Dual Interface Mobile Devices To Address BYOD Issue 116
Lucas123 writes "Next year, smart phones will begin shipping with the ability to have dual identities: one for private use and the other for corporate. Hypervisor developers, such as VMware and Red Bend, are working with system manufacturers to embed their virtualization software in the phones, while IC makers, such as Intel, are developing more powerful and secure mobile device processors. The combination will enable mobile platforms that afford end users their own user interface, secure from IT's prying eyes, while in turn allowing a company to secure its data using mobile device management software. One of the biggest benefits dual-identity phones will offer is enabling admins to wipe corporate data from phones without erasing end users profiles and personal information."
Battery life (Score:2)
The only major concern I have is battery life. You don't see any figures from the manufacturers or the hypervisor companies (aka. VMware) as to what this will do to the already short battery life of a smart phone that is heavily used. Additionally, what incentive does a customer have to buy a device that supports this? Granted a company could prefer one or the other, but the days of "You own X device or Y device only (ie. Blackberry - no iPhone)" are over and it defeats the purpose of BYOD.
Re: (Score:2)
If what you do is actually sensitive, you shouldn't be using a 'smart' device.
Re: (Score:2)
If what you do is actually sensitive, you shouldn't be using a 'smart' device.
If what you do is actually sensitive, you shouldn't be using a device.smarter than you. FTFY
Re: (Score:2)
Re: (Score:2)
Of course, this assumes the hypervisor itself earns trust, which will probably take years to get right.
Re: (Score:2)
If what you do is sensitive, then it shouldn't be on a mobile device.
Re: (Score:2)
Some hypervisors are extremely efficient. The one on IBM's POWER7 series is extremely thrifty at watts/CPU usage, especially when handling numerous virtual machines with their virtual processors.
It could also be something as simple as having multiple cores, several being lower speed/lower power, and the virtual machines that are not in use being scheduled to run on those. When they gain the user's attention, the VM in use gets moved to the faster CPU. Combine this with some power management (no apps runn
how many people will buy these phones? (Score:1)
more ram, more processor speed - these are premium handsets. How many field services / manufacturing / field sales low- mid-tier employees will buy these expensive handsets simply so that the employer can have their version of dual-OS security installed on them?
Corporate data can be contained by many mobile security vendors today. This appears to be an overly complex solution to a problem that is already solved today.
For the record... (Score:3)
Jolla's Sailfish OS/hardware (not sure what exactly at this early date) can run the Mer as well as Android OS. So Jolla does more than multiple user accounts on a single phone.
Re: (Score:2)
Jolla's Sailfish OS/hardware (not sure what exactly at this early date) can run the Mer as well as Android OS. So Jolla does more than multiple user accounts on a single phone.
Err, of course it can run Mer. Sailfish OS is based on Mer. It's also using Xorg and a pretty standard software stack, so multiple user accounts is trivial.
I think you're completely missing the point of the article, unless you can clarify how it is relevant?
Once again RIM leads the way (Score:4, Informative)
Re: (Score:3, Informative)
It's already available. [blackberry.com]
Pretty much. Wasn't this feature announced months ago? I see it posted as far back as August on some sites. This isn't even news.
Re:Once again RIM leads the way (Score:5, Funny)
If you have to carry a blackberry, you already have to carry a second device for personal use.
So that does not really help.
Re: (Score:2)
yes but can you play angry birds!!!
Re: (Score:2)
Re: (Score:2)
ah the playbook... so after the Verizon lawsuit can you now share (bluetooth) connection from your BB. that one particular issue stopped me from buying the playbook.
Re: (Score:2)
Re: (Score:2)
What bothers me is if Apple/Google came out with this first, the fanbois would soil themselves screaming how epically awesome the feature was and how they couldn't imagine surviving without it. In fact, I am certain that once Apple/Google comes out with this, they will proceed to do just that, not forgetting to claim that it was an unheard of innovation that their respective object of worship was first to release. Meanwhile, most reliable communication devices, along with most of the innovation that paved t
Re: (Score:2)
I think most people will agree a good part of corporate phone making is catching up with blackberry.
Not that their phones don't suck (they do), but Blackberry have known what corporations wanted and have been implementing it for a long time. They only forgot about the users. Oops, bad mistake. And off they go.
Re: (Score:2)
BB10 may resolve this a bit.. the question is is bb going to continue catchup, innovate or die?
