One of the most potentially powerful approaches to organizing and protecting a company’s data and applications on an employee’s smartphone is giving the device a split personality.
In the age of Bring Your Own Device (BYOD), dividing a smartphone into business and consumer profiles has several significant advantages. It’s a new concept, however, and the way to approach doing so is still up in the air. “Separating [identifies] is the Holy Grail,” said Vizay Kotikalapudi, the group product manager for Symantec’s Enterprise Mobility Group. “It is what every vendor in this space is doing. There are multiple approaches to get there. There is no one option.”
While it is unlikely that the way in which the device is departmentalized will be the sole reason one platform is chosen over another, it should play a role in the decision. The key questions concern the security of these systems and how they impact usability.
The highest profile implementation of the concept is BlackBerry Balance, a feature of the BlackBerry 10 operating system introduced on January 30. Peter Beardmore, the senior director of product marketing at security vendor Kaspersky Lab, said that BlackBerry has created a tagging system in which users identify whether an application is consumer- or business-based.
Once the tagging is done, the organization can build policies around the business applications, such as the requirement that it only link to the enterprise via a virtual private network or that the data automatically be encrypted. “BlackBerry has taken it one step farther,” Beardmore said. “It is user driven, which adds the possibility of error, but also makes it that much more granular in how the data is classified.”
The value of splitting personalities on a smartphone is two-fold. On one level, it helps ensure the safety of corporate apps and data. It also makes BYOD more attractive to the end user. If a smartphone carrying valuable data goes missing, an organization is going to wipe it – even if it contains family photos.
Discrete personalities can alleviate this situation. “They can erase the business side and not the consumer side in hopes that the device is found,” said Chester Wisniewski, a senior security advisor for Sophos. “It gives you the best of both worlds in that way.”
Ciaran Bradley, the vice president of handset security for AdaptiveMobile, said that there are three basic approaches to divvying up personalities on a smartphone. The most popular, he said, is containerization. It also is the easiest to understand: All the enterprise apps and data downloaded into the device are put into a separate repository. That container is encrypted and can be remotely deleted if necessary. In essence, the container is the safe room of the smartphone.
The second concept, Bradley said, is app wrapping. As the name implies, this approach focuses on encasing the corporate app with a layer of functionality that provides additional options to IT. For instance, the app wrapper can automatically set up a VPN with the enterprise server and/or encrypt the data. Such an approach doesn’t segregate the apps and data from each other as much as provide those that are corporate with a fundamentally different level of functionality within that shared environment. This may be part of BlackBerry’s approach.
The third approach, Bradley said, is virtualization. He indicated that mobile devices are growing so powerful – some now have quad-core processors – that true virtualization is possible. In such a scenario, the hardware would be driving two “instances” of the operating system, each of which takes on one of the identities.
The fear that always has been part of virtualization is that it is possible that malware introduced to the device via the less secure consumer identity could pose a threat to the data and applications on the more secure side. It is not a looming crisis, but an issue that should be on IT’s radar screens. “I can’t think of real-world examples of where that happened, but it conceptually is a possibility,” Beardmore said.
It is too early to say which of these approaches will predominate. On one level, it is fair to say that it doesn’t matter all too much from the security perspective. If organizations pay heed to experts’ suggestions that they take general security precautions, such as encryption and use of VPNs, the way in which identities are disentangled will be less important. If these higher-level security tools are universally applied, other issues – such as usability and the ease with which the system is integrated with the enterprise backend – become more important. In this scenario, dividing personalities is a great organizational tool — but only one part of a multilevel approach to keeping the organization’s data safe.
The art and science of segregating identities on a smartphone is a young field. There is much development work to do. For instance, app containers, Kotikalapudi said, have capacity limits. If these limits are reached, data could flow into the consumer area of the device. A plan must be in place to deal with this.
Another reason that the jury still is out on how dual personalities will be handled is that much of the rest of the food chain has not yet weighed in. For instance, mobile device management (MDM) vendors and service providers may begin offering such services. Each, presumably, would add value around the core functionality that already exists. Some form of separation of personalities likely also will be made available via downloadable apps from enterprise and even consumer application stores.
The sense is that the real value of separate personalities on a smartphone isn’t yet known. On one end of the spectrum, such approaches could be nothing more than handy organizational platforms with some incidental security benefits. On the other, they could evolve to become core security tools in the fight to keep corporate data safe. “The concept of separate and completely isolated corporate data and the ability to manage it separately is relatively new,” Bradley said. “What it comes down to now is that vendors must demonstrate that they do offer complete segregation of data — so that there is no leakage and no ability [of crackers] to attack the secure component. They also must show that they are able to detect any attempt to tamper with the secure component.”