Smartphone Security Worries? Virtualization to the Rescue
Smartphones have come into the workplace in a big way, and there is no stopping the trend. The devices have simply become too pervasive. And smartphone security is a major headache for IT managers and security professionals. The devices are largely under the control of their individual owners, who all too often are not security conscious.
Help may be on the way, however, in the form of "virtual" smartphones. A technology akin to desktop virtualization can permit a single physical smartphone to function as two independent devices. One remains personal to the physical phone's owner, while the other functions as a company-controlled workplace tool.
Virtualization Goes Mobile
Security experts and IT managers did not welcome the trend toward bring-your-own-devices (BYOD) in the workplace. But as Galen Gruman reports at InfoWorld, the trend has been too powerful to resist. Most industries have had to make their peace with it. Government, however, has largely forbidden use of private smartphones in the workplace, instead issuing separate BlackBerry or Windows Mobile devices for work use.
The federal government, however, will soon be launching a test program in partnership with Korean smartphone maker LG (which, as the InfoWorld piece tartly observes, is not famed for security expertise). The program will deploy Android smartphones running two independent operating systems. One system will be for the user's personal use and managed by the user. The other operating system, for workplace use, will be government-managed.
Key to this dual functionality is an OKL4 microkernel hypervisor from Open Kernal Labs, which calls the software a "microvisor." The microvisor runs directly on the phone's hardware and in turn hosts the operating systems that run on top of it. Each operating system (and its apps) thus runs in an independent environment.
Wall of Separation
Unlike desktop virtualization, the independent operating systems cannot communicate with each other. This feature is crucial to the security role of the microvisor. Other technologies are being explored that provide dual interfaces on one smartphone, but with a less complete separation between them. However, ensuring security with these approaches requires limiting functionality available to the user.
From the user's perspective, all of these approaches will be in some degree imperfect. Even with the full wall of separation (and full functionality), the user will have to choose which virtual device to open at any given time. But users will at least be freed from the hassle of carrying and juggling two different physical smartphones.
And IT managers and security specialists will be (mostly) spared the worries associated with BYOD. If necessary, they can wipe the virtual business phone clean without causing loss of personal apps and data. The possibility of hacking the microvisor cannot be dismissed. But this is a fact of life: Any system can potentially be hacked.
For now, some variation of two phones in one may provide a workable solution to the smartphone security problem.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.