What is BYOD? And why would anyone care about it?
Here is a little backgrounder on how we got here in the first place. How IT departments have had to change to user’s demands to allow use of employee’s own devices when in the workplace.
As devices have become smaller, more powerful and personal, users tend to be “always connected” to them. Having a “computer” that one can tuck into a pocket, has made it convenient to be mobile. The powerful convergence of several devices into one (camera, phone, scanner, browser, and more) have enabled people to carry just one device to take a photo, share it with the world, email, blog and literally do almost anything that was once the domain of the desktop computer. This has caused an explosion of acceptance and has also brought extra challenges in the way people use and interact with them.
Social change has moved slowly and painfully for many on how we tend to use these devices, we have had to adopt levels of etiquette on when and how we can use them in certain environments (movie theatres, flights) and started to think about security both personal and business on who can use them and what data is made available.
BYOD addresses one of these questions – how do you separate your personal data from your work data - who manages it? And how to manage 100’s maybe 1000’s of different device types at all may be insecure and possible hacker entry points?
Big questions need big answers!
To understand why we just don’t