Mobile endpoint security: What enterprise infosec pros must know now
A comprehensive collection of articles, videos and more, hand-picked by our editors
ORLANDO, Fla. -- BlackBerry's Secure Work Space for iOS and Android will launch in the second quarter of this year and will help IT admins better support BYOD.
One of the big concerns for IT admins attending BlackBerry's user conference here this week was they need several tools to manage a mixed mobile device environment. Lots of organizations rely on a combination of BlackBerry Enterprise Service (BES) to manage older BlackBerry devices and another mobile device management product for iOS devices or bring your own device (BYOD).
Toss in the possibility of adding yet another vendor tool for mobile application management and it's easy to see why organizations with BES investments would just want to upgrade to BES 10, said Scotty Hartman, head of enterprise app engineering at Towers Watson, a professional services firm headquartered in New York.
BES 10 provides a single admin console to manage a range of devices and mobile applications, plus the ability to deploy Secure Work Space.
"The container approach is really intriguing for us since we're trying to adapt to more of a [corporate-owned, personally enabled] model with our mobile efforts," said Melanie Seekins, mobile architect for a financial services company headquartered in New York.
The only difference between Secure Work Space and BlackBerry Balance, the native dual container for BlackBerry devices, is Balance doesn't create a strict separation between work and personal. The unified view in Balance is more akin to a one-way valve, making it possible for users to access the personal container data and apps from within the business container, but not vice versa.
BlackBerry's new offering is intended for companies that support BYOD or ones in heavily regulated industries that need extra security measures, the company said during a session on multi-device management.
"Dual personas are a good option for us and for our users," Hartman said. "Especially once [BlackBerry] rolls out the ability to route email traffic for Android and iOS through its [network operations center]."
The container approach only really works, however, if the user experience is good enough for employees to keep using it. It also needs to be available for all devices and carriers, and simple enough for IT to oversee, said Geoff Gordon, head of IT for an investor relations and strategic advisory firm based in New York.
Not only that, but dual containers might be overkill for companies truly concerned with mobile security, said an IT admin for the United States Marines who requested anonymity. Despite personally liking the concept of dual containers, he said the military branch doesn't allow outside devices to access network resources. Because the mobile devices are managed, locked down and owned by the organization, there isn't much point to add a personal component to the device, he added.
"We're unique, obviously, but if users want a personal device, they will probably be carrying a second phone," he added.
Dual persona options increase with VMware Horizon Mobile
BlackBerry isn't the only big vendor pushing dual persona containers. Samsung has made dual work spaces the signature feature of its KNOX initiative, AT&T offers Toggle, and companies such as Good Technology Inc. and Enterproid Inc. have offered a dual container approach for several years.
This week, VMware Inc. joined that group with the release of the long-in-development Horizon Mobile for Android on two phones from Verizon -- the LG Intuition and the Motorola RAZR M. The mobile virtualization platform first began development in 2008, and some expected it to launch with Horizon Workspace earlier this year.
Horizon Mobile remains dormant on the user's device unless they download the Switch App from the Google Play store. Users log in with their corporate credentials. Behind the scenes, IT can provision and manage the container with various applications and policies.
Out of the box, IT admins will be able to provide users with a securely managed workspace that includes email, contacts, a browser, calendar and any other Android app can be deployed into the container.
There is limited single-sign on capabilities for the apps that will be improved over time, said Srinivas Krishnamurti, senior director of mobile product management at Palo Alto, Calif.-based VMware.
The company is working with Verizon to push a software update to Android devices on the carrier's network and expects a majority of devices to be Horizon Mobile capable by the year's end. A similar container for iOS is "a few weeks out," Krishnamurti said.
"We're just finalizing the last capabilities and loose ends for when that will be ready," he added.
Further, they are currently working to bring Horizon Mobile to other carriers, but declined to say which ones.
VMware Horizon Mobile is available immediately with perpetual licensing starting at $125 per user.