Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Virtualization advancements focus on protecting data at the source, not on the device


Mobility has liberated enterprise users with unprecedented potential for business productivity. However, security challenges abound, as evidenced by the doubling of malware on mobile devices last year, according to Kaspersky Lab. No wonder, then, that 83 percent of organizations are concluding that mobility overall creates a high risk.

Much of this is exasperated by the burgeoning Bring Your Own Device (BYOD) practices, as using personal products for work purposes introduces new exposures. For the modern enterprise, sensitive and/or proprietary data is an asset which cannot be subjected to such risk. 

The technology industry, of course, is responding with solutions. Today, companies are adopting a variety of tools, but with limited success. They're buying into what's called Mobile Device Management (MDM) as a remedy, which has clearly gained ground given that there are nearly 130 vendors in the MDM category. MDM performs an admirable purpose in helping manage a plethora of devices in an enterprise. Yet, its impact remains limited because, after all, MDM isn't really a security solution. 

Then, there is the secure container, which is an application-layer solution to keep apps and data within a designated ‘sandbox' on the device. OK, now we're at least talking about a security-focused tool. Thus, containers offer a better approach than MDMs, but they fall short because any compromise below the application layer leaves these containers exposed. They seek to ensure that data on the device is not misused, stolen, lost or leaked. But the data still exists on the device.

Frankly, this kind of approach places a huge burden on IT. The wealth of devices, apps and operating systems out there are already overwhelming, and will only grow in quantity. A device-centric solution requires them to stay on top of everything while still not meeting the stated goal … Is that realistic? The conclusion is obvious.

That's where Virtual Mobile Infrastructure (VMI) enters the picture. Think of VMI as the mobile incarnation of Virtual Desktop Infrastructure (VDI) software, which separates the desktop environment and apps from the physical endpoint used to access them; only with VMI, the apps virtualized are ones developed for the native mobile platforms. With VDI, organizations reduce administration, enhance security and decrease power usage, among other advantages. Users connect to their environment, which resides securely in the cloud as opposed to the desktop. If anything happens to the desktop, critical or sensitive data is not compromised.

In other words, virtualization is about safeguarding data, not the machine. VDI is quickly gaining in terms of public and private-sector deployment, as Gartner estimates virtual desktops account for 40 percent of the entire PC market.

So why not just extend the VDI environment to the mobile devices? Because, VDI supports the desktop; it's built for the keyboard-and-mouse environment. That's why VMI proves so crucial, to extend VDI concepts to mobility. It takes virtualized native mobile apps and redisplays them on the tablet or smartphone, securing both public and sensitive/proprietary data in the cloud instead of the device. IT admins don't have to oversee an ever-increasing number of devices and operating systems. With VMI, they focus on the data residing in the cloud. As for those devices? They're endpoints, nothing more or less. Cost savings are considerable, as you won't have to target multiple platforms for the same app. In fact, since the apps and data are separated from the device, the state of the device is of less concern as well. 

Here's how it works: Sensitive data and native mobile apps are secured at the back-end. The mobile user accesses resources hosted on a virtualization platform, through a secure gateway, entering credentials to verify device and user certificates. Using the policies configured based on device and user identities and any number of other granular criteria the end user is authorized for the permitted virtual native mobile apps and resources.

Virtual native mobile apps are immune from exploits that might occur on a compromised edge device. Only the virtualized native mobile app interacts with enterprise data, so sensitive and proprietary data never actually leave the secured network. If there's a malware-infected device, it never gets a chance to propagate through the enterprise network.

In today's mobile era, organizations can't keep up with the extent of devices and accompanying apps out there which their users are introducing to the enterprise. But they can control the integrity of their data and informational assets, which is the true goal of enterprise IT security departments. With VMI, they can take comfort in knowing that these assets will not fall into the wrong hands – no matter what happens to the device.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.