- The current generation of solutions for dealing with use of personal mobile devices in the enterprise have been an unsatisfactory compromise between IT control and employee flexibility
- A new generation of technologies is poised to solve the problem of dual personas with less complexity and more flexibility for both the business and the employee
Enterprises are changing their minds about allowing employees to bring in their own mobile devices to work, because it’s actually a huge money-saver. Why shell out scarce dollars for new corporate-owned cell phones when employees are already buying the latest devices? Corporate-liable ownership is starting to go the way of company cars and even company-owned laptops. The problem is that smartphones are now frighteningly capable computers that can access internal corporate information behind the firewall, can store confidential emails, documents and customer data, surf the internet, become virus-ridden, and are much more likely than laptops to be left in a taxicab (or a bar).
Traditional methods of securing smartphones, whether owned by the company or not, have been to lock them down with MDM and security platforms that centrally authenticate, configure, manage, troubleshoot, distribute software for, encrypt, and lock and wipe. Some of these capabilities are part of the OS or the device firmware, but an increasing number of security conscious companies are deploying software from vendors like Mobile Iron, Airwatch, Sybase or Good Technology or are going to service providers who can manage these platforms on their behalf from an externally hosted server. While these platforms are invaluable for IT and even offer options that can “containerize” certain applications or categorize them and limit access to them with complex business rules, they haven’t really solved the central problem – separating the business and personal personas on a mobile device. As a result, it has been difficult to satisfy the employee who doesn’t want all their own photos and downloaded apps wiped when they leave their device in a taxi, who doesn’t want to have to enter a password just to take a picture, and isn’t thrilled about allowing their IT manager to see what they are doing on their own time. And in particular, employees don’t want their IT departments to deactivate SMS, or limit access to “risky” applications, streaming media or Web URLs for personal browsing. So corporate data has been protected, but it’s a big compromise for the employee.
New options from AT&T (in concert with partner Enterproid) and from Verizon Wireless and Telefonica (with VMware) are solving this problem in a more straightforward fashion by literally separating personal and business personas. Enterproid solves this at the application layer (i.e., it’s an app so it doesn’t muck around in the OS or device firmware), so it is inherently device/OS agnostic, setting up a work profile where IT can decide how much security it wants and implement it within the Enterproid management console, but leaving the personal profile entirely up to the user. VMware provides two separate “virtual” instances of an OS on the mobile device. Both solutions are designed to be delivered as cloud services and so don’t require on-premise servers. They are also not positioned as substitutes for a full fledged MDM/security solution, but rather complementary.
Clearly these are new solutions and at launch are supported only on Android devices, but they solve a problem that has not been solved before by traditional MDM platforms. They should go a long way towards satisfying the two critical constituencies, the IT manager and the employee.