Re: (Score:2)
BB10 may resolve this a bit.. the question is is bb going to continue catchup, innovate or die?
Yeah, I've read a little and saw a little about BB10. However, I find it hard to believe it can gain much market at this point. Not with Apple and Google so entrenched, and with Microsoft trying to carve a niche. Too little too late, if you ask me. But hey, Apple raised from the ashes when everyone was saying the same thing about them, so we have to wait and see. However unlikely, it is still possible.
What I don't understand is why Microsoft didn't zero in on Blackberry and, before anything else, took the c
Re: (Score:2)
From corporate stand point, we keep coming back to security and control of a corporate device (i.e BB) or user (desire/useability/shinyness?) of BYOD (Droid iPhone). After a year of allowing BYOD (about 50 percent switched to BYOD). some have actually switched back because the actual phone functionality is better on the BB.
I have a droid and a BB, i use the maps/browser on the droid and use the BB for calls and email. so a BB10 may actually be best of both for this niche... the question i guess is what is t
Re: (Score:2)
The consumer market is not "phone and e-mail". It is facebook, twitter, whatsapp, angry birds and instagram. If we are talking purely phone calls, I have a feature phone here (nokia) that does it better than any droid/iPhone/BB around.
I agree with your views regarding the long term goal(s) of BB. It is hard to make technical predictions about public traded companies. Their ultimate "product" is, after all, their stocks.
And no, I don't think MS merging with BB would be they saying ok to Linux. Hotmail was Li
Re: (Score:2)
Hotmail was FreeBSD.
Re: (Score:2)
a BB and MS merger? would require MS to say ok Linux has a place :)
How so? BlackBerry Smartphones don't run Linux, they run a mostly proprietary OS with heavy Java integration. BB10 and PlayBook run QNX, which is an independent micro-kernel with a POSIX interface. Given that Windows itself has a POSIX subsystem (admittedly it's in the process of being depreciated), this wouldn't be a difficult pill for Microsoft to swallow.
Re: (Score:2)
I still don;t see it happening... win8phone would be direct in house competition... But I guess MS does have money to burn so they could buy it and eventually do something with it.
Re: (Score:2)
I don't think it will happen. Microsoft likes to try their own weight in growing markets. Sometimes they fail (Zune) sometimes they win (Xbox). They only acquire established products (Skype), which BlackBerry is unfortunately no more.
Re: (Score:2)
Oh please, like it's not obvious what fanclub the underhanded comment in the parent came from.
Re: (Score:2)
They now lead the way for 1.6% of the market... Meanwhile an IDC study says that for the first time Apple and Android devices are about to beat RIM in the enterprise.
The dude from Morgan Stanley sums it up: "While some of the new features on BB10 seem innovative, we had a similar reaction to Palm’s WebOS when we saw it at CES in ‘09".
(See http://www.thestar.com/business/article/1293791--rim-tumbles-as-blackberry-s-u-s-market-share-drops-to-1-6-per-cent [thestar.com])
Re: (Score:2)
Re: (Score:2)
You can already do this on android and iphone as well with encrypted containers like Good ( http://www.good.com/ [good.com] ).
The point of virtualising is that it means the OS is COMPLETELY seperate. If you want to upgrade to android 5.3.2 aka "footlong hotdog" (they ran out of dessert names), but your company is still on 4.6.1, you can. If your company image can only send packets via VPN and disallows app installation, you can still do what you want with YOUR image.
Blackberry's seperation is just at the app layer.
Re: (Score:1)
My issue with the Good approach (apart from the fact that they sue companies they can't effectively compete against...) is that it takes you out of the native user experience which is the reason the owner chose that device in the first place. Using either an MDM SDK or app wrapping technology to secure the corporate apps and data preserves the native UX, secures the data, and doesn't have the overhead of a virtual OS approach.
Re: (Score:2)
BlackBerry also separates the data layer. Save a document to an SD card from your corporate email and try to send it from your personal email? You can't. But you can send it from your corporate email.
It's not the same as fully virtualizing, but it creates a nice data firewall between corporate and personal data.
Re: (Score:1)
Re: (Score:2)
woo hoo, oh... hey now
YO DAWG (Score:5, Insightful)
like what unix did for the last 40 years? (Score:3)
Seriously, what is so difficult about having a multi-user phone OS when Linux or Darwin is running the underpinnings?
