Sheila Bacon, Chief Mobile Strategist
As mobile devices quickly become the primary computing platform, bring your own device (BYOD) solutions attempt to enable employees to use their single personal mobile device for all aspects of life – personal as well as business. Below is a quick look at the different mobile strategy approaches for BYOD and the strengths of each method. As you will see, the evolution of the mobile user environment involves increasing complexity because of the nature of mobile engagement and therefore businesses of all sizes need to consider not just costs but a variety of factors to chose the most optimal integration.
Mobile Device Management (MDM) requires managing the entire device and protecting valuable company information assets. Typically MDM vendor systems have an easy to download client and a reporting backend that can either be hosted in-house or available through a vendor-sponsored cloud service. A key benefit in MDM environments allows unrestricted application choice meaning users can easily jump between multiple applications and solutions and they typically scale across entire product families. However, all applications must operate in the same execution environment and personal applications can be considered a potential security threat to both business information assets and the applications that support them. Personal mobile apps can get “blacklisted” meaning the MDM system will block their use altogether.
To solve this a “dual persona” solution can complement MDM by offering an environment where personal applications can be downloaded, accessed and used without IT oversight or corporate liability as it relates to the nature of the content.
Another approach is to use encapsulation or containment to require mobile applications to be modified to operate inside a secure shell where all input/output (I/O) is encrypted and immediately routed off the device to an Internet accessible secure server. This approach typically ensures that business applications and their I/O are secure from personal application attacks. SDKs, tools, and peer experts are typically provided to assist a company’s in-house software development team as they build, test, and deploy the wrapped mobile applications needed for business. Once encapsulated, the overhead to installing business applications on the device is very low and management and reporting are typically done on either an in-house server or a vendor-supported, cloud-based service. Encapsulation-based approaches enable all applications, both business and personal, to operate in the same mobile environment without the overhead of a monitoring system, this is done by isolating each business application with a protective shell and I/O encryption. As a result, the ability to work in concert with a number of business applications may be restricted, thereby reducing application agility.
Another approach to implementing dual persona is through machine-based virtualization. While this approach is highly successful on servers and desktops, virtualization requires the integration of a hypervisor into the mobile OS by either the wireless carrier or device manufacturer. To support dual persona, the hypervisor must emulate two independent physical devices in software as virtual machines (VMs) each supporting their own operating system and application stack. This allows for two completely independent virtual devices, one for business and one for personal, to coexist in a single physical device. However hypervisors are not native to any mobile operating system and must be integrated to – and supported on – specific OS releases and devices by either the device manufacturer or wireless carrier. This added step can significantly fragment BYOD scalability by limiting availability to vendors that make the engineering and support investment for a specific virtualization product. Once the integration has taken place, then one must consider the added computational overhead and unconstrained power consumption of simulating two complete devices – including two separate hardware emulations with their respective operating system and application stack. While virtualization is a great solution for many use cases, its limited scalability and increased performance and power requirements reduce its value as a BYOD solution.
As you consider flexible and powerful tools to implement a full featured mobility management solution, below is a list of key benefits you should include:
Maximizing Business and application choice
Device choice for all users (employees) that has pre-planned enrollment criteria
Application lifecycle management (to improve ROI)
High application agility via dual persona profiles, power on password, certificates for SSO, WI-FI, VPN and email deployed
Scalability across the entire device family
Government grade secure container that isolates business applications from threat
Management and client safeguards protect employee privacy
Comprehensive security console for both user and IT
Expense management of Telecom costs
Data loss prevention