Trending

VMI — Finding a Delicate Balance Between Security and User Experience

anat

By Anat Litan Sever - Dec-03-2014

A Delicate Balance: Photo by Jennifer B. Short.

In the era of BYOD (Bring your own device), enterprise organizations are searching for the optimum mobile work environment — one that will function with a delicate balance between security and user experience. The enterprise organization’s goal is to reach the highest level of security, while the employees (the users) want to interact with a simple and fun user experience.

The Arrival of VMI — Virtual Mobile Infrastructure

To bridge the two sides, we’re seeing the emergence of a new disruptive technology called VMIVirtual Mobile Infrastructure. Why is it disruptive? Because instead of installing native mobile apps on a device, they are installed on a remote server. A remote mobile environment allows enterprise organizations to own and control all their data, rather than have data stored on personal devices. From the users’ perspective, they will continue working with their iOS or Android devices, only they will interact with a remote cloud and will maintain the feel and experience of working on a native mobile device. The idea is to have a remote workspace based on a mobile operating system like Android. Some call this technology mobile-based VDI (Virtual Desktop Infrastructure) or Android enterprise cloud. By using a remote workspace, all of the organizations’ apps and data are safely located at the datacenter. Adopting VMI means that when millions of mobile devices are “traveling” the world containing precious corporate information, they are traveling safe. Employees who are working everywhere with their mobile devices will gain another environment with the most up-to-date Android work tools. It allows them to keep working on-the-go.

The Unseen Brain

One of the main differences between VMI and the common alternatives is rooted in the Unseen Brain concept. The term “The Unseen Brain” is a metaphor. The “brain” is the remote Android platform that knows how to handle multiple work environments. “Unseen” refers to the fact that this brain, is unseen to mobile devices, as it is located outside the device on a remote cloud. The other alternatives store apps and data on the mobile devices. Even if they are stored in a secured container, an attacker can go behind the container (i.e. break the encryption layer), and analyze the data thoroughly. After breaking through the encryption barrier, the attacker can enter the fully exposed data of the organization.

An attack can be carried out by finding the encrypted keys. If the data is encrypted and decrypted within the device, the keys must also reside in the device. The answer to this problem is to simply not store any data on the device.

On the contrary, when using VMI technology, the only thing that appears on the screen is a flat image, which is a “mirror” to the Android cloud. This flat image can neither be analyzed nor captured. Even print screen is locked.

One Work Environment for One Enterprise Organization

Resembling the enterprise’s remote platform, the Unseen Brain enables all the employees in the enterprise organization to work on one unified work environment, no matter if they are using Android or iOS devices. Let’s dive into security opportunities. Since the Android OS is installed on a server, it enhances the remote Android server’s security through a variety of means, resulting in a much more secure server operating environment. This is due to the advanced security measures that are put in place during the server hardening process. Another important outcome of having the Android OS installed on a server is that IT controls and manages only one environment for all their clients. The employees benefit with an easy collaborative experience, as everyone in the organization shares the same work environment. For example, if John, a salesperson who is using an Android device wants to interact with Kim, a marketing writer, who uses an iOS device, he can do it easily as both will have the same Android apps with the same collaborative features, and the same file types.

Will Employees Select Their Own Mobile Work App in the Future?

When the enterprise organization is planning a BYOD strategy, it will also take into consideration what apps and tools are needed in order to serve the needs of its users. The employees prefer to use the apps that they already know from their personal environment. When using VMI, the users will continue having the same experience they’re familiar with from their personal use with their enterprise use. Moreover, this technology allows the employees to safely install (from the remote cloud) any Android-based apps, thereby integrating user satisfaction with business needs. When selecting the specific apps to be used for selected users, it’s important to consult with the various departments in the organization (for example, engineering, finance, sales, marketing, etc.) who can advise on which apps can best serve the organization’s needs.

The organization can set budgets per department or per employee. Every department can install the professional mobile apps they want to use: Graphic designers have their favorite apps while marketing folks use the specific analyzing apps that are most productive and efficient for them.

In this aspect, the employees are having a positive experience by letting them select what best suits their needs while enjoying the same app experience that they are used to. In short, the enterprise organization will benefit from faster and better apps, acquired by those who know best what suits them.

A Communication Protocol that Answers Both Security and User Experience Needs

Another key to success when developing a remote mobile environment is building a communication protocol with maximum security. MDM (Mobile Device Management) or MAM (Mobile Application Management) solutions utilize and transfer multiple protocols in one tunnel —
one for each app. Working with multiple protocols adds a number of potential Achilles’ heel weak links. The more communication protocols “running” in the tunnel, the less secure the environment is. With a remote mobile environment there is only one safe communication protocol. When this communication protocol is reflecting the user experience, it needs to be built to support all mobile experiences, including rotation, vibration, visual, navigation, touch, and sound. Users who depend on an enterprise work environment should be supported by the entire mobile experience.

A Delicate Balance

In the end, just as the enterprise is hungry to find a holistic approach that will include maximum security, there is equally a hunger on the part of its most valuable assets — its employees — who simply want to enjoy their work experiences just as much as they enjoy their private ones. A VMI solution can help organizations maximize returns for both of these important outcomes and strike the BYOD balance.