In a world where “bring your device” (BYOD) is becoming increasingly popular, and where a single employee may own multiple smartphones, tablets, and wearables, the data security problems faced by IT in any enterprise are becoming more sophisticated and challenging. Issuing separate “corporate-owned enabled” (COPE) devices are one solution. This is a solution because these can be supervised with a variety of mobile device management (MDM) and mobile application management (MAM) platforms.
A COPE approach can be expensive and doesn’t prevent employees (innocently or not) from bringing other devices into the work environment. Outside devices can be an issue because they may interface with corporate data and applications. In his 2014 book, Enterprise Mobility Management: Everything you need to know about MDM, MAM, and BYOD, Jack Madden cautions,
“[D]on’t be fooled into thinking you can prevent BYOD by buying company phones and locking them down like crazy. Your employees will still bring in their own personal devices, and you’ll have all the same issues to deal with again.”
A basic MDM solution doesn’t deal with the fact that workers today want to use multiple “endpoints,” which may be several mobile devices, desktop or laptop computers, specialty information appliances, and maybe even objects connected to the “Internet of Things” (IoT). From IT, each endpoint is a potential security vulnerability. “Smartphones are a prime target for sensitive personal and corporate data,” writes Dror Nadler in Information Week, “But mobile virtualization can isolate data and protect it from threats.”
What is virtualization? It is making a software simulation of a smartphone or other mobile device on a server that copies the look and feel of a user’s device. When an employee accesses the virtual copy of his or her device, then IT can monitor and control how it is used.
Madden goes advocating for a virtualized operating system as part of a mobile application management approach which enables all corporate apps to work together. As Chad Udell, Float’s managing director, recently outlined, such an approach is built on a layered architecture that separates interface design, business processes, services, programming, and operations, allowing maximum data interoperability. This solution creates an enterprise application and data storage ecosystem with deep linking among company apps. The virtualized environment can then be managed by IT on a secure server allowing them to see all interactions between company data/applications, and any endpoint used to access the enterprise system. Madden calls this a “dual persona” approach and spends much of his book discussing its merits and issues.
With a dual-persona approach to mobile enterprise security, users can have their personal and work “personas” side by side on the same device, without one set of apps interfering with the other. Corporate information would be secure, while it would protect employee privacy for all installed apps and data. Madden explains,
“What are the basic requirements for supporting dual persona? Here are the things you need to do or aspire to: Keep tight management over corporate data and applications. Give users a choice of devices. Support personal devices to the same degree as corporate devices. Allow a free and open experience for personal applications. Allow flexible deployment models to suit different user preferences… all the management features IT needs are in place without severely impacting the user experience for the rest of the device.”
Have you set up this approach in your company? How is it working for you?
Latest posts by Gary Woodill (see all)
- Making the Business Case for a New Learning Technology - July 1, 2019
- Rapid Doubling of Knowledge Drives Change in How We Learn - January 23, 2018
- What Does AR for Learning Enable? - January 19, 2018