Dual Interface Mobile Devices To Address BYOD Issue 116
Lucas123 writes "Next year, smart phones will begin shipping with the ability to have dual identities: one for private use and the other for corporate. Hypervisor developers, such as VMware and Red Bend, are working with system manufacturers to embed their virtualization software in the phones, while IC makers, such as Intel, are developing more powerful and secure mobile device processors. The combination will enable mobile platforms that afford end users their own user interface, secure from IT's prying eyes, while in turn allowing a company to secure its data using mobile device management software. One of the biggest benefits dual-identity phones will offer is enabling admins to wipe corporate data from phones without erasing end users profiles and personal information."
Once again RIM leads the way (Score:4, Informative)
Re:Once again RIM leads the way (Score:3, Informative)
It's already available. [blackberry.com]
Pretty much. Wasn't this feature announced months ago? I see it posted as far back as August on some sites. This isn't even news.
Devil's advocate (would want this system) (Score:4, Informative)
Devil's advocate here. Having a low level hypervisor on the phone is something I've wanted for a long time. There are reasons that having two OS stacks that don't "see" each other on a level 1 hypervisor system would be , and it is less to deal with technical than legal reasons.
Reason 1: I can fire off a "kill" command from Exchange, and the business part gets zonked. The phone still is trackable and locatable. I can do this with a text message and TouchDown, but this way, all data related to work (or even perhaps a client) is gone, and assuming everything is encrypted with a key, I can be sure that the data is rendered unrecoverable, not just deleted or "wiped" (overwriting three times does not work with flash media due to wear levelling unless the low level controller is told to zap the individual cells themselves.)
Reason 2: Separation. I can sign off on the fact that there is absolutely -zero- mingling of personal and work/client data other than being on the same physical hardware (the same way a mainframe can separate LPARs). Confidential stuff never touches the same filesystem as personal data, so a rogue app that gets root would not be able to rummage inside the latest TPS reports.
With how contacts get slurped up by apps, someone storing work related contacts on their phone is likely going to have them vacuumed up by an app, which will aid greatly for spamming, as well as directed attacks (from a contact list with titles, org structures can be deduced, etc.) So, keeping business contacts completely away from personal ones, or contacts addressible by Facebook [1].
Having stuff completely separate minimizes the chance of "leakage". I can sort of do this with Android, but on the iPhone, there is no app like RoadSync or Touchdown to keep the Exchange stuff separate.
Reason 3: Legal/tax reasons. Having stuff separate also makes the legal eagles happy.
Of course, hypervisors are not perfect, but what they provide is separation that is useful in a legal sense (separate filesystems, separate CPU usage, separate RAM images.) It is easier to explain complete separation/isolation to a jury who hates your guts than to explain how unlikely it would be for a root exploit that would allow user "a" in a multi-user system to access user "b"'s stuff, from happening.
So, even though keeping work stuff in a single app is a working solution, the best from both a technical and legal viewpoint would be a level 1 hypervisor.
[1]: If I remember right, there was a bug in the FB app that might alter contacts about a year ago, and that would not be good with work stuff.