Re: (Score:2)
I thought i read somewhere that android is structured to use user accounts for each app as part of their separation model.
If that's accurate than the normal 'multiple-user' model can't also be simultaneously used.
Re: (Score:2)
This looks like windows xp for me. In theory, it was multiuser-capable, in practice, because of some very obvious design flaws, not quite so....
Re: (Score:2)
Re:like what unix did for the last 40 years? (Score:4, Insightful)
The point is you don't need (or even want) a hypervisor when you have a secure multi-user system with process isolation like Android.
Lack of a hypervisor support baked into the CPU is only a problem for hypervisor vendors.
Re:like what unix did for the last 40 years? (Score:4, Interesting)
The point is you don't need (or even want) a hypervisor when you have a secure multi-user system with process isolation like Android.
The processes might be isolated, but data access is not. Did you just give the Twitter app SD Card read/write access to the filesystem where the company data is? What could possibly go wrong?
Devil's advocate (would want this system) (Score:4, Informative)
Devil's advocate here. Having a low level hypervisor on the phone is something I've wanted for a long time. There are reasons that having two OS stacks that don't "see" each other on a level 1 hypervisor system would be , and it is less to deal with technical than legal reasons.
Reason 1: I can fire off a "kill" command from Exchange, and the business part gets zonked. The phone still is trackable and locatable. I can do this with a text message and TouchDown, but this way, all data related to work (or even perhaps a client) is gone, and assuming everything is encrypted with a key, I can be sure that the data is rendered unrecoverable, not just deleted or "wiped" (overwriting three times does not work with flash media due to wear levelling unless the low level controller is told to zap the individual cells themselves.)
Reason 2: Separation. I can sign off on the fact that there is absolutely -zero- mingling of personal and work/client data other than being on the same physical hardware (the same way a mainframe can separate LPARs). Confidential stuff never touches the same filesystem as personal data, so a rogue app that gets root would not be able to rummage inside the latest TPS reports.
With how contacts get slurped up by apps, someone storing work related contacts on their phone is likely going to have them vacuumed up by an app, which will aid greatly for spamming, as well as directed attacks (from a contact list with titles, org structures can be deduced, etc.) So, keeping business contacts completely away from personal ones, or contacts addressible by Facebook [1].
Having stuff completely separate minimizes the chance of "leakage". I can sort of do this with Android, but on the iPhone, there is no app like RoadSync or Touchdown to keep the Exchange stuff separate.
Reason 3: Legal/tax reasons. Having stuff separate also makes the legal eagles happy.
Of course, hypervisors are not perfect, but what they provide is separation that is useful in a legal sense (separate filesystems, separate CPU usage, separate RAM images.) It is easier to explain complete separation/isolation to a jury who hates your guts than to explain how unlikely it would be for a root exploit that would allow user "a" in a multi-user system to access user "b"'s stuff, from happening.
So, even though keeping work stuff in a single app is a working solution, the best from both a technical and legal viewpoint would be a level 1 hypervisor.
[1]: If I remember right, there was a bug in the FB app that might alter contacts about a year ago, and that would not be good with work stuff.
Re: (Score:2)
An hypervisor really becomes the required approach if one must have two different OSs on the same device. There the multi-users OS falls short. But I wonder
Re: (Score:2)
Re: (Score:2)
What are you talking about? Any 16mhz, 2mb ram 386 computer from 1985 is capable of running a multi-user OS. There is no penalty performance AT ALL. This is how Linux was built (and don't forget what runs under Android) from day one.
Re: (Score:2)
Re: (Score:2)
ARM chips have "world" support (TrustZone). This is pretty much most of a hypervisor except for the filesystem redirects. However, it allows two completely separate VMs to run without them seeing or affecting each other on a CPU die basis.
Since this is done at a low level, it is a lot harder to bypass than just having a hypervisor in software.
Re: (Score:2)
They are powerful (Score:2)
This "not-that-incredibly-powerful device" is a fucking monster compared to the Unix workstation you used 20 years ago.
Re: (Score:3)
Android 4.2 (at least on tablets) supports multiple users. Not sure if this feature is enabled on phones (4.1.2 is the latest I've used).
Not sure why you'd need a hypervisor.
Re: (Score:2)
You'd need a hypervisor so that you can have completely separate OS's for the personal and corporate side, so that a user with root access to the personal OS would still have only controlled access to the corporate side and so that software (including OS) updates for the corporate side could be managed completely separately from s
Re: (Score:2)
I haven't personally played with the multiple user accounts support in Android 4.2, but from what I've read about it online, it already does everything that you want (with the exception of completely separate OSes).
