate shows how...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Mobile/Wireless White Papers | Webcasts
As emerging technologies evolve they often find an initial niche in highly specialized scenarios, or in specific industry verticals, before expanding to wider areas of applicability. Within these initial niches, the early adopters can be anything from digital enthusiasts to fashionistas, or they can be folks simply using the technology because it serves a specific need extremely well. (free registration required) more