Risk
7/2/2013
11:25 AM
Connect Directly
Facebook
LinkedIn
Twitter
RSS
E-Mail
50%
50%

3 Ways To Virtualize Mobile Devices -- And Why You Should Do So

The idea of splitting smartphones and tablets into personal and business partitions is gaining strength, for good reason. But be warned -- iOS shops will have a tougher go of it.

A less effective but more easily implemented alternative to wrapping entire apps is to create a centrally managed encrypted storage volume or local folder for enterprise applications. Although they don't provide control over usage policies or all forms of data movement between business and personal environments (think clipboard or emailing to an external account), encrypted containers do allow for central management of data storage policies and remote wipes. One downside to these products, like Good Dynamics, is that apps need extra code, typically implemented via vendor-supplied SDKs and libraries, to provide the necessary software hooks to use encrypted containers and follow centrally set data access policies. In this era of ubiquitous cloud file storage and sync services, it's probably a better bet to just keep persistent data off the device in the first place via a cloud service like Box or Syncplicity.

>> Trusted remote app execution: An alternative to carving out a separate business environment on personal devices is to simply move app execution off the device entirely, a technique that's been used in various forms -- VDI, terminal services, application streaming, browser apps -- on PCs for years. As with containerized apps, the advantage is that business apps appear in the personal workspace. Application streaming products like Citrix Receiver use a locally installed native client (the receiver) that provides faster app performance and a somewhat better user experience compared with a browser.

There are downsides, however. First, apps generally can't be used offline on mobile devices (though some products do offer caching on Windows devices). This shouldn't be much of an issue in the age of ubiquitous 3G/LTE connectivity. Second, the user experience may suffer if remote applications were developed for a PC with keyboard and mouse, not a touch-sensitive device.

While mobile device virtualization and compartmentalization technologies are still in flux, they make sense now for users accessing sensitive information or in regulated industries.

What are your security concerns?

Has any mobile device data gone missing?

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
speedo1456
50%
50%
speedo1456,
User Rank: Apprentice
7/13/2014 | 8:33:50 PM
Security apps
There is a big call for security apps in cell phones. This post gets into one of the major problems in this society. Stealing cell phones is a big problem here in the Netherlands, and probably in most countries.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.