Each account has their own separate filesystem space that is not accessible to other accounts. Each account has its own Play store account. Each account has their own separate apps installed. Etc.
Re: (Score:2)
If you have root on the phone, you can presumably access any account. Having root on a system wi
Re: (Score:1)
A different question is if I as an employee would trust my company to control the device I have for personal use, or even blur the line between work and play. My current answer to that is: No! Thus, I have two mobile phones, two phone numbers, two e-mail inboxes. Work and play are two different spheres, and it stays that way.
Re: (Score:2)
Thus, I have two mobile phones, two phone numbers, two e-mail inboxes. Work and play are two different spheres, and it stays that way.
2 phones at twice the price to operate. A partitioned phone sounds like it might be a lot cheaper in the long run.
Re: (Score:2)
"Thus, I have two mobile phones, two phone numbers, two e-mail inboxes. Work and play are two different spheres, and it stays that way."
Meanwhile I recently bought a cheap chinese dual SIM phone (a JIAYU JY-G2) that rides circles around my previous Samsung Galaxy S and allows those two phone numbers and e-mail inboxes for two different spheres without the hassle of two phones.
Re: (Score:2)
Because for the user space they completely reinvented the wheel instead of using what they had. So they have to do like Windows 9x and graft multiple user accounts on to it.
Had Android used existing Linux infrastructure, they would have had the capability from day one, but Google insisted on keeping it all in house.
Re: (Score:3)
Seriously, what is so difficult about having a multi-user phone OS when Linux or Darwin is running the underpinnings?
It's a matter of how Android uses Linux.
Android makes very extensive use of Users and Groups for the normal permissions protection. However, instead of using a user/group like you do on your Linux server or desktop, they give one to each individual application (user) or set of applications (group). So only applications by the same developer that the developer has marked as being able to be part of the same group can access the stuff by a given group; and only applications running as the same user - typic
Re: (Score:2)
Or, I don't know, just upgrade to Android 4.2 which includes multiple user accounts on a single machine, each with their own apps, data, profiles, etc.
Finally. Now what about the power user. (Score:2)
Fail To See The Point (Score:4, Insightful)
As a private citizen, why the hell would I want my personal phone to be designed in a way that allows the company I work for to take control of it and access my personal data (separate partitions be damned - when they take the device out of your view for "updates," what guarantee do you have they aren't hacking or imaging it? None)?
As a business owner, why the hell would I want sensitive company data to be stored locally on the personal device of an employee? What guarantee do I have that said employee won't try to access the information without permission, or better yet, take the phone and try to sell it to one of my competitors?
Now, say I was one of those aforementioned control-freak corporations - I would find this a wonderful idea! Not only would it give me an excuse and method to constantly track employees during their off time (oh, see, we're only monitoring the business partition of your phone, so it's totally legit!), it would also be one more frond on the proverbial cat-O-nine that I use to subjugate and mentally manipulate the people who work for me into docile compliance!
Perhaps I'm being excessively cynical, but I fail to see any positive value to such a system.
Bingo. (Score:3, Interesting)
This is the wrong solution to a very real problem - how can a machine get used for personal as well as private access? The answer is, if I have to boot (or even switch to) a separate account to do my personal activities, either they will get done on the work account (compiling - might as well check ./.) or they won't get done at all. I see no use in the "personal" device usage - if I need that, I'm going to use a tablet or my home device.
The solution is to provide proper incentive, security and usage guid
Re: (Score:2)
This is one thing I was curious about.
So I have a phone which has a "business" partition and a "personal" partition. That's great. But if I have to restart the phone to switch between the two, it's not all that useful because--no matter what--I will be in the wrong partition.
Suppose the office calls with some random emergency while I'm at home. Okay, I was home, and my phone was on the "personal" partition. Now I have to restart the phone to get to the "business" partition. So I'll hang up and call you
Re: (Score:2)
No. The point of this is to do better than what you described (which amounts to just having two different sim cards for your phone):
Re: (Score:2)
As a business owner, why the hell would I want sensitive company data to be stored locally on the personal device of an employee? What guarantee do I have that said employee won't try to access the information without permission, or better yet, take the phone and try to sell it to one of my competitors?
