Dual-identity Smartphones Could Bridge BYOD Private, Corporate DivideAdded 27th Nov 2012
Late next year, consumers will be able to buy smartphones that either come with native hypervisor software or use an app allowing them to run two interfaces on the phone: one for personal use, one for work.
The technology could help address an issue that has cropped up with increasing frequency at work: Employees who bring their personal mobile devices to work and use them to communicate with clients and to access corporate data. The issue can cause friction at companies that need to safeguard their data on employee-owned smartphones and tablets and want to be able to remotely wipe the devices of data if they're lost or if an employee quits or is fired.
The bring-your-own-device (BYOD) trend has enabled a more efficient and mobile workforce while exposing companies to a myriad of security and data management quandaries. For example, corporate BYOD policies limit what devices can be used based on the type of mobile device management software their IT shop has deployed.
Next year, software and mobile device manufacturers will enable what are essentially two instances of the same OS on a smartphone. That will give corporations secure control over their data and employees the personal data privacy they want, keeping it from being seen or wiped by corporate IT.
VMware and Red Bend are two of the leading software companies that have already signed OEM agreements with smartphone manufacturers to create dual-identify devices from some of today's most popular models.
The two approaches to the smartphone virtualization market, however, are different and hinge on whether the software provider is using a Type 1 or Type 2 hypervisor.
A Type 1 hypervisor is hardware-based technology that creates a second copy of the OS and runs both instances in two distinct regions of a processor. A Type 2 hypervisor runs as a guest OS on top of the host OS, not in parallel like a Type 1. The guest has to communicate through the host OS in order to access the hardware.
Type 1 hypervisor technology is considered more secure because it's integrated into the processor, said Ken Dulaney, a vice president and distinguished analyst at research firm Gartner.
Red Bend's Type 1 hypervisor will run on a new generation of mobile processors due out next year. It now has a partnership with ARM, which is developing a new Cortex-A15 processor to take advantage of mobile virtualization. "So it's the best security combined with the best performance," said Lori Sylvia, Red Bend's executive vice president of marketing.
ARM has also partnered with AMD to develop new x86 processors that are optimized for virtualized smartphones.
While more secure than today's devices, Dulaney sees a Type 1 hypervisor as kludgy because it requires dual booting of the OS -- one for each smart phone instance. "Most users reject this kind of operation because you have to go back and forth between two OSes," Dulaney said.
Sylvia acknowledged that both OSes need to boot, but said there's no performance issue. "It's the standard Android boot time," she said.
"In Red Bend's solution, the personal virtual phone boots first, and then the virtual work phone boots second. After the first one is running, it takes a few moments and then the second one is good to go, too," Sylvia said. "What goes into the work-phone instance will all be customized on the back end by the IT admins."
During a meeting with Computerworld, Sylvia demonstrated how Red Bend's technology works on an Android-enabled Samsung Galaxy Nexus smartphone prototype.
During the demo, if the phone was displaying the private user interface and a phone call came in from a person listed in the phone's corporate contact list, the device automatically changed interfaces to the business instance. The phone smoothly moved between the two distinct interfaces.
"The performance can be totally optimized because I'm only seeing one instance at a time," Sylvia said. "The other OS is there, but it's not consuming the same resources at the same time."
Some smart phone makers are looking at other UI implementations, such as an icon on the home screen that switches back and forth between private and corporate instances when pressed. "The [ones] we're working with are designing their phones to be virtualized. So the issues of additional RAM, which is the main requirement for this hypervisor, will be addressed on an enterprise-ready phone," Sylvia said.
Red Bend, which got its start in 1999 writing software that enabled AOL browser upgrades, moved into the mobile area in 2003 with its Firmware Over The Air (FOTA) technology. It's now used on 1.6 billion mobile devices for mobile OS and app updates.
Red Bend began developing its mobile virtualization platform after it acquired VirtualLogix in 2010.
When the technology is available in the second half of 2013, a dual-identity smartphone buyer would simply tell their corporate IT admins about the device. If the company has Red Bend's Software Management Center installed on its mobile device management (MDM) servers, the software will initiate an OMA Device Management session and send a delta file to the phone. The delta file copies the Android OS to create a second instance on the device.
The IT administrator can then customize the "corporate image" on the smartphone with whatever applications the company has chosen for its employees. For example, the corporate image could include a VPN, meeting apps, and access to the company email system.
VMware's Horizon Mobile software
VMware has also been working on the idea of a Type 1 hypervisor on mobile phones. Four years ago,VMware purchased France-based Trango Virtual Processors, a maker of Type 1 hypervisor technology. After several years of development, however, VMware decided not to use Trango's technology because it didn't see support among smartphone manufacturers for hardware-based virtualization, according to Srinivas Krishnamurti, VMware's senior director of Mobile Solutions.
