General Dynamics Broadband Blog

April 25, 2011

  • Email
  • Print

Worried about mobile security in the Enterprise? Type 1 to the rescue.

Enterprise IT and Information Assurance Best Practices for Enterprise Application & Content Security

As enterprises start to develop more of their own mobile applications for end users, there will be a need for a virtualization platform focused on smartphones and tablets. The need is driven by a combination of security and lower cost of operation.
The needs for security are well known. The enterprise wants its applications to run in an environment that is separate and protected from whatever else is running on the system. In the PC world, this is accomplished by either:

  • running the applications remotely (web or terminal services style)
  • locking down a system such that only the enterprise certified applications are installed and allowed to run
  • by using a Type-1 hypervisor

Even the websites that end users are allowed to visit are restricted by policy.  

On a smartphone or tablet, this approach is not acceptable. End users are taking advantage of public networks and built-in system functionality, plus many times users own the devices and do not want restrictions. Furthermore, the notion of a great mobile web application or remote experience has not emerged as viable. The enterprise developer wants to run applications locally such that device features like touch, cameras and location can be used. The obvious solution to the security requirement is to run the enterprise applications in their own virtual machines (VMs).

When enterprises deploy applications to end users they tend to test on a small set of operating system variants. This practice is generally known as a standard operating environment (SOE). On a PC, the SOE is either a fixed OS installed on the machine when it arrives at the company or a virtual machine (running locally or remote as in terminal services or VDI). For a PC in general the company either specifies an OS version upon purchase or wipes the machine and puts the desired OS down before any applications and other related system software is installed. 

For some tablets and Smartphones, it is not possible to either specify a version or do an OS wipe and load. The only viable solution to get to the SOE is by delivering the enterprise application encapsulated in one or more virtual machines, with mobile virtualization, using a Type-1 hypervisor, not a Type-2 “hosted” inherently less secure hypervisor.

The above techniques are being considered for PC users as well, via the use of technologies like Intel Core vPro and Citrix Xen Client. For smartphones and tablets in the mobile world, there really is no choice but mobile virtualization.

Posted by Frank Artale on April 25 at 01:45 AM

blog comments powered by Disqus
Frank Artale's avatar

About Frank Artale:

Frank Artale was most recently Group Vice President, Business Development at Citrix Systems. He has over 26 years of experience in the software industry and was responsible for all aspects of Citrix’s business development with software and hardware technology partners.

Email Frank Artale


▲ Back to Top