If you're that distrustful of your employees then you have other things to worry about.
Right, because company loyalty is such a common attribute these days.
I'm gonna guess you don't actually run anything more complex than a gas station cash register, so I'll give you this important business tip as a freebie - blindly trust someone to guard your gold, and it will be stolen, for all men have their price.
Re: (Score:2)
Err, so do you not have printers at your office? Do you squirt epoxy into all the USB ports? How do you keep your employees from looking at corporate data on their monitors?
If you mistrust your employees to the point that you don't entrust them with corporate data, the problems are far bigger than whether or not they take their meeting notes on their own iPad or the (lack of) iPad you provided them.
Re: (Score:2)
Err, so do you not have printers at your office?
Print queues can be monitored.
Do you squirt epoxy into all the USB ports?
USB ports can be disabled administratively.
How do you keep your employees from looking at corporate data on their monitors?
http://en.wikipedia.org/wiki/Principle_of_least_privilege [wikipedia.org]
This is first-year stuff.
Re: (Score:2)
This happens all the time. Not so much selling the info to competitors but sales people taking their client's info when they leave the company, often to go work for a competitor. There is also people losing their phones along with corporate data. Best that data never leave the premises.
Not really.... (Score:4, Interesting)
Until they can have dual SIM cards and run on two networks at the same time, it will be useless. If the company wants me to have a cellphone, they can pay for one. I prefer to keep both lines separate so I can completely ignore work the second I leave the office.
Re: (Score:3)
It is. I get job offers monthly, you can too, just start leaning a career that is in demand instead of being one of the masses that has thousands that can easily replace you. I change my career every 7 years to avoid being a common worker. In fact it's time for me to start learning a new one so I can switch in about 3 years.
Re: (Score:3)
Even with one SIM card, that can be virtualized as well. Skype and Google Voice do a good job at giving one a usable number.
I can see cellphone providers jumping on the bandwagon as well with this and offering a passthrough service, so the only thing the SIM card is used for is authorizing network usage.
Re: (Score:2)
Hear, hear. The people who use their personal phones or laptops to do official work confuse me. I've never been asked to do such a thing and have no idea why I would want to. I had a business cell phone once but that was just because it was a small company with no PBX; I just left the phone on my desk like any other office phone. Never had any problems, and I never had any risk that my employer might have any knowledge of my personal email or phone conversation.
Re: (Score:2)
"Until they can have dual SIM cards and run on two networks at the same time, it will be useless."
If only it were somehow possible... http://www.pandawill.com/mobile-phone-c1/android-os-phone-c551.html [pandawill.com]
Re: (Score:2)
Until they can have dual SIM cards and run on two networks at the same time,
Dual sim phones have existed for the better part of a decade, but never took off in America.
The reason dual and tri sim phones took off overseas is that, in many countries, callling between networks is more expensive than staying in-network.
So everyone just gets multiple phone lines in order to keep in touch with their friends on different networks.
/The first quad sim phone came out in 2010, but there aren't hundreds of models like there are with triple sim phones.
Re: (Score:2)
And there are none of them that are decently built or run the latest Android.
Every single multi sim phone I have seen and tried was a huge piece of junk running a fake look alike OS or was running a horribly out of date os like Android 2.2.2
Who pays? (Score:3)
Interesting idea (Score:1)
Already there (Score:2)
That'll be just great (Score:1)
Bring Your Own Device (Score:2)
Editors, explaining acronyms would be nice.
http://en.wikipedia.org/wiki/Bring_your_own_device [wikipedia.org]
Isn't this old? (Score:2)
I remember reading a tech article long ago, where they showcased an LG Android phone where it was running an a visualised Android instance within the actual phone, which you could switch at the swipe of a button.
Here:
http://www.engadget.com/2011/02/15/vmware-android-handset-virtualization-hands-on/ [engadget.com]
Did you notice the word, "Intel"? (Score:2)
"... IC makers such as Intel ..."
Does that answer your question?
Solution in need of a problem. (Score:2)
Need me to use a special device whilst I'm employed by you ? Easy just provide me with the device. Then you can do what you like with it. Lock it down, encrypt it, remote manage it etc. etc.
Need me to access IT infrastructure from home ? No problem, give me a physically separate network to use (via a mobile phone should be fine these days)
My devices will never be connected to any employers network - nor will I use employers devices on my own network. The two things are seperate and should be physically