Can Dual-Identity Smartphones Solve Corporate and Personal Split? (Part 2)
Can Dual-Identity Smartphones Solve Corporate and Personal Split? (Part 2) by UCStrategies Staff
While Part 1 provided an overview of the upcoming dual-identity options for mobile devices and focused on Red Bend’s Type 1 hypervisor, set to release in 2013, this section focuses on the other lead developer of this technology, VMware.
VMware has also been actively developing a Type 1 hypervisor for mobile phones. In 2008, VMware purchased Trango Virtual Processors, a French company that focused on the Type 1 hypervisor technology. According to VMware’s senior director of Mobile Solutions, Srinivas Krishnamurti, they decided not to use Trango’s technology because they could not foresee support from smartphone manufacturers for the hardware-based virtualization.
Krishnamurti explains that “Type 1 hypervisors are hard to build and maintain in a scalable manner,” meaning that “the chip makers – the Qualcomms and the Texas Instruments of the world – were like, ‘Why should I invest in rewriting all my device drivers, and doing a bunch of battery, graphic and performance optimizations that no [systems manufacturer] is asking me for?’”
He concludes with saying that “it’s hard to do it without an ecosystem, and the ecosystem is not going to do it unless their customers are asking for it.”
So instead, VMware chose to pursue a Type 2 hypervisor product called Horizon Mobile, which will come implanted in the smartphone and need to be activated, or will come as a downloadable app for free. This technology will be available for smartphone users in U.S. next year.
VMware has already made deals with companies like LG, Motorola, and Samsung to embed their smartphone devices with the Horizon Mobile software. In Japan, Motorola is already selling this hypervisor technology on their Droid Razr M smartphone.
Krishnamurti’s expectation is for there to be “multiple devices from each vendor available in the U.S. in 2013.” Additionally, “there are three or four other venders we’ve not yet announced,” he says. “Our expectation is there will be a lot of Android phones that will have our hypervisor on them.”
For the corporate side of things, IT administrators will have the option to purchase VMware’s administrative interface, Horizon Mobile Manager, and offer it to employees that way. Then, the employee just needs to choose the application in order to start the “corporate” interface and log in with their corporate username and password.
The backend of the Horizon Mobile Manager server can recognize the login information and allow a pre-configured Android or iOS instance, including any work-specific apps, to be sent to the device. If an employee ever attempts to move apps or data from the corporate instance to the private instance, the sever will automatically block it.
“So we basically monetize on the management side and not on the app or the hypervisor side,” Krishnumurti states, “because enterprises are the ones who are having the problems with security and making sure data doesn’t leak.” In light of this, he says, “they’re quite willing to pay.”
VMware’s Horizon Mobile currently supports both Android and iOS-based smartphones, but they have not yet revealed plans for Windows phones. Krushnamurti explains that they are waiting to measure the adoption rates scale before they begin changing the hypervisor to fit that platform as well.
According to Krishnamurti, the iOS products are relatively simple to support because all of Apple’s devices at the factory get updated at the same time the OS is upgraded. More so, 50 to 60 percent of Apple mobile device users will download an upgrade within the first two weeks of its release date. The Android phone market, however, is different. Krishnamurti says that while some OEMs will update their devices to the latest operating system version, not everyone does.
“It's hard for us to put our arms around it,” he says, “by virtualizing, we normalize and abstract away all that fragmentation and give IT their own version of Android to manage." Furthermore, “there's no chance a Type 2 hypervisor will show up on an Apple device" due to Apple’s proprietary nature.
There are other companies on this playing field too. These include the Israel-based CellRox and Sunnyvale, California’s Good Technology companies – both of which are also creating technology designed for dual-identity smartphones.
Similar to VMware’s Horizon Mobile software, ThinVisor by CellRox also is a kernel-enabled hypervisor to make several “personas” in order to keep corporate and private data separate and secure. Two months ago, CellRox revealed their BYOD MultiPersona app toolkit to run on Android Ice Cream Sandwich-enabled mobile device manufacturers in order to provide this option on their smartphones.
Good Technology, on the other hand, puts encrypted containers in a sandboxed portion of a file system on the mobile device so that businesses can run their applications security while keeping it separate from the user’s private apps. Gartner’s Dulaney claims that this product does fall under the hypervisor category because it is essentially an application development container.
To make these dual operating system-instance technologies successful, the current mobile processors must become more powerful in order to shoulder the additional workload and integrate the security features and native data management.
Red Bend’s partnership with Advanced RISC Machines Ltd. (ARM) will allow them to create a processor with enough power to run the dual-OS phone. This product is due to be released in the second half of next year.
Ron Perez, an AMD fellow and the director of their security architecture organization, says that “BYOD is not just about running two OSes,” but “it’s [also] about what to do with the data produced in that corporate environment that’s on the device.”
Earlier this year, AMD and ARM partnered together to create x86 chips with ARM microcontrollers to support mobile security.
ARM and AMD are also working alongside GlobalPlatform, a non-profit standards organization, to fully develop the Trusted Execution Environment (TEE) API Specification. GlobalPlatform was founded in 1999 and began in the smartcard and payment market accompanied by their member organizations of companies like Visa, American Express, and MasterCard.
This TEE would use the ARM microcontroller on the 86x chip to produce a separate space on the mobile device’s primary processor that utilized data encryption algorithms in order to securely store sensitive data on the phone. IT organizations are already able to track and wipe mobile devices in case of loss or theft. A geo-sensor technology on a mobile device, however, would allow employers to wipe the device if an employee-owned phone leaves a pre-determined region.
“Essentially,” Perez concludes, “this comes down to encryption key management. How do we protect the data from one operating system so that another operating system doesn't have access to it? The security processor would have that responsibility.”
AMD predicts that their secure mobile processors will begin shipping out in the latter half of next year.
While AMD has future plans to utilize the x86 chips throughout the server and storage industry also, mobile devices are their first priority.
The reason, Perez states, is because “the mobile platform is the most exposed” and “it's the weakest link in the entire ecosystem. That's where greater levels of separation through virtualization is needed.” (RP) Link
Also on UCStrategies.com on this topic: