Maybe you can have your cake and eat it too. The bring-your-own-device (BYOD) phenomenon has caused significant consternation among IT and security pros, as it commingles personal and work information on a single device managed mainly by users. This reality is now accepted, if not loved, as first iPhones, then iPads, and now Android become standard portable computing tools, supplanting the old-guard Windows Mobile and BlackBerry devices.
Although heavily regulated industries such as financial services have made their peace with Apple's iOS devices, some users still need more information security than iOS and third-party mobile device management (MDM) tools can provide. In government, many employees are simply not permitted to use consumer-oriented devices such as iPhones and Androids for work purposes. Many of these people carry both a government-issued BlackBerry or Windows Mobile device and a personal iPhone or Android. But later this year, they may not need to juggle two smartphones any more.
[ Updated for iOS 5, Android 4, BlackBerry OS 7, and Windows Phone 7.5: Learn how to manage mobile devices in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]
Parallel operating systems separate virtual smartphones
This spring, Korean manufacturer LG -- not a device maker known for security-savvy smartphones -- will deploy Android smartphone prototypes for U.S. federal government testing that run two separate operating systems, one managed by the user and one by the government. The secret sauce is the use of Open Kernel Labs' OKL4 microkernel hypervisor (what OK Labs calls a "microvisor"), which runs directly on a smartphone's or tablet's processor and has one or more operating systems run on top of it. Each operating system is thus its own environment, across which apps, content, and so forth are separated.
It's not the same as desktop virtualization, where you run a "guest" operating system in a virtual machine that resides in a "host" operating system, thus opening the possibility of interaction between the guest and host. In the OK Labs approach, you have, for all intents and purposes, several virtual devices running in parallel from the same device's core processor.
LG won't be the only device maker using the technology, notes Steve Subar, OK Labs' CEO, though he can't yet comment on the others. But Subar does say devices running OKL4 will ship this year, aimed initially at government customers who need more separation between business and personal usage than is available now. He expects device makers to offer the same separated-OS functionality to corporate customer as well.
By separating the OSes from each other but providing access to the same underlying hardware, Subar says users won't experience the slowdown common to traditional desktop virtualization approaches. Thus, device makers will be able to use widely available, low-power ARM and Intel processors. Supported ARM designs include Cortex-8, Cortex-9, ARM 9, and ARM 11, whereas just Intel Atom processors are supported from the x86 universe.
The hypervisor-based approach also means that any mobile operating systems can be run in parallel, as there's no need to have a VM compatible with a host OS. The LG devices will likely run a commercial version of Android for the personal environment and the government version will likely run a secured version of Android developed by the National Security Agency. But Subar expects device makers to offer devices that run Android and Windows Mobile, which is widely used in government and has more security capabilities than most other mobile OSes, except Research in Motion's BlackBerry. He expects Microsoft's Windows Compact Embedded, Windows Phone 7, or Windows Phone 8 to be available, though it's up to device makers and Microsoft to deliver.