In a simultaneous announcement at the RSA security conference in San Francisco and Mobile World Congress in Barcelona Monday afternoon, VMware Chief Technology Officer Dr. Stephen Herrod made two extraordinary revelations. One is that his company is working on a technology that would give businesses with “BYOD” policies for their employees a way to deploy virtual phones on virtual devices. This would maintain business assets on devices that employees purchase for themselves and use as their work phones.
“The idea is actually pretty simple,” explained Dr. Herrod to attendees of the Cloud Security Alliance Summit at RSA. “You have your phone that you go out and buy, and you go to an app store and download a level 2 hypervisor that’s going to be in place there. Then when you show up at work, what you’re able to do is, rather than get a work-issued phone, you’re going to get a work-issued virtual phone.”
VMware is currently developing the concept for Android phones, but did not show a working model Monday. The virtual phone may contain company-approved apps, which would still be downloaded to the device over the air, though they would then reside on the virtual envelope.
“Basically, think of it as having two personalities on that phone, separated by a hardware virtualization layer. What’s important is that, the corporate phone is owned by my company, not by me. I’m in charge of everything that’s on the personal phone, but when I start up that application, it’s all encrypted, it’s all communicating over automatic VPN… and only those applications approved by the corporation can actually fit on that corporate phone.”
A virtual corporate phone could revolutionize the way mobile devices are secured and administered by companies, and it could also have an impact on purchasing choices. Apple’s tight control over the apps distribution process makes it an unlikely candidate for following up on Android’s head start toward this feature.
But it also would give incentive for administrators to deploy some kind of corporate device virtualization portal, which sounds more like VMware’s bread-and-butter. Herrod didn’t specifically mention such a product, though he did allude to its existence with respect to another open experiment the company revealed today, one which would absolutely require such a tool for its existence.
It’s part of VMware’s multi-faceted “Project Octopus,” the existence of which was first revealed at VMworld last September. Think of Octopus as providing (among many other things) an alternative for DropBox, for all those enterprises that have come to realize their employees are storing corporate assets in public clouds through their private devices. Octopus, whatever it ends up being called, would give employees a cloud they could use instead, while staying within the policy boundaries of their employers.
“DropBox is an incredible app, a great way to get access to your files wherever you happen to be. It’s very convenient,” acknowledged VMware’s Herrod. “And enterprises don’t have an alternative for that right now.” Octopus would offer corporations the same file sync and share service as DropBox, while maintaining the data behind their own firewalls, and enabling richer policies. For example, admins would have the ability to revoke access to specific files within a set number of days. Or, if an employee leaves the company, the admin could make certain that person cannot use the company’s apps or access corporate data.
“I think you’ll see a lot of solutions like these that become different ways of containing the applications and the data, ultimately fitting into this broker concept that has to be third-party aware, but also with unique aspects that each company might need,” added Herrod. Obviously there will be more arms to the proverbial Octopus than just the two.