"Type 1 hypervisors for mobile phones are hard to build and maintain in a scalable manner," Krishnumurti said. "The chip makers -- the Qualcomms and the Texas Instruments of the world -- were like, 'Why should I invest in rewriting all my device drivers, and doing a bunch of battery, graphic and performance optimizations that no [systems manufacturer] is asking me for?'
"So it's hard to do it without an ecosystem, and the ecosystem is not going to do it unless their customers are asking for it," Krishnamurti added.
VMware chose a Type 2 hypervisor product, Horizon Mobile, which will either be embedded on a smartphone and awaiting activation or a free, downloadable app. It will be available to U.S. smartphone users next year.
VMware already has deals in place with LG, Samsung and Motorola to embed its Horizon Mobile software on their devices. Motorola is already selling its Droid Razr M smartphone in Japan with VMware's hypervisor technology.
"Our expectation is there will be multiple devices from each vendor available in the U.S. in 2013," Krishnamurti said. "And there are three or four other vendors we've not yet announced. Our expectation is there will be a lot of Android phones that will have our hypervisor on them."
On the corporate side, IT administrators who want to enable employee smartphones for business use can buy VMware's administrative interface, Horizon Mobile Manager. When an employee with a Horizon Mobile-enabled smartphone wants to activate the "corporate" interface, all he or she needs to do is choose the app; it will ask them to log in with their corporate name and password.
The Horizon Mobile Manager server on the backend will then recognize the log-in, and a pre-configured Android or iOS instance (with all the work apps) will be pushed to the smartphone. If an employee tries to transfer data or apps between the corporate instance and the private instance, the transfer is automatically blocked.
"So, we basically monetize on the management side and not on the app or the hypervisor side," Krishnumurti said. "Enterprises are the ones who are having the problems with security and making sure data doesn't leak. So they're quite willing to pay for that."
Currently, VMware's Horizon Mobile supports Apple's iOS and Android-based smartphones. VWware hasn't announced its plans for Windows phones yet. It's currently waiting to see how adoption rates scale before moving to modify the hypervisor for that platform, Krishnumurti said.
iOS products are relatively easy to support, Krishnumurti said, because Apples devices at the factory are updated when that operating system is upgraded. And typically, 50% to 60% of iPhone and iPad users download an upgrade in the first two weeks it's out. By contrast, the Android phone market is more fragmented, he said. Some OEMs upgrade to the latest version of the OS, others don't, he said.
"It's hard for us to put our arms around it. By virtualizing, we normalize and abstract away all that fragmentation and give IT their own version of Android to manage," he said. "And, there's no chance a Type 2 hypervisor will show up on an Apple device" because of the proprietary nature of Apple's hardware.
Other mobile virtualization players
Like VMware's Horizon Mobile software, CellRox's ThinVisor is a kernel-enabled hypervisor that runs on the smartphone and creates multiple "personas" to keep corporate data and private data separate. In September, CellRox announced it had launched its BYOD Multi-Persona app toolkit for Android Ice Cream Sandwich-enabled mobile device manufacturers to embed the capability on their smartphones.
Good Technology places encrypted containers in a sandboxed segment of a file system on the phone, where corporations can run their own apps securely and separate from a user's personal apps. Gartner's Dulaney said Good Technology's product isn't truly a hypervisor because it has basically built an application development container.
ARM and AMD plan new hypervisor processors
For many dual OS-instance technologies to succeed, today's mobile processors will have to become more powerful to handle the added workload and incorporate native data management and security features.
Red Bend has signed a partnership agreement with chip maker Advanced RISC Machines Ltd. (ARM) to produce processors powerful enough to run dual-OS phones. Those are expected out in the second half of 2013.
"BYOD is not just about running two OSes," said Ron Perez, an AMD fellow and the director of its security architecture organization. "It's [also] about what to do with the data produced in that corporate environment that's on the device."
In a move away from its traditional server market space, AMD earlier this year also partnered with ARM to develop x86 chips that will have ARM microcontrollers dedicated to mobile security.
ARM, and now AMD, are also working with the non-profit standards organization, GlobalPlatform, to develop the Trusted Execution Environment (TEE) API Specification. Founded in 1999, GlobalPlatform has its roots in the smartcard and payment market with member organizations such as Visa, MasterCard and American Express.
