It’s not quite Dr. Jekyll and Mr. Hyde, but it’s pretty close. Software developers and corporations are working on ways to give your smartphone split personalities: one dedicated to work and the other to play. The BYOD, or “bring your own device,” movement—along with the “open” nature of Android—is helping make dual-purpose smartphones a growing trend.
One of the benefits of BYOD is reduced overhead for companies because they can minimize or eliminate hardware and wireless plan costs. Encouraging employees to use their own smartphones can also reduce calls to the IT department, as employees generally have a better understanding of their personal devices than corporate-issued ones.
But with those benefits come significant risks.
Storing corporate data on a user’s personal phone puts that information in the crosshairs of any malicious software the user may encounter through the web or apps. And with app stores—particularly the Android Market—serving as veritable playgrounds for spyware and viruses, the need to protect corporate data on employees’ phones has become more important than ever.
So far, organizations have turned to mobile device management solutions to clamp down on the spread of malware and potential data leaks. But this approach often requires employees to grant their company’s IT department complete access to their personal devices, something most privacy-conscious users find less than desirable. That’s where split-personality or dual-profile software solutions comes in. Offered by companies including Enterproid and VMware, these new solutions separate a user’s smartphone into two profiles: one for work life and one for personal life.
The New Dual Mode
Here’s how the solutions generally work: When logged into your personal profile, you can use your smartphone just as you normally would, without worrying about whether someone from IT can see which apps you downloaded or websites you’ve visited. “It’s really helping with the privacy issue, because as an end user, I may not want IT to see everything I’ve downloaded onto my personal phone,” explained Stacy Crook, senior mobile enterprise research analyst with IDC market research. “It’s about a separation of the data.”
But it’s not just about privacy. The dual-profile approach creates a virtual barrier, ensuring that apps you download can’t interact with any important corporate data stored on your phone. These work profiles also give IT departments the control they need. Logging into your work profile also means you are automatically bound by the restrictions placed on your phone by IT, giving businesses the ability to lock down the app store, camera, and web browser. Log back into your personal profile, and you’ll have access to your phone’s features again.
Because the space is still in its infancy, there are only a few major players working on dual-profile solutions. Here’s a quick breakdown.
Although it was only founded in 2010, Enterproid recently teamed with AT&T to bring its Divide dual-profile solution to the carrier’s business users under the name Toggle. Toggle functions by creating a work profile on a user’s phone that can only be accessed via password. By default, you are automatically logged into your personal profile. Only after opening the Toggle app and entering your password can you access your work data. To help differentiate the two profiles, Enterproid has skinned the work side with Toggle-specific backgrounds and icons.
To get Toggle on your phone, you simply download it from the Android Market. Once it’s installed, your IT department connects your work profile to your company’s corporate server. From there, IT can let you download specific apps as well as updates for those apps to ensure you’re running the latest and most secure versions. The software gives IT the ability to wipe corporate information from an employee’s device and manage employee access to company resources.
Employees gain the ability to access their corporate e-mail, calendar, and other data. The software also features a set of native Android business apps. And because they run in your work profile, they are encrypted and compliant with your company’s use policies.
Enterproid CEO and co-founder Andrew Toy said his company jumped behind the dual-profile concept because “it enables companies to have what they want in terms of management and control and security. And on the personal profile, there is no effect whatsoever. The IT guys simply don’t have visibility in that area.”
According to IDC’s Crook, the Divide/Toggle solution is better suited for small and medium businesses because of its simplified method for dealing with BYOD. The one downside to Toggle, however, is that it only works on Android devices.
Best known for its desktop virtualization software, VMware has teamed with Verizon Wireless to bring its Mobile Virtualization Platform to Verizon’s line of Android phones. The service puts a hypervisor on employees’ devices, providing access to a virtualized Android operating system. When logged into MVP, your company’s IT department can remotely manage and provision a corporate workspace on your Android device while leaving your standard Android operating system completely untouched.
“If I decide to go with the VMware/Verizon solution, I’m going to actually have two separate operating systems, one real and one virtual,” Crook said. Users can log into a virtual desktop where they can securely access corporate information. No information accessed through the virtual desktop can be saved or copied to a user’s Android profile either. All information is isolated from an employee’s personal profile.
While MVP and Enterproid offer similar services, they differ in how they are managed. “With AT&T it’s the same instance of the operating system that the data is operating on,” Crook explained. “With the Verizon solution, you are going to have a partition of operating systems. So you are going to have the base Android operating system where your personal information is going to sit and then you are going to have a virtual operating system where your corporate information is going to sit.”
Unlike Toggle, MVP is built into the kernel of a phone’s operating system. As a result, it will be limited to users who have phones with that kernel built in. But Verizon says it is already in contact with its Android OEM partners—including LG and Motorola—to have them include the software on their phones.
And while Toggle could work well for small and medium businesses, Crook told us that MVP is better optimized for an enterprise setting. That’s not to say it’s a better solution. But VMware already has the ear of the enterprise thanks to its other virtualization solutions.
3. BlackBerry Balance
RIM’s BlackBerry is synonymous with mobile enterprise network access. The company pioneered a solution for employees connecting to corporate data while away from the office. RIM is acutely aware of the BYOD trend’s growing momentum and has introduced its BlackBerry Balance service to meet that challenge. Like Toggle and MVP, the service separates an employee’s personal data from corporate data. But unlike those solutions, Balance doesn’t create separate work and personal profiles. Instead, Balance lives directly on a user’s smartphone and is accessible by IT through a standard BlackBerry Enterprise Server.
That, according to Crook, is a result of RIM’s decision to build the software directly into the BlackBerry BBX operating system. “It’s a micro-kernel architecture so there is all kinds of partitioning already going on in the OS that allows them to do the BlackBerry Balance model,” she explained.
With BlackBerry Balance, users are prevented from copying and pasting corporate information into their personal applications. IT can also remotely wipe business information from a user’s BlackBerry if he or she loses their phone or leaves the company.
Users also don’t have to open another program to access corporate data. If an action they are trying to perform isn’t permitted by IT, then they will simply see a blacked out box. For instance, if you try to copy something from your corporate e-mail to your personal e-mail, the copy command will be locked. But like VMware’s MVP solution and AT&T’s Toggle, BlackBerry Balance is limited to a set user base: BlackBerry owners.
If there is one drawback to this dual-profile approach, it’s that it limits IT departments’ access to employees’ devices, making it a poor fit for industries dealing with extremely sensitive material. Healthcare and financial companies, for example, may need to take complete control of an employee’s phone if it stores sensitive information.
So which of these solutions is best? Because the BYOD market is still new—and dual-profile services are even newer—a clear leader has yet to be established. There are also several other solution providers looking to make some noise in this space, including OK Labs and Red Bend Software. One thing is for certain, though. More and more employees will want to bring their smartphones into the workplace, and businesses can either prepare now, or be left out in the cold.