The answer to the BYOD question is Virtualization.
Summary: Virtualization seems to be everyone's answer to every problem. For BYOD, it might just be the answer to stressed budgets and user happiness.
If you missed the BYOD battle royal between Heather Clancy and me or my awesome win on said debate, you can read my summary of the debate and the issue, "BYOD: The inevitable reality." But, you might ask yourself after reading the debate entries and my summary of it, "Why did Ken win the BYOD debate?" It's a legitimate question because you, the readers, voted that BYOD is a fail. Heather did a great job of pointing out some weaknesses of the whole BYOD idea. The reason that I won is simple--and it really had nothing to do with me or my arguments--BYOD is the inevitable result of a new workforce. And, the answer to the question of BYOD is virtualization.
Now, you might think that saying, "Virtualization," is a generic term, a panacea or a cop-out. Actually, it's none of the above. Virtualization, the way I'm using it, means an all-encompassing technology with which developers, managers and CXOs can begin to rethink how users interact with Enterprise resources. Virtualization isn't simply server virtualization and it's definitely not VDI--it's both.
That's right, it's both. In the future, when a user connects to resources, she won't know whether she's connecting to a server, a virtual desktop or a virtualized application. Further, she doesn't really need to know, since she's only connecting to resources: a database, a web-based application, a calendar or email. And, it won't matter which device she decides to use to make those connections.
She could be at home connecting to email with her phone and using her laptop to reprogram some code for an application gone awry during the last promotion from staging to production. Regardless of the use case, she's using her own laptop and her own phone to make the connection into the data center a mere two thousand miles away.
Virtual Desktops
I bash VDI a lot but it has its place. And, its place is the new data center-centric computing environment. For better security, businesses will seek to remove the operating system and its data from the end user's control. That's a good move. Lost or stolen devices are but one argument on the for side of the VDI question. If you lose your laptop, the entire contents of your hard disk are only two screws away from compromise. A thief doesn't have to know your login name or password. He can remove the disk and attach it to another computer for instant access to everything on the disk: data, documents, email and your password file that you have on your desktop because you can't remember all those annoying passwords that keep changing.
Once you think about that, all those anti-Cloud rants seem silly, don't they. If your operating system resides in a data center and your data in the Cloud, what's on your stolen laptop? It could be a minimal Linux system that connects you to your workspace via a VPN. No data. No documents. No password file.
Nothing to see here, move along.
Sure, you've lost a laptop but that's all you've lost. Your important documents, your company's proprietary data and the contents of your ongoing projects are all safe and sound. It's safe because it's not on your laptop. While you wait for a replacement, you can use your tablet and your phone to complete the day's tasks.
Application Virtualization
Applications are what we use to do our work. Word processing, email, web browser, SSH client, RDP client, text editor and SQL client are all examples of applications. Citrix taught us how to use applications that we didn't have installed on our computers. And, the theory is that you shouldn't have to pay for an application that you never use.
For example, every copy of Microsoft Office comes with PowerPoint. What if you don't use PowerPoint? What if only ten people out of 1,000 in your company uses PowerPoint? Count the dollars you'd save by only paying for what you use instead of what you might use because it's installed on every computer.
Application virtualization also keeps data off of the local system by having its own built-in data mappings. In other words, you can control where a user puts his documents when he saves them. If you weren't afraid of Cloud-based storage, he could save them to a safe, non-local site. Awesome? I think so.
Mobile Hypervisors
Fellow ZDNet blogger and tech dude extraordinaire Jason Perlow and I have discussed this one at some length and we agree that this is the true future of mobile computing. BYOD on mobile devices is made possible by employing mobile hypervisors. In short, a mobile hypervisor allows you to have your personal settings in one virtual tablet and your company's settings in another virtual tablet. Or, virtual phone.
If that doesn't raise your eyebrows, check your pulse. This is the real answer to BYOD in the mobile computing space. I can't tell you about some of the proprietary technology that I've seen in this area but get ready folks, it's incredible. It's game-changing and not just marketing fluff. It's crazy what one company in particular has developed and I'll be excited to see it hit the market hopefully next year.
You have the possibility of two different hypervisors for mobile devices: Type 1 and Type 2.
Type 2 is just another app that will run a virtual tablet or a virtual phone for you. Cool, but far less efficient.
The Type 1 hypervisor is really where it's at. A hypervisor on your mobile device and the possibility of multiple virtual devices that can run on it simultaneously is absolutely mind-boggling. You could switch dynamically between them at will. Imagine the possibilities.
To learn more about a real mobile hypervisor, check out Larry Dignan's article covering the deal between VMware and Verizon.
BYOD is very close to reality. Maybe it is already where you work. Talk back and let me know what your experiences are and if virtualization--especially mobile hypervisors will make you rethink what's possible.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Xen FTW
As for virtualization in general, if I were building a new environment (and I am) it would start with HP vPro client machines running XenClient, XenDesktop, XenApp, and AppSense Suite with whitebox server hardware running DataCore and XenServer.
The biggest barrier is that it's very difficult to explain to the people with the purse strings what this (actually small) investment buys them. Virtualization technology is marketed using nonsensical buzz words and technobabble. Every argument against virtualization I've ever heard comes directly from a fundamental misunderstanding of what it buys you.
RE: The answer to the BYOD question is Virtualization.
RE: The answer to the BYOD question is Virtualization.
The only reasonable option is to secure both sides of this equation. Client virtualization is a powerful means to securing the client side. The OS image(s) running on the client device benefit from the security isolation of the client hypervisor. Corporate IT can provide a hardened OS image for use in accessing corporate data with full security isolation from any other OS image, such as a personal installation of Windows or Android, on the same device. Further, these client images can be strongly encrypted on-disk, synchronized in near real time back to the data center, revoked, etc. The corporate client image can prevent USB drive access or access to non-approved networks or even copy-paste between images in ways that are impossible to circumvent by having access to the hardware.
<a href="http://www.tran33m.net/vb/">2012</a>
RE: The answer to the BYOD question is Virtualization.
<a href="http://www.kecioyun.com" rel="muse" title="oyn">oyn</a>
You Won?
Regardless we already provide BYOD and yes already provide not just Citrix but VDI / VM. Reality is most users hate it. It's stunts the appeal of actually using their own device. What's so great buying a spanking new MacBook and having the using Windows XP in a VM session?
You miss the point of concern about BYOD as well dismissing that virtual and cloud will negate any concerns with the device (regardless if it's laptop, smartphone, tablet). Unless there is a device that has zero storage area there is always the risk the user WILL find a means to put corporate data onto the device. There are now corporate regulations requiring native encryption. Do we assume users are fully aware of these compliance / security requirements? Do we stunt their device usage and force a limited computing option?
You also belittle the infrastructure and licensing costs for these solutions. All for what? An unmeasured boost in employee productivity, happiness?
Don't get me wrong I'm all for technology and making new means to use it but BYOD has it's place and it will be awhile before it's widely accepted both by employer and employee.
RE: The answer to the BYOD question is Virtualization.
www.stpipefitting.com
http://www.st-pipefittings.com
http://www.topfitting.com
http://www.bwfitting.com
http://www.stting.com
RE: The answer to the BYOD question is Virtualization.
If you're not using something like TrueCrypt or BitLocker.
"and your password file that you have on your desktop because you can???t remember all those annoying passwords that keep changing."
Which is encrypted. KeePass FTW.
"BYOD is the inevitable result of a new workforce."
Inevitable? Since when was any tech inevitable? I want my flying car!
Sorry, but no technology or prediction has ever proven to be inevitable.
"If your operating system resides in a data center and your data in the Cloud, what???s on your stolen laptop?"
A keylogger that will steal your data in the cloud anyways.
The attacks don't go away. They just change form. The cloud break-ins just prove that. There is zero proof that cloud providers are really less susceptible to attacks than your average joe. And the result of a hacker group breaking a cloud provider is far more damage than breaking individual machines.
Isolation and compartmentalization brings security - putting all of your eggs in one basket does not.
"For example, every copy of Microsoft Office comes with PowerPoint. What if you don???t use PowerPoint?"
Considering your average PC has gobs of storage space, does it matter?
"Count the dollars you???d save by only paying for what you use instead of what you might use because it???s installed on every computer."
Except the payment structure is the result of Microsoft's decision, not yours. Google Docs doesn't piecemeal its file formats either. Cloud providers can decide to give you everything only and not piecemeal things. This is 100% fallacy.
"I can???t tell you about some of the proprietary technology that I???ve seen in this area but get ready folks, it???s incredible."
No, making a phone or PC a brick when you lose your connection is not "incredible." Well, actually, it is - incredibly dumb. And the fact that it's proprietary means it's likely to cost a fortune, and is probably not all it's really cracked up to be.
Seriously, they were showing you their tech in ideal circumstances. Unfortunately, things tend to be different when the ideals go away and you hit the real world.
So you pay more to get your phone or PC bricked more. Fantastic, can't wait to use my next phone as a doorstop.
"A hypervisor on your mobile device and the possibility of multiple virtual devices that can run on it simultaneously is absolutely mind-boggling. You could switch dynamically between them at will. Imagine the possibilities."
Actually, I'm imagining customer confusion. Most people want their stuff in one place, not multiple virtual places.
RE: The answer to the BYOD question is Virtualization.
If you think that encrypting your disk contents prevents them from being hacked, I'm sorry to tell you that it doesn't.
RE: The answer to the BYOD question is Virtualization.
RE: The answer to the BYOD question is Virtualization.
1. Can you enforce a litigation hold on someone's personal device?
2. As MobileAdmin noted there are ways to move data from the virtual server to someone's personal hard drive or other storage. If you do need to produce data in this employee's control, you will need to check their personal device for that data. If you need to pull data off of that person's personal device, how do you separate their personal data from their professional data?
3. If they have left the company, what leverage do you have if you need to pull data off of their own device at some date in the future? What privacy concerns are raised if the former employee is now using that device at their new employer?
RE: The answer to the BYOD question is Virtualization.
Regarding litigation hold:
Actually this is one the reasons many of our employees have stated they won't participate in our BYOD program. Unknown to them is if we ever had the recourse to issue a hold it doesn't matter if their technology was used for BYOD or not, we can still issue a request for PC, cellphone etc and hold it as long as needed for discovery.
In Ken's arguement virtual environments will make this a moot point as you control the data but I have seen it near impossible to control your data unless you shut down all types of access points which is impractical (impossible) in the hyper connected world we live in now.
The Answer to BYOD is 'USER' Virtualization
RE: The answer to the BYOD question is Virtualization.
What about latency and CPU usage?
How many times has your laptop been stolen
Those anti-Cloud rants seem do not seem silly at all.
RE: The answer to the BYOD question is Virtualization.
RE: The answer to the BYOD question is Virtualization.
Before we jump to the conclusion that virtualization is the only answer to BYOD, investigate some of the highly functional solutions in the MAM market today. You'll find that providing high-quality employee apps has a very high ROI, and I'd argue that the virtualization solutions today cannot touch this. (I agree they will improve).
Some comments claim that security policies can only be enforced on company-owned devices. However, whether the device is IL or CL, the same types of risks are evident. The ability to provide a granular approach at the app and data level, which is provided by MAM solution SDKs, can provide full control without a "device wipe". This is the way to go - respect the user's right to have a single device.
RE: The answer to the BYOD question is Virtualization.
Virtualization as a concept is revolutionary in nature, and one of the major fundamental shifts it drives is in the way applications are delivered and consumed by the end-user. For organizations, virtualization projects are best looked at as transformational projects and should be treated as an opportunity to relook at the overall application delivery architecture. Choice of technology is then a derivate of importance and priority of diverse business goals like business agility, employee productivity improvement, workforce mobility, cost savings, IT support improvement, and meeting security & compliance requirements.
If we break-up your application delivery chain with a view to transforming each tier, and join the dots with evolving trends in virtualization and cloud technologies, exploding diversity of mobile end-compute devices and managed support models with centralized Service Desks and Remote Infrastructure Management services, we see an emerging picture of the consumerization of IT consumerization.
The transformed application delivery chain, when looked at in totality, is then a ready-to-serve application hub with an elastic resource pool, and BYOD just seems as like a natural progression for enterprises.