Introduction to Bring Your Own Device (BYOD)
Just a few years ago PCs used in the office were superior to those people had at home. This situation has changed now – while most organizations still use bulky PCs or laptops with a limited set of business software, users at home have access to fast laptops of the brand they like, tablets that allow them to run thousands of highly attractive applications and they have fast broadband internet connections at home that are often faster than the network in the office.
To attract new employers and because people will take their personal device to the office anyway, most organizations are now confronted with a new paradigm, called Bring Your Own Device (BYOD).
BYOD allows people to bring personally owned – typically mobile – devices to the office, using them to access the organization’s applications and data, as well as their personal applications and data.
The BYOD concept creates conflicting interests. Systems managers want to fully control the end user device, while the owners of the devices want full freedom. And since the user paid for the device (they brought their own device), it will not be acceptable that systems managers can erase the device at will (including all family photos or purchased music) or that this data is even visible to the systems managers.
Virtualization techniques can be used to create separate environments on these devices. This is still a niche market, but there are solutions that implement a hypervisor on the device that runs two virtual machines:
- One virtual machine with has access to the organization’s data and applications and is fully managed by the organization’s systems managers. This virtual machine is managed using Mobile device management (MDM) that can be used to monitor, maintain and secure devices. When needed, the machine can be remotely wiped to remove all sensitive data.
- One virtual machine that is owned and managed by the end user. This machine runs whatever applications the user wants (browsers, social network clients, games, music and video players, etc.).
Both virtual machines use the same underlying hardware like network connections, screen, GPS, compass, sound system, etc. Since both virtual machines are run on top of a hypervisor, no sensitive data will be available from the user’s managed virtual machine.
This entry was posted on Thursday 29 November 2012