This morning, managed desktop provider MokaFive is launching a new approach to solving two of the most pressing issues facing IT and security professionals: the infusion of consumer devices – notably the iPad – into corporate data centers; and enterprise workers turning to consumer cloud storage services like Dropbox and Box.net to save and share corporate data – both coming without IT’s control or supervision.
As it turns out, MokaFive for iOS is not a Windows or Mac virtualization platform for iPad, as many had expected. From the IT department’s perspective, it may actually be better: a secure storage platform that enables corporate data saved from the corporate PC at work and the notebook PC at home, to be viewable and manageable on an iPad.
As company COO Purnima Padmanabhan explained to ReadWriteWeb, MokaFive for iOS makes an iPad or iPhone into a bridge between the two clients – work PC and home PC, especially when that work PC contains a MokaFive virtual “Live PC” environment. But that bridge will be manageable by corporate policy.
“If you have the entire MokaFive solution, MokaFive Live PC contains your entire corporate desktop,” explained Padmanabhan. “So you will have user data files on your corporate desktop, which will be backed up to your data center. And the data center will contain the golden copy of all your data, which is then synced down to the iPad for viewing purposes.”
It’s the cloud… kind of. In fact, Padmanabhan uses the metaphor “bubble” to describe it instead, and it’s a word she’s chosen carefully. You can pop a bubble; and there are circumstances where either you or IT may need to pop this one.
“Let’s say I drop my iPad into a pond, or completely lose it. My data is still recovered and intact. I can just go get a new iPad, the corporation will restore the data for me, and I’m up and running… [Now] let’s say I join the company, I’ve got my MacBook Air, and my iPad. When I walk in, [IT] will provision a MokaFive Live PC with a full virtual desktop onto my MacBook Air, and then they will deploy MokaFive for iPad. Now, I can have both environments completely in sync. But they are always controlled centrally, from the management console. And the policies that they establish for me from the central management console apply to both environments. So three months later when I leave, they can just find my username in Active Directory, and say, ‘Wipe all instances of the corporate environment.'”
It’s provisioning and deprovisioning of resources accessible from the user’s choice of equipment (in this case, clients that carry big, bright Apple logos) without the IT department having to touch those clients.
The problem IT departments have had recently with Bring Your Own Device (BYOD) policies and cloud-based storage is that sensitive corporate documents persist when people leave the company (which, as Padmanabhan implied, happens disturbingly often these days). The COO tells me that the complete MokaFive environment, which now includes both the Live PC hypervisor for Macs and the new iOS document management tools, are designed to leave zero traces of corporate data, in case the proverbial bubble has to be popped.
“We wrote our own encryption, and we do not even save the encryption keys in the PC,” said Padmanabhan, citing the number of times Apple ID has found itself subject to breaches. “We presume that the device that you have could be your personal device or a corporate-issued device. We have to assume fundamentally that it’s untrusted. And if you’re presuming the device is untrusted, then you have to make sure the encryption is actually saved in a way that won’t depend on any device locks. The application itself has a built-in passcode and password locking, you can authenticate with Active Directory and, if needed, you can also tie in with two-factor authentication. You can also have application-level passcodes.”
If a new contractor comes into a company and is issued the same Mac that a previous employee had, then IT can provision a new MokaFive “bubble” on that system without the new employee potentially encountering traces of data from the old employee. “The big advantage is you do not depend any more on trying to manage the whole device in order to actually manage the records,” she continued.
“Our value proposition to the CIOs is, manage what matters. Devices are immaterial,” she asserted. “What matters is your intellectual property…
The MokaFive solution also tries to take user needs into account. “The most popular solutions for iPads and tablets in the market are mobile device management (MDM) solutions,” Padmanabhan said. “And the fundamental problem with MDM is, they take over the management of the entire device. Now, as an iPad user, I can tell you, I don’t like it if IT is seeing what books I read or videos I see or applications I’m using. I just want them to manage what is relevant to the company. So this way, there is true separation of the personal and corporate world. Really, we are able to bring those two worlds on a single device, yet keep it safe, secure and, most importantly, private.”