Risk
5/15/2013
11:41 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

VMware Fights Android BYOD Headaches

VMware's BYOD ambitions kick into gear through its partnership with Verizon. But is the virtualization heavyweight making its mobile management play too late?

10 Top Password Managers
10 Top Password Managers
(click image for slideshow)
VMware announced Wednesday the availability of its Horizon Mobile product for certain Android-based Verizon smartphones. The technology establishes a second instance of Google's mobile OS on a compatible device, allowing employees to keep their personal content separate from an IT-controlled workspace.

Such partitions have been considered an ideal ever since workers began bringing their own smartphones into the office, but with many vendors already touting similar technologies of their own, it's not certain that VMware will gain traction in the crowded mobile enterprise management market.

VMware Horizon Mobile is available immediately for the LG Intuition and the Motorola RAZR M. New units will come ready to deploy the Android guest OS, but users who have previously purchased either phone can gain access as well. VMware plans to add support for additional models throughout the year.

IT managers once enjoyed uniform device deployments in which all employees were issued a pre-approved, easily managed device, such as a BlackBerry smartphone. As the bring-your-own device (BYOD) movement flooded the workplace with user-owned iPhones and Android models, however, IT staffers have been challenged to keep the devices secure while also respecting privacy concerns. Due to this tension, analysts have characterized the ability to isolate business data from personal data as the "holy grail" of mobile endpoint management.

[ The multitude of devices will test many IT teams' mobile application development plans. Read 9 Challenges To Your Mobile App Strategy. ]

The same is true at businesses that have eschewed BYOD for the corporate-owned, personally enabled (COPE) model, in which the company owns devices but allows employees to choose from a variety of options. Because smartphones have become so capable, many users use them for personal tasks, even when their employers own the devices. A division between work data and personal tasks allows companies to embrace this user tendency without putting corporate intellectual property at risk.

By building its work-focused space around a guest OS, Horizon Mobile gives IT staffers particularly granular controls. Administrators can set passwords, push applications to devices or approve them for download from a corporate app catalog, enforce VPN requirements, remotely wipe data, and more -- all without affecting the user-dedicated portion of the device. It also boasts a secure browser and AES-256 encryption.

It's worth noting that Horizon Mobile's implementation is somewhat different than other virtualization-based mobile security techniques. Thin clients are often praised for their security because they don't actually store data locally; whatever the user is working on essentially disappears once a session has been terminated. Horizon Mobile, in contrast, stores the second OS locally and uses a Type 2 hypervisor to run the second instance.

As IT has been forced to wrangle an increasingly diverse spate of devices, vendors have stepped in to help, and many mobile management features -- such as remote wipe capabilities -- have become more or less commoditized. BlackBerry, AT&T, AirWatch, MobileIron and others all have technologies, for example, that separate personal content from work content.

Despite the ubiquity of certain features, Jaleh Rezaei, director of product marketing for Horizon, said that VMware's approach is still distinct because it relies on virtualization. In an interview, she said most other approaches involve containerization processes, which require modification to individual apps. Because Horizon Mobile hosts corporate content in a complete OS, this extra step is unnecessary. Similarly, Rezaei said that because admins have access to an OS, rather than to just an app, they can control the workspace more tightly.

She also noted that Horizon Mobile could solve the problem of Android fragmentation. Many versions of Android are actively in use, making it difficult for IT admins to uniformly control the numerous variants that might be accessing their networks. Rezaei said that by orienting corporate activity around a standardized guest OS, VMware avoids this trouble.

VMware Horizon Mobile is available immediately with perpetual licensing starting at $125 per user.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
5/17/2013 | 10:35:54 PM
re: VMware Fights Android BYOD Headaches
A nice portrayal, Michael, of the configuration of the business/personal smartphone in the BYOD debate. Containerization has its management drawbacks but uses little memory. VMware/Horizon Mobile approach has management advantages but uses more memory to mount the second operating system for the virtual machine. I don't know for sure what the penalty is and maybe they've found a way to minimize it. But there is one, and memory is limited resource on the handheld device..Charlie Babcock, InformationWeek senior writer.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
5/15/2013 | 7:09:43 PM
re: VMware Fights Android BYOD Headaches
It is late, but VMware has a strong management tool respect established with many IT groups. Anyone want to chime in on how this complements your existing mobile tools?

Laurianne McLaughlin
InformationWeek
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.