Slashdot Mirror
Dual Interface Mobile Devices To Address BYOD Issue
Lucas123 writes "Next year, smart phones will begin shipping with the ability to have dual identities: one for private use and the other for corporate. Hypervisor developers, such as VMware and Red Bend, are working with system manufacturers to embed their virtualization software in the phones, while IC makers, such as Intel, are developing more powerful and secure mobile device processors. The combination will enable mobile platforms that afford end users their own user interface, secure from IT's prying eyes, while in turn allowing a company to secure its data using mobile device management software. One of the biggest benefits dual-identity phones will offer is enabling admins to wipe corporate data from phones without erasing end users profiles and personal information."
The only major concern I have is battery life. You don't see any figures from the manufacturers or the hypervisor companies (aka. VMware) as to what this will do to the already short battery life of a smart phone that is heavily used. Additionally, what incentive does a customer have to buy a device that supports this? Granted a company could prefer one or the other, but the days of "You own X device or Y device only (ie. Blackberry - no iPhone)" are over and it defeats the purpose of BYOD.
I can only please one person a day. Today is not your day, and tomorrow does not look good either.
more ram, more processor speed - these are premium handsets. How many field services / manufacturing / field sales low- mid-tier employees will buy these expensive handsets simply so that the employer can have their version of dual-OS security installed on them?
Corporate data can be contained by many mobile security vendors today. This appears to be an overly complex solution to a problem that is already solved today.
Jolla's Sailfish OS/hardware (not sure what exactly at this early date) can run the Mer as well as Android OS. So Jolla does more than multiple user accounts on a single phone.
You can't be ahead of the curve, if you're stuck in a loop.
It's already available.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Sad that BB10 is not mentioned since it will have this feature bult into the OS. Fire an employee, wipe the corporate side of their BB10 and the employee gets to keep all their personal stuff like Angry Birds. No virutalization is needed. The BB10 OS does this out of box!
I believe AT&T already offers something like this -
https://www.wireless.att.com/businesscenter/solutions/industry-solutions/mobile-productivity-solutions/toggle.jsp
we heard you like to compute while you talk, so we put your boss's computer in your phone so you can slave away 24/7!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Seriously, what is so difficult about having a multi-user phone OS when Linux or Darwin is running the underpinnings?
Finally someone realizes not all users are the same. Now if they would release an interface for power users without time-wasting transitions, silly skewmorphics, lame swipes and minus the overall nursery-age feel, mobile devices will take the next big step forward.
Sent from my ENIAC
I don't understand who this would be attractive to, outside control-freak American corporations.
As a private citizen, why the hell would I want my personal phone to be designed in a way that allows the company I work for to take control of it and access my personal data (separate partitions be damned - when they take the device out of your view for "updates," what guarantee do you have they aren't hacking or imaging it? None)?
As a business owner, why the hell would I want sensitive company data to be stored locally on the personal device of an employee? What guarantee do I have that said employee won't try to access the information without permission, or better yet, take the phone and try to sell it to one of my competitors?
Now, say I was one of those aforementioned control-freak corporations - I would find this a wonderful idea! Not only would it give me an excuse and method to constantly track employees during their off time (oh, see, we're only monitoring the business partition of your phone, so it's totally legit!), it would also be one more frond on the proverbial cat-O-nine that I use to subjugate and mentally manipulate the people who work for me into docile compliance!
Perhaps I'm being excessively cynical, but I fail to see any positive value to such a system.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
How about adding hardware encryption so Google can't read your messages or contacts!
Until they can have dual SIM cards and run on two networks at the same time, it will be useless. If the company wants me to have a cellphone, they can pay for one. I prefer to keep both lines separate so I can completely ignore work the second I leave the office.
Do not look at laser with remaining good eye.
This is the wrong solution to a very real problem - how can a machine get used for personal as well as private access? The answer is, if I have to boot (or even switch to) a separate account to do my personal activities, either they will get done on the work account (compiling - might as well check ./.) or they won't get done at all. I see no use in the "personal" device usage - if I need that, I'm going to use a tablet or my home device.
The solution is to provide proper incentive, security and usage guidance, and a strong security stance so your employees use the work devices for appropriate personal activity.
Now, get back to work, DIY - I want to see your TPS reports on my desk by tomorrow morning!
Make sure everyone's vote counts: Verified Voting
Many companies currently pay for personal phone plans if they use them for business, or at least give them some credit; flat fee or usage based. With these dual identity phones, will you need two phone plans? For many people that may make their own personal phone plan more expensive, especially if they were paying $0 before.
I knew something was in the works when Cisco started making components like this two years ago. Now if we can just convince paranoid CISSP types to adopt this technology, setting up a corporate cellphone could be completed from an app store with a code.
Only the dead have seen the end of War. - Plato
do we get dual sim cards so I can make a personal call without corporate knowing who I called? Actually, I don't care. I call who I want, when AT&T will let me have a signal.
I can do the last part with our MDM software from a leading vendor®. Partial wipes work very well on Android and iOS devices.
If you're schitzophrenic
Devil's advocate here. Having a low level hypervisor on the phone is something I've wanted for a long time. There are reasons that having two OS stacks that don't "see" each other on a level 1 hypervisor system would be , and it is less to deal with technical than legal reasons.
