Mobile virtualisation and MDM

Woman using phone and laptop

One of the prime ongoing trends of IT in the workplace is the rise of BYOD (bring your own device) in the business environment. More and more companies are allowing their staff to use their own mobile devices for work, and IT market intelligence specialist IDC has estimated that by 2015 more than 55% of smartphones used for work will be owned by employees.

But this has raised new challenges, especially around security, which are standing in the way of deployments in some businesses. As IT managers work on strategies to meet the new demands many are thinking seriously about mobile virtualisation how to manage the use of devices.

Virtualisation involves simulating the software used by the business upon the mobile device, enabling the user to keep their work and personal activities separate.

IDC has highlighted the potential in its Mobile Virtualization: Accelerating Innovation in Next Generation Services white paper, rating it as "the best solution to help businesses take advantage of BYOD while minimising the risks". The potential is increased by the number of solutions available from companies such as VMware, OK Labs and Red Bend, leading IDC to say these "can address most of the challenges that IT managers face in a post–corporate liable world."

Building at the root

Mobile virtualisation can be most effective when the facility is built into the root level of devices (Type 1 hypervisor), but this requires the participation of the manufacturer and is likely to be expensive. For businesses, using an app (Type 2 hypervisor) is often more cost-effective and gives them more control, but may not provide the levels of security and usability needed, or work with the variety of handsets used by employees.

Once the virtual layer is in place, its control then becomes relatively straightforward as MDM (mobile device management) comes into play. For BYOD users, this control may not be wholly welcome, but with virtualisation, the personal aspects of their devices can be left alone with only the 'business' components under control of the MDM.

MDM is evolving to respond to more app based working practices, becoming MAM (mobile application management), where specific apps are under the IT manager's control. Employees may not regard this as ideal as some of the apps will be inferior to others with which they are familiar, but it provides a level of security that can make employers more comfortable with the trend.

Another approach is to use secure cloud based applications such as WatchDox, Citrix ShareFile and VMware Octopus, that give systems administrators firm control of the security features.


It is also important to remember that a number of components have to work together to enable virtualisation, and it may not always be feasible to allow employees to use the latest smartphone they have bought. Also, MDM control will often rely on a specific application programme interface that must be built into the operating system the phone is using. Current examples include 3LM and Samsung's SAFE.

Apple OS provides something of an anomaly, as the company keeps such tight control over its hardware and software that any form of virtualisation is very difficult to achieve. For the foreseeable future there is likely to be much more focus on devices operating on Android.

IT analyst Gartner has predicted that the increase in BYOD is going to take MDM to a new level. In its Magic Quadrant for Mobile Device Management Software paper it concludes:

"More data is being put on mobile devices today, and enterprises are fast developing their own applications to support their mobile users.

"As mobile devices continue to displace traditional PCs, enterprises will look to their existing MDM systems to support more devices, enterprise applications and data. MDM vendors are moving beyond security to support enterprise and third party applications, data, and content — mobile document management systems.

"During the next two years, we will continue to see MDM platforms broaden out and become enterprise mobile management system (EMMS) platforms, going beyond just devices. This broadening out of MDM EMMS will offer full solutions as more enterprises rely on mobile devices for more usage throughout the workday, displacing traditional PCs, especially for mobile users."

Sensitive data

But virtualisation is not a complete solution. Employees can still access the personal side of their mobile device and send emails etc. that could contain sensitive information, and companies need to ensure they have robust data security policies of which everyone is aware.

IT managers will have to take a view as to how much control and therefore restrictions they will place on their employees use of their data devices

The IDC white paper says that companies need to look at both sides of BYOD: it can reduce the costs of device acquisition, but only if IT managers can find efficient methods to manage devices connected to their networks and ensure the integrity of corporate data.

"Mobile virtualisation provides a cost-effective solution that will help IT departments provision an approved virtual phone that uses a standard baseline on employee-liable devices so that they don't have to try to support three or four operating systems simultaneously," it says.

Business will have to find a middle ground where data devices can be used openly, yet have a level of lock down to appease system administrators, and this increasingly means a new form of MDM.

Currently, MDM is a moving target that all IT managers need to track very closely indeed.