Smart phones are everywhere these days, and they’ve certainly made our lives easier in so many ways, from connecting with friends and family to sharing the latest information with colleagues. As the business use of employee-owned smartphones and tablets proliferates, IT departments are struggling to implement secure and cost-effective policies that facilitate productivity while protecting vital corporate data accessed. Some people now have a work phone and a personal phone, but most people use one. And why not?
Bring Your Own Device (BYOD) platforms are accessing business critical and confidential or proprietary information, such as financial accounts, medical records, sales and customer relations management data, or intellectual property. Current market solutions focus on Mobile Device Management (MDM) software to manage applications, encrypt data, and provide a remote wipe capability.
The more secure approach—the one we’re taking at SRI—is to develop multiple-personality smartphones and tablets that provide true isolation between the enterprise and personal domains.
It’s clean and logical. You see a completely different set of screens when you access business apps and when you access personal apps.
A Type 1 hypervisor is used as part of the phone’s boot-up process before the operating system (OS) even loads. This relatively small piece of software virtualizes the hardware resources and creates multiple isolated virtual machines that can share these resources. Copies of the OS (currently Android, but extensible to iOS or Windows 8) are then loaded onto each of these independent user domains. This isolation between domains protects against unauthorized access to information and prevents malware inadvertently downloaded in the personal domain from contaminating the enterprise domain. Like today’s mobile devices, the personal domain will access app stores, while the enterprise domain will use a secure VPN to access corporate apps and data.
Our vision is for people to go to their local wireless store, purchase the hypervisor-enabled smartphone or tablet that best meets their individual needs, and then have their corporate policy activated on the device. This not only meets enterprise security concerns, it simultaneously ensures personal privacy for the user. We anticipate this approach will enable the widespread adoption of corporate BYOD policies.
Today’s MDM solutions, while generally effective, could be compromised by malware designed to intercept security keys or personal identification numbers or take control of your phone without your knowledge. By starting with mobile devices based on SRI’s architecture, MDM software can extend its capabilities for device management to enterprise-ready devices.
A future blog post will discuss some of the novel details of our BYOD architecture along with new capabilities and value propositions offered by our approach to enforcing a corporate policy.
Jeffrey Casper, program director in SRI’s Products and Services Division, is leading multidisciplinary research and development efforts to advance the state of the art of mobile devices for corporate and government applications.
Windows is a registered trademark of Microsoft Corporation.