Reason 1: I can fire off a "kill" command from Exchange, and the business part gets zonked. The phone still is trackable and locatable. I can do this with a text message and TouchDown, but this way, all data related to work (or even perhaps a client) is gone, and assuming everything is encrypted with a key, I can be sure that the data is rendered unrecoverable, not just deleted or "wiped" (overwriting three times does not work with flash media due to wear levelling unless the low level controller is told to zap the individual cells themselves.)
Reason 2: Separation. I can sign off on the fact that there is absolutely -zero- mingling of personal and work/client data other than being on the same physical hardware (the same way a mainframe can separate LPARs). Confidential stuff never touches the same filesystem as personal data, so a rogue app that gets root would not be able to rummage inside the latest TPS reports.
With how contacts get slurped up by apps, someone storing work related contacts on their phone is likely going to have them vacuumed up by an app, which will aid greatly for spamming, as well as directed attacks (from a contact list with titles, org structures can be deduced, etc.) So, keeping business contacts completely away from personal ones, or contacts addressible by Facebook [1].
Having stuff completely separate minimizes the chance of "leakage". I can sort of do this with Android, but on the iPhone, there is no app like RoadSync or Touchdown to keep the Exchange stuff separate.
Reason 3: Legal/tax reasons. Having stuff separate also makes the legal eagles happy.
Of course, hypervisors are not perfect, but what they provide is separation that is useful in a legal sense (separate filesystems, separate CPU usage, separate RAM images.) It is easier to explain complete separation/isolation to a jury who hates your guts than to explain how unlikely it would be for a root exploit that would allow user "a" in a multi-user system to access user "b"'s stuff, from happening.
So, even though keeping work stuff in a single app is a working solution, the best from both a technical and legal viewpoint would be a level 1 hypervisor.
[1]: If I remember right, there was a bug in the FB app that might alter contacts about a year ago, and that would not be good with work stuff.
This capability is going to be available for the Android OS only. No such support will be available for Apple iOS so saying that smart phones will have this capability next year is somewhat misleading. Some smartphone will
BYOD is the biggest scam going. Employers are laughing all the way to the bank, knowing they've successfully shifted a real cost of doing business from themselves to their employees. Maybe I'm old fashioned, but if I'm going to carry the leash, it's going to be one my employer pays for. I understand that Moore's Law is making all this more affordable, computationally speaking, but there's still going to be a cost delta between a smartphone that has these capabilities, and one that does not. Beefier CPU and more memory leads to greater power consumption which necessitates a bigger battery, which makes the phone bigger and more costly, and on and on... How many people will actually spend more of their own money to get a phone so their employer can install its digital leash on their new phone?!
This "not-that-incredibly-powerful device" is a fucking monster compared to the Unix workstation you used 20 years ago.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Wouldn't tbis be more useful for people like Tiger Woods?
It's a lot easier to let your spouse check your phone and find nothing than convincing her that a Wizard Alien caused you to cheat.
To name one app already available in the market, Divide https://play.google.com/store/apps/details?id=com.enterproid.divideinstaller&hl=en
It works quite well and seperate personal and work information. Remote wipe hits only work data and it uses encryption. My galaxy nexus doesn't seem to mind the overheard of the app. It integrates with our exchange environment quite easily.
Bad summary, as this isn't in the article. intel is very much a tiny player in this market, and so a bad example.
Editors, explaining acronyms would be nice.
http://en.wikipedia.org/wiki/Bring_your_own_device
Bram Stolk http://stolk.org/tlctc/
If a friend, family member, coworker loses their phone - and sufficient data is "in the cloud" - ought not it be possible for them to share my phone (or somebody else's preferably)?
If my coworker forgets his phone, it would be great if basic functionality could just iPort to another device especially as we are on the same plan and I can see all his calls on the bill in the invoice files.
If my employer wants me to use a phone, laptop etc... as part of my job, he/they will provide the device, and it will stay on the employer's premises. I will NOT be on call, nor will an employer have any access to my personal devices. While many idiots these days are stupid enough to not keep work and home life seperate, I am not among them. My time outside of work hours is entirely my own. I bought and paid for MY devices. My employer will not have any access to either my devices nor my time outside of work hours!
The only device that I would take to work would be a phone. It would NOT be used for any work purposes whatsoever. It would be set on vibrate or turned off at work unless a personal circumstance made that unwise, such as a relative that could die at any moment etc...
This BYOD crap is just an attempt by employers to save a few bucks at employee's expense and take control of employee's devices.
I remember reading a tech article long ago, where they showcased an LG Android phone where it was running an a visualised Android instance within the actual phone, which you could switch at the swipe of a button.
Here:
http://www.engadget.com/2011/02/15/vmware-android-handset-virtualization-hands-on/
I am an ACCA student. Got a query on Accountancy/Finance? Maybe I can help!
Need me to use a special device whilst I'm employed by you ? Easy just provide me with the device. Then you can do what you like with it. Lock it down, encrypt it, remote manage it etc. etc.
Need me to access IT infrastructure from home ? No problem, give me a physically separate network to use (via a mobile phone should be fine these days)
My devices will never be connected to any employers network - nor will I use employers devices on my own network. The two things are seperate and should be physically separate.
There should be complete separation between home/work life including all use of devices/networks etc. etc.
Sky subscribers are morons. They pay to be advertised at !
"... IC makers such as Intel ..."
Does that answer your question?
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.