Mobile Device Management: BYOD gets religion

Several technologies shown at Mobile World Congress 2013 in Barcelona will finally allow enterprises to get serious about a Bring Your Own Device strategy.
Written by Jason Perlow, Senior Contributing Writer

Around 1.2 billion Catholics will wait on pins and needles as the Cardinals enter the Sistine Chapel in Rome's Holy See during conclave in order to elect the new Supreme Pontiff, for as much as two weeks or maybe even a month, according to Vatican history.

However perhaps a billion smartphone and tablet users -- with Android and iOS claiming nearly as many religious followers as Roman Catholicism -- are still waiting for the blessings of Enterprise IT before their devices can enter their Holy Networks. 

Bring Your Own Device, or BYOD, has always been a tricky issue for large corporations. To lower IT costs, allowing employees to bring their own smartphones and tablets to work has a clearly identifyable cost savings over employer-supplied devices, but there are three major problems with this.

First is the issue of securing the employee device to meet any number of corporate  security standards that allow it to participate on the network as a managed client, the second is to ensure the security of corporate data, and the third is allowing the employee to use their device freely for personal use.

There have been a number of approaches to this in the past, all with varying degrees of success, but overall BYOD has only been considered a small experiment in corporate IT in most companies.

At this year's Mobile World Congress in Barcelona, a number of technologies and initiatives previewed by mobile device vendors and ISV/System Integration companies will now ensure the "Holy Trinity" for BYOD can finally be achieved.

Samsung, the Korean electronics giant and the world leader in handset sales, has released KNOX, an integrated security offering for BYOD that allows any enterprise the ability to secure their smartphones on a corporate network.

Among other features, such as integrated Centrify Active Directory single sign-on capability, KNOX is a "containerization" technology, which gives enterprises the ability to run applications, data and settings in a segmented and fully protected region of the Android OS that is entirely separate from the employee personal data and applications and can be remotely wiped if the device is lost or the employee is terminated.

This security implementation is not unlike the "Jails" or "Zones" which exist on Oracle's UNIX-based Solaris operating system that runs on their UltraSPARC mid-range enterprise servers.

Containers are a type of virtualization also referred to as "OS virtualization" where a single OS kernel provides the constructs for memory and storage isolation, and is considered the least resource intensive form of virtualization.

While Container technology like KNOX when combined with policy-enforced management may be sufficient for many enterprises, it limits smartphone use to a single vendor (in this case Samsung) and may not be secure enough for other types of enterprises such as Government, Banking and Healthcare.

For the most demanding security requirements, there is GD Protected, which is an entire suite of technology offerings from General Dynamics C4 Systems. Yes, the very same General Dynamics that has brought you the F-16 jet fighter and the ultra-secret "Obamaberry."

Ultra-secure devices like the Sectera Edge "Obamaberry" used in military and government communications used to be extremely vertical, and extremely expensive (as in multi thousand dollar each) in nature. But with the acquisition of Open Kernel Labs' Type-1 OKL4 "Microvisor" technology General Dynamics is looking to make a big splash in the commercial space using far less expensive commodity hardware like the Samsung Galaxy SIII and the LG Optimus.


This broad suite of technology which is avaliable to OEM and carrier partners to license and use in their own offerings includes TrustZone Integrity Measurement and Attestation, Certification & Accreditation of the hardware, Trusted Boot & Provisioning, Secure Voice/Email/Data/Browsing & Network Access, Containers, On-Device data encryption, Mobile Device Management (MDM), Global Policy Arbitration, Virtual Private Networking, Smartcard verification, Secure Gesture and Mobile Virtualization.

General Dynamics has created a proof-of-concept smartphone using LG's hardware called "Groom Lake" (named after the super-secret government facility in the Nevada Test Site which reportedly houses "Area 51", that makes the goings-on at the Vatican look downright open by comparison) which utilizes all of these security technologies and is currently avaliable for evaluation by enterprises. 

General Dynamics is not the only vendor that has created a virtualized, dual-personality smartphone for Enterprise use. Red Bend, who is a leader in the wireless carrier over-the-air software update and carrier handset provisioning space, has partnered with Samsung in releasing a Galaxy SIII handset under their "TRUE BYOD" branding which is being sold to enterprises today under Samsung's partnership program.

It should be noted that GD's "Groom Lake" systems architecture, as well as Red Bend's VLX, while initially implemented on Android, can work with other mobile operating systems such as Windows Phone, BlackBerry OS 10, Ubuntu for Mobile, webOS, and even Apple's iOS if the respective companies were willing to license the technology and GD and Red Bend were to para-virtualize the drivers necessary for each of the mobile operating systems to run on their respective hypervisors.

If this level of effort to virtualize all of the leading mobile OSes were undertaken, a "Best of Breed" smartphone could exist with say, Windows Phone 8 as the secure corporate image and Android as the personal phone, both virtualized on the same hardware. If anything, that would make smartphones and tablets in the enterprise religious-agnostic.

So far, Samsung has licensed the GD TrustZone piece as an add-on option in KNOX for enterprises looking to add OS image valaidation. But soon, by using the entire GD Protected suite and the microvisor technology, we could see systems like the Dual Persona Secure Smartphone as depicted below in enterprises all over the world. 

Will comprehensive Obamaberry-style security and mobile device management finally allow BYOD to "Get Religion?" Talk Back and Let Me Know.

Editorial standards