Risk
7/2/2013
11:25 AM
Connect Directly
LinkedIn
Twitter
Facebook
RSS
E-Mail
50%
50%

3 Ways To Virtualize Mobile Devices -- And Why You Should Do So

The idea of splitting smartphones and tablets into personal and business partitions is gaining strength, for good reason. But be warned -- iOS shops will have a tougher go of it.

A less effective but more easily implemented alternative to wrapping entire apps is to create a centrally managed encrypted storage volume or local folder for enterprise applications. Although they don't provide control over usage policies or all forms of data movement between business and personal environments (think clipboard or emailing to an external account), encrypted containers do allow for central management of data storage policies and remote wipes. One downside to these products, like Good Dynamics, is that apps need extra code, typically implemented via vendor-supplied SDKs and libraries, to provide the necessary software hooks to use encrypted containers and follow centrally set data access policies. In this era of ubiquitous cloud file storage and sync services, it's probably a better bet to just keep persistent data off the device in the first place via a cloud service like Box or Syncplicity.

>> Trusted remote app execution: An alternative to carving out a separate business environment on personal devices is to simply move app execution off the device entirely, a technique that's been used in various forms -- VDI, terminal services, application streaming, browser apps -- on PCs for years. As with containerized apps, the advantage is that business apps appear in the personal workspace. Application streaming products like Citrix Receiver use a locally installed native client (the receiver) that provides faster app performance and a somewhat better user experience compared with a browser.

There are downsides, however. First, apps generally can't be used offline on mobile devices (though some products do offer caching on Windows devices). This shouldn't be much of an issue in the age of ubiquitous 3G/LTE connectivity. Second, the user experience may suffer if remote applications were developed for a PC with keyboard and mouse, not a touch-sensitive device.

While mobile device virtualization and compartmentalization technologies are still in flux, they make sense now for users accessing sensitive information or in regulated industries.

What are your security concerns?

Has any mobile device data gone missing?

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
speedo1456
50%
50%
speedo1456,
User Rank: Apprentice
7/13/2014 | 8:33:50 PM
Security apps
There is a big call for security apps in cell phones. This post gets into one of the major problems in this society. Stealing cell phones is a big problem here in the Netherlands, and probably in most countries.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3586
Published: 2015-04-21
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2014-5361
Published: 2015-04-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx.

CVE-2014-5370
Published: 2015-04-21
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.

CVE-2014-8111
Published: 2015-04-21
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

CVE-2014-8125
Published: 2015-04-21
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.