Using the ARM microcontroller on the x86 chip, the TEE would create a separate area on a mobile phone's main processor that uses data encryption algorithms to secure sensitive data stored on the device. Mobile capabilities already on smartphones would allow IT organizations to track mobile devices and erase only corporate data if the device is lost or compromised, or if the employee has left the company. For example, geo-sensor technology on smartphones would allow corporations to track where employee-owned mobile phones are and wipe the devices if they left a specified region.
"So, essentially this comes down to encryption key management. How do we protect the data from one operating system so that another operating system doesn't have access to it," Perez said. "The security processor would have that responsibility."
AMD expects its news secure mobile processors to begin shipping in the second half of 2013.
Although AMD also plans to use its new x86 chips in the server and storage industry, mobile will be first.
"The mobile platform is the most exposed," Perez said. "It's the weakest link in the entire ecosystem. That's where greater levels of separation through virtualization is needed."
Shortly after a jury in Texas awarded it US$532.9 million in damages in a patent dispute with Apple, patent company Smartflash has sued the iPhone maker again, this time to focus on newer Apple products.
An unknown number of John Lewis and Waitrose customers have been asked to pay a £1.53 postage charge by the Royal Mail after a franking machine failed to correctly stamp letters sent out as part the firm's latest credit card marketing campaign.
The ICO has handed online insurance firm Staysure.co.uk a stinging £175,000 fine after chaotic security practices allowed hackers to steal details of 100,000 credit card numbers from the firm's database, several thousand of which experienced fraud.
It's Friday night--time for you and your buddies to hammer out your plans for the evening. You know the drill: you start with a group text, then you launch Yelp to find a restaurant or bar nearby. Oh, there will be eight of you? Better make a reservation; switch to Open Table. Joe suggests you catch a movie first, so now you launch Fandango. And the app-switching cycle continues until your plan is finalized.
The U.S. government is mulling radical changes to the current music-licensing framework, a cobweb of anachronistic regulations. Perhaps a better analogy still would be a noose, because this inequitable licensing regime is in many ways strangling music itself. It's depriving musicians of the financial oxygen they need to sustain their craft.
The recommendation engine suggests things you might enjoy watching based on a set of like and dislikes.
Government-backed competition will offer firms the chance to work with Accenture, American Express, Experian and Lloyds Banking Group
The electronics industry may still be reliant on human workers to assemble products, but Apple supplier Foxconn Technology Group is hopeful that robots will take over more of the workload soon.
Some Apple products may be banned from sale in the U.S. if Ericsson gets its way after filing a barrage of patent lawsuits.
If you had told me last December that in the first part of 2015, a smartwatch would make headlines across the world, shatter sales records, and create a constant stream of refreshes, hashtags and bad puns, I would have naturally assumed you were talking about Apple Watch. For the past five months we've been anxiously awaiting the "early 2015" debut of Apple's first wearable, an entry so important it's basically put its Android Wear competitors on ice as buyers wait to see what Apple Watch can really do.
Toyota this week began production of its first hydrogen fuel cell vehicle (FCV), the Mirai, which will have a starting price of $57,500.
Andrew Kirker is a man who knows the datacentre market better than almost anyone. As regional general manager datacentres for Schneider Electric, one of the world's largest manufacturers of datacentre infrastructure, he has his finger firmly on the pulse.
Australian hearing implant company, Cochlear, is refining its digital roadmap with investments in enterprise content management (ECM) system across core lines of business.
Huddle, the UK startup that raised £32 million in venture capital funding last December, is looking to take on businesses such as Box and Dropbox.
Apple's iOS mobile platform gained user share in security-conscious businesses late in 2014, taking it away from Google's Android platform, thanks to the introduction of the iPhone 6 smartphone, according to a survey of its enterprise customers by mobile security vendor Good Technology.
A few years ago, Evernote picked up a small contact-manager app called Hello (which was then retitled Evernote Hello). One of the main ideas behind the app was to help those of us who had trouble remembering names (a category I definitely fall into). It let you take notes about people you met at, say, a conference, and pick up extra information, including photos, from LinkedIn. You could then use the info and/or the photos to jog your memory.
Other browsers have had it for years, but Chrome is finally adding a "Reader mode" that strips down an online article to its most essential parts--images and text--to make it easier to read. The new feature, dubbed Distill, is currently a work in progress but is still worth trying out for full-time Chrome users.
Netflix's flagship original series House of Cards is back for a third season, dropping into an escalating war over original content.
Advocates for open access to the Internet were popping champagne corks on Thursday after the Federal Communications Commission voted in favor of reclassifying broadband Internet as a public utility. In addition to regulating fixed broadband lines that go into your home, the FCC vote also extended public utility rules to mobile broadband for the first time.