app in the box – technology recap to solve BYOD


When Oliver tried to work on the discussion what the “D” in BYOD means we should never forget that the IT stuff needs to handle the colourful new world. Often this assignment comes directly from the CIO because he has to ensure legal compliance. Especially in Europe where I live we handle things like data protection or device ownership a bit different then in other regions of the world. So respecting the privacy of the device owner is at least so important as the need for protection of the companies data. What does this mean in detail:

  • If the device is owned by the end user (BYOD) respect the personal data and do never change some settings – MDM shoots to short for this goal
  • If the device is owned by the company but “allows” to use it personally (COPE) you also need to respect the personal data – MDM comes in the game to manage these devices

If you think about the devices your life will become easier when every device will be handled like a personal device. I had a discussion several month ago about the differences between BYOD and COPE and the truth is, there is no difference except the company paid for the device 🙂 With this idea in mind, what different technologies has the market for us beside the good old mobile device management solutions like Airwatch, Mobile Iron or XenMobile?

Virtualize your smartphone 

One solution which comes more from the good old days when we worked with Window CE based handhelds is the virtualization of smartphones. There is simply no difference to your virtual machine on your desktop. You just put a second operating system on top of your smartphone and a hypervisor acts as the guard over your hardware. This brings the highest level of security and is more for the NSA agents of us, because the usability is far away from that what we learned when all the App-Store came out. In the laptop space Citrix tried to deliver XenClient for this approach and ended up with a product which is more or less a good thing for technicians, developers and high secure environments.

Add a security SDK to cage your app

The next step in the evolution was driven by MDM players like Airwatch and  MobileIron. It follows the idea to use a SDK delivered by the vendor of the management system. This SDK allows to add several standard security features to prevent data leakage like AD-Authentication, encryption or In-App-VPN. This helps a lot and brings the usability on a level we all can live with. An enterprise application which contains your customer data feels the same like your Facebook app right next to you. The issue comes with the way Google and Apple are building App-Stores. A published application can not be changed that easy to add this special enterprise features. So this solution works only with home grown apps (there are a lot out there) or you find an agreement with the vendor about a rebranded in house version just for you (The way AppSense did this together with some well known vendors, e.g. Evernote). This process hurts, so can we even do better?

Put your app in a box

Driven from the problem adding security features to the application at compile time Mobile Application Management solutions joined the game. Similar to the SDK approach these solutions just take a ready to tun application image and hook some Systems APIs. This means without rebuilding your app (because your are not an iOS developer) it’s possible to add mostly all SDK features to the app. Is it that easy? It is but it works only with in house applications and so can we do better again?

Bring Desktop management to mobile 

Rethink the way we are working with laptops to day? Every modern operating system is able to handle different desktops because we do not know anything else than multi user systems. With a couple tools it’s also possible to hold technically 2 different profiles, one for private one for the enterprise and merge them together on one desktop. This brings to dual personal idea into the mobile game. A good example of this is Blackberry with his new Z10 or Samsung with Knox for Android. This two new technologies can be the missing link to let BYOD become real. Every MDM/MAM player I spoke with is totally committed to the Knox idea on Samsung Android because it solves the problem from the right angle. No changes to apps, published apps are working out of the box, the OS drives the user experience which means no burdens. Supporting a dual persona solution right out of the operating system is the way device vendors should change the market.

Who should look on what now?

Are you part of an IT group which is responsible for mobility implementation? If so, just keep an eye on the dual persona stuff in the Android and Blackberry world. For iOS stay focused on the application containers but start pushing Apple and your Carrier to solve this issue on iOS right.

Are you a mobile application developer? If so, just check out the latest APIs which comes with Knox and on the Blackberry platform. I will walk through a Knox example in this blog as soon as everything is ready on the Samsung side :-). As a developer and architect I’m sure the OS integrated dual persona container will become the next big thing on the enterprise mobile market.

What are your experiences with the different technologies from a developers perspective and an IT admin perspective? Happy to get your feedback in this blog, via twitter, xing or linked in.

This entry was posted in Technical details and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s