Snapshot Mobile Warrior

Can virtualization help mobile device management?

As the Defense Department and its workforce become more dependent on mobile devices, mobile device management is emerging as the vehicle to ensure devices are secured and managed in a cost-effective way.

MDM enforces policy for end user devices at the application and user levels by instituting end-user permissions for approved functions on the device. “MDM also supports malware detection, electronic software distribution of applications, remote data-wipe capabilities, remote device configuration management and asset/property management capabilities that protect against data compromise,” according to the Defense Information Systems Agency, the lead agency for the DOD Mobility Program.

In essence, a unified MDM architecture secures, monitors, manages and supports accredited mobile devices across a range of DOD agencies and services.

Virtualization can play an important role in this arena by providing an effective way to segregate and compartmentalize corporate data from personal assets on mobile devices such as smartphones. The intent is to ease the mobile management burdens on organizations while giving users the freedom to use their phones as they see fit.

Although MDM is strong in the enforcement of corporate policies on mobile devices, it doesn’t differentiate between personal and business data. As a result, new technologies have emerged to help IT organizations better manage mobile—and employee-owned mobile—devices. The options include mobile virtual desktop infrastructures, containers, app wrapping and device virtualization.

“However, many of these technologies diminish the user experience, which remains the single biggest barrier to adoption,” according to the 2013 Forrester Mobile Security report.

But Forrester Research analysts see the emergence of another category, mobile virtualization, which could extend MDM beyond the area of device management. Two years ago, the first glimpses of these technologies that could lead to seamless “mobile virtualization” started to hit the market.

VMware’s device virtualization technology and options from companies such as Enterproid and MobileSpaces, although still in the early stages, “promise to dynamically insert policies in flight without changing the app a priori means that these technologies could truly change how enterprises approach mobility,” according to the Forrester report.

“Key to making mobile virtualization work are whole-app workflows and mashups that are easily controllable.”

By extending policy to an entire workflow of applications, any app invoked by the corporate app is treated with the same policy, as opposed to wrapping and containing a standalone app, the report states. This capability will help preserve user experience and further enable mobilization of enterprise resources so policy-based control over corporate apps, content and data is enforced on-demand and with little interference to the user experience.

A likely future scenario is for MDM products to include mobile virtualization and other parts of the mobility stack, from devices to applications and data.

Ultimately, organizations want to provide mobile application and content management so that they can protect the specific applications and data they care about, but give users full control of their personal devices, said Bryan Salek, staff systems engineer for end-user computing at VMware Public Sector.

So the next step is to move beyond MDM to mobile application management (MAM) and mobile content management (MCM). MAM software and services help provision and control access to internally-developed and commercially-available mobile apps used in business settings on both company-provided and BYOD smartphones and tablet computers.

MCM systems store and deliver content and services to mobile devices. In effect, MCM provides a central repository so organizations can integrate existing enterprise applications such as Microsoft SharePoint collaboration software within their mobile strategy. Users, for example, could launch a client within their smartphone to gain access to SharePoint.

VMware’s recent acquisition of AirWatch, a provider of mobile app and content management software, will give organizations the ability in the near future to manage mobile devices, physical desktops and virtual desktops—as well as all of the applications running across those environments—from a single platform, Salek said.

Currently, VMware’s focus is on deploying virtualization on the desktop to deliver an application like Microsoft Outlook email directly to an iPad tablet. But as AirWatch or other solutions like it become more tightly converged with desktop solutions, in the case of mobile, virtualization will be a value-add. End users will gain access to applications that do not have mobile or web-based versions, from their mobile devices.

Plus, the IT department would be able to provision web-based or mobile-based access to apps, for instance, depending on which device the end user employs to connect to the network, Salek said. What’s more, the user experience will be the same across all devices. So mobile app and content management moves beyond device management, “providing ways for organizations to gain a higher level of control over their applications and content,” Salek said.