Is now the time to deploy embedded hypervisors for BYOD security?

Today's smartphones and tablets offer computing power, memory and storage that surpass that offered by mainframe computers in the 1990s. But security remains an ongoing challenge.
Written by Dan Kusnetzky, Contributor

From time to time, I receive a message from a supplier's PR firm that closely matches something I've written a while ago. This time, one PR rep brought up the topic of virtual processing software for smartphone, tablet and BYOD applications and data. As it so happens, one of my forecasts for Virtualization in 2015 was that the industry was going to see greater use of virtual machine software to protect smartphones, tables and BYOD devices.

The key question this PR rep posed was "Are today's smartphones and tablets the next platforms for virtual processing software?" Security and privacy are constantly mentioned as problems in these environments and virtualization technology offers the tools to bring them under control.

The challenge

Security is an ongoing challenge for users of today's smartphones and tablets. Although these systems are small and are battery powered, they offer computing power, memory and storage that surpass that offered by mainframe computers in the 1990s. I remember managing the operations for a hospital using a system that provided only 3 Megahertz of processing power, 16 Kilobytes of main memory and three 6-Megabyte disks. My smartphone, in comparison, offers a 2.6 GHz quad core processor, 3 Gigabytes of system memory and has a 32 Gigabyte SD card for additional storage. That's quite a bit of power to carry around in my pocket.

The challenge is that these systems often contain or have access to a great deal of personal and confidential enterprise data. The operating systems deployed on smartphones and tables, such as Apple IOS or Google Android, are designed as single-user platforms that don't offer much of the security or virtualization technology available for enterprise or departmental servers.

They are powerful enough that the owner may not notice that malware has been installed and is running in the background.

Embedded hypervisor - a potential solution

There are a number of approaches that seem viable to address the challenge including the following:

  1. Locking down the device and only allowing it to run specific code - this approach is not very desirable for staff-owned equipment
  2. Installing special enterprise applications and requiring the use of a virtual private network (VPN) - this approach may not be workable on all public WiFi networks and could slow down access to the carrier's network
  3. Making enterprise or personal applications execute in a virtual machine that could either have sharply curtailed access to the device and the data it contains

Approach number three appears to have some advantages. The owner of the device would be able to use the device in just about any way he/she desires and enterprise applications and data can be protected.

Snapshot analysis

Companies such as Bromium and Cellrox are offering virtual machine technology for these devices today that is designed to isolate specific applications and their data as well as to control access. VMware and a few others have discussed BYOD tools and solutions as well.

Bromium goes beyond the hypervisor to offer real-time intelligence gathering for encapsulated applications and data that would help IT administrators learn what types of attack staff- or enterprise-owned equipment were experiencing in the field.

Now is the time to learn more about this technology and to put it to work to protect your IT infrastructure.

Editorial standards