AT&T Next, T-Mobile JUMP!, and Verizon Edge offer consumers the option to upgrade their smartphones every year. Even with the additional costs, smartphone users flock to these programs. In turn, Bring Your Own Device (BYOD) programs are going to see more employees wanting to provision their Android phones.
I had a discussion recently with Ben Goodman, Lead Evangelist for VMware Horizon Suite, about the role virtualization can play in a BYOD program.
Discovering the potential of virtualization for BYOD
According to Goodman, VMware often gets called in to talk to customers and analysts about BYOD. "There's a lot that we don't know since it's such a new concept. It runs completely counter to what corporate IT has been doing for the last 20 years. Everything about corporate IT has been about control through ownership. We own the desktop. We own the software on the desktop. We own the network. We own the server. The apps on the server. The data center."
"Now, we're moving into a world where the apps could be SaaS or cloud-based running in someone else's public cloud or in a public data center. People could be accessing those services over 3G, 4G, public Wi-Fi, and using a Bring Your Own Device," says Goodman.
"Our customers are dealing with the situation of how do we move from a world where we had control through ownership, and we owned everything, to a world where we effectively own nothing. It's a massive change." Goodman continues, "VMware has been focusing our assets around virtualization and the virtual desktop to help corporate IT regain lost control. That's been a real focus for our whole Horizon strategy."
Based on client discussions and market changes, VMware began seeing virtualization providing some interesting BYOD options for the enterprise.
"From a smartphone perspective, the interesting thing is Android. Android is this new kind of animal in the zoo that's starting to make its way into the enterprise, but it's permeating into enterprises at a dramatically slower rate than it has the general population," Goodman relates. "We are seeing Android as high as 70% of smartphones in some analysis. Yet, when we talk to corporate IT people, Android doesn't have much penetration. Some will allow it, but very few support it."
VMware dug further into the state of Android. "So, we had a lot of conversations with corporate IT, about why Android isn't making it into your organization." Goodman continues, "We got basically two answers. The first one was security, and it's a valid concern. There are issues in terms of certificates and malware that exist in Android, but they are manageable to a certain extent."
"The second and even greater issue when we talk to customers was the concern around fragmentation," says Goodman. "Of course, customers never say fragmentation. That's a vendor word. They say things like ‘there are too many versions of Android' or ‘there are too many flavors of Android' or ‘I don't want to support that many copies of an operating system.'"
Goodman relates, "It's a valid concern when you think about it. I believe the #1 version of Android out there is Gingerbread, which is an older release. When you add that to Honeycomb, Ice Cream Sandwich, Jelly Bean, and the LG version vs. the HTC version vs. the Samsung version -- it becomes really untenable in terms of trying to support it all, so customers back away."
Enter the mobile hypervisor
So, VMware thought this was a perfect example where virtualization could potentially help the situation. In what has been pretty much a massive development project, VMware developed a mobile hypervisor. This provides the capability to run a fully virtualized copy of Android as a guest on a physical host's Android handset. What's exciting about this is that organizations can use an off-the-shelf handset.
Provisioning the hypervisor is made easy for end users. They can enable their phones to have a mobile hypervisor and run a virtual copy of Android that's fully managed by corporate IT. They control the look of that virtual copy, the feel, the applications that can be installed on it, and the password policies. The virtual machine is fully encrypted with AES 256 bit encryption, and it has a VPN on the back of it. This really is a highly secure, highly managed workspace inside of a personal phone.
"We think this nails the BYOD problem right on the head," says Goodman. The VMware solution -- a highly secure mobile hypervisor that's easy to provision -- challenges up-and-coming solutions like Samsung KNOX and even goes one step further by not limiting itself to just one Android ecosystem.
An employee can bring in the latest Android phone, download an enabler from the Google Play Store, and be ready to get to work on the personal phone with a secure corporate workspace (you can't install malware, because you can't install software on the device). Figure A shows an example of the VMware Switch application, which launches VMware Horizon Suite on an Android smartphone:
VMware Switch application.
Figure B shows a VMware Horizon Suite workspace running on an Android smartphone:
VMware Horizon Suite.
"You can't get any data off of the device that we don't want you to get off of it. It's highly secure. And the flip side is that corporate IT has absolutely no access to the personal side of the phone," states Goodman. "So, when corporate IT wants to wipe or lock the workspace, it does that completely independently of your personal space."
The mobile hypervisor solution for Android smartphones offers the ideal segregation between personal and business on a smartphone. Exploring virtualization options such as this can alleviate a number of security concerns while offering your BYOD users the option to use the latest Android smartphone of their choice, regardless of what operating system it's running.
Will Kelly is a freelance technical writer and analyst currently focusing on enterprise mobility, Bring Your Own Device (BYOD), and the consumerization of IT. He has also written about cloud computing, Big Data, virtualization, project management applications, Google Apps, Microsoft technologies, and online collaboration for TechRepublic and other sites. Will also works as a contract technical writer for clients in the Washington, DC area and nationwide. Follow Will on Twitter: @willkelly.