Enterprise Mobility: A Virtual Reality

In the age of personalization and workforce convenience, mobile workers around the world increasingly prefer to use their own smartphones, tablets and other wireless devices for both professional and personal communications and computing. This consumerization of enterprise IT, a natural reaction to smartphone and mobile applications growth, puts new pressures on companies to accommodate and mitigate the security risks of employee-owned mobile devices.

The increase in mobile device deployments has also brought an upsurge in mobile security threats. A study by Juniper Networks revealed that last year brought a 250% jump in the number of threats in the mobile space from malware and viruses. Yet 59% of employees who use their phone for business do so without permission, representing a potential compromise of enterprise security.

This situation poses real security issues for IT administrators, who also face emerging challenges posed by Cloud Computing, open Android devices, and social collaboration and networking. In fact, concern over the security of mobile devices remains a key factor restricting enterprise mobility adoption.

Historically these concerns have resulted in organizations choosing devices running the Blackberry RIM OS or Microsoft Windows variants as the primary “supported” mobile devices in corporate environments. However, the overwhelming popularity of other devices, including the iPhone, iPad and a wide range of Android smartphones has resulted in employees increasingly sneaking their own personal devices into the workplace. Approximately 40% of workers are now using the same phone for both business and personal use (Juniper) and nearly one quarter of mobile employees use an unmanaged device (Forrester).

A number of technical and policy-based approaches are commercially available to address requirements for enterprise mobility security. Native security and control options are built into the phone by the device manufacturer, and include data encryption, remote wipe of phone contents (onboard flash memory), and support for enterprise security policies.

MDM (Mobile Device Management) solutions are also available from a number of third party suppliers to help IT departments manage the capabilities and configurations of employee mobile devices and limit access to corporate assets in compliance with enterprise policy. Other vendors provide mobile endpoint security such as encryption, anti-virus and malware protection.

These technologies are necessary and powerful, but leave critical security requirements unmet. In particular, MDM and endpoint security rely on the integrity of the underlying smartphone operating system (OS) and software stack, which are still vulnerable to exploits. Even the security software that protects the device may be susceptible, threatening both the integrity of the mobile device and any information that passes through it. In addition, many company-imposed restrictions make mobile devices too cumbersome for personal use and employees end up carrying two separate devices, limiting productivity and increasing corporate vulnerability.

Mobile Virtualization Completes the Mobile Security Equation

A comprehensive and straightforward approach to architecting a secure mobile platform calls for mobile virtualization. This technology, like its cousin in the data center, runs over “bare metal” silicon to host an application OS and software stack, one or more fully isolated contexts to host secure software in its own separate context, and additional cells (as needed) to host selectively shared resources such as device drivers.