Risk
7/2/2013
11:25 AM
Connect Directly
Facebook
LinkedIn
Twitter
RSS
E-Mail
50%
50%

3 Ways To Virtualize Mobile Devices -- And Why You Should Do So

The idea of splitting smartphones and tablets into personal and business partitions is gaining strength, for good reason. But be warned -- iOS shops will have a tougher go of it.

A less effective but more easily implemented alternative to wrapping entire apps is to create a centrally managed encrypted storage volume or local folder for enterprise applications. Although they don't provide control over usage policies or all forms of data movement between business and personal environments (think clipboard or emailing to an external account), encrypted containers do allow for central management of data storage policies and remote wipes. One downside to these products, like Good Dynamics, is that apps need extra code, typically implemented via vendor-supplied SDKs and libraries, to provide the necessary software hooks to use encrypted containers and follow centrally set data access policies. In this era of ubiquitous cloud file storage and sync services, it's probably a better bet to just keep persistent data off the device in the first place via a cloud service like Box or Syncplicity.

>> Trusted remote app execution: An alternative to carving out a separate business environment on personal devices is to simply move app execution off the device entirely, a technique that's been used in various forms -- VDI, terminal services, application streaming, browser apps -- on PCs for years. As with containerized apps, the advantage is that business apps appear in the personal workspace. Application streaming products like Citrix Receiver use a locally installed native client (the receiver) that provides faster app performance and a somewhat better user experience compared with a browser.

There are downsides, however. First, apps generally can't be used offline on mobile devices (though some products do offer caching on Windows devices). This shouldn't be much of an issue in the age of ubiquitous 3G/LTE connectivity. Second, the user experience may suffer if remote applications were developed for a PC with keyboard and mouse, not a touch-sensitive device.

While mobile device virtualization and compartmentalization technologies are still in flux, they make sense now for users accessing sensitive information or in regulated industries.

What are your security concerns?

Has any mobile device data gone missing?

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
speedo1456
50%
50%
speedo1456,
User Rank: Apprentice
7/13/2014 | 8:33:50 PM
Security apps
There is a big call for security apps in cell phones. This post gets into one of the major problems in this society. Stealing cell phones is a big problem here in the Netherlands, and probably in most countries.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3308
Published: 2015-09-02
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVE-2015-4330
Published: 2015-09-02
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVE-2015-6274
Published: 2015-09-02
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

CVE-2015-6277
Published: 2015-09-02
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote...

CVE-2015-6587
Published: 2015-09-02
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.