Would you let your boss jailbreak your phone?
Bringing your gadgets to work could mean handing over the keys.
There's a lot of talk these days about corporate Bring Your Own Device (BYOD) policies, designed to let us use our own gadgets in the office rather than work-issued clunkers. So you can chuck away the old office XP notebook and WinMo brick for something a little more sexy. Don't be fooled, this isn't about making employees happy. It's more about employers saving money and shifting risk, even if they're giving you an allowance to buy your own shiny gadgets for work.
Of course the obvious problem with BYOD policies is security. It's hard enough to get people to think about security when they're dealing with work-issued devices. It's going to be a nightmare when you're asking them to take adequate security precautions on their own gadgets. It will be hard to maintain policies such as mandatory passcodes and limitations on installing apps unless it's enforced on the device. I don't expect people will be happy with their boss dictating that they can't play Angry Birds on their own phone after hours.
These basic precautions still won't be enough to satisfy the security requirements of some organisations, who can't risk sensitive data falling into the wrong hands. It looks like virtualisation technologies will deliver the answer.
In a nutshell, virtualisation revolves around the concept of devices pretending to be other devices. One physical device can pretend to be several "virtual" devices, or several can pretend to be one. Often these "virtual machines" don't even realise that they're not real. Just like the Matrix, it'll bake your noodle if you think about it too long. But this isn't science fiction, it's already happening in many server rooms and data centres.
Virtualisation can also provide extra security on mobile devices by letting them pretend they're more than one device. Hypervisor software is used to create the illusion of separate hardware -- separate virtual machines. Separate operating systems can run on those virtual machines, rather than directly on the hardware. There's more than one way to do this.
One option is to run a hypervisor, a virtual machine and an operating system all within an application -- so you open an app on your phone and the app thinks it's a separate phone. This is known as a Type 2 hypervisor, as it runs on top of an operating system. It's already pretty common on desktops thanks to software such as Parallels and VirtualBox.
Another option is to run a Type 1 "bare metal" hypervisor directly on the hardware. The hypervisor can masquerade as two virtual machines and run an operating system on each. This way the operating systems can run side by side, instead of one on top of the other. Each still believes it's a separate physical device. Bare metal hypervisors provide greater isolation between the operating systems, which offers extra security. This also offers a useful alternative to carrying separate phones for work and personal use.
Some organisations will only be satisfied with the extra security of Type 1 bare metal hypervisors, even on mobile gadgets such as smartphones and tablets. The trouble is that the hardware needs to support it. I can't see Apple being happy with the idea of installing a bare metal hypervisor *under* iOS on the iPhone, so the phone can pretend to be two phones.
I referred to jailbreaking earlier but installing a bare metal hypervisor on your phone is actually worse in some ways. Forgive the ruse, it's a bit hard to explain a hypervisor in a headline. My point still stands -- if your boss installs a bare metal hypervisor under the operating system on your gadgets, your boss pretty much owns the device. There are significant privacy issues here. It's sort of like thinking you own your own house, only to realise that your boss actually owns the whole block and is your landlord.
Once hardware is compatible, there may well come a day when the only option at many large organisations is to bring your own phone and computer to work and then submit to your boss installing a bare metal hypervisor under your operating system. Gadgets which don't support this won't get a foot in the door, nor will employees who oppose it. It's a disturbing thought.
Do you think mobile virtualisation is the way of the future? Does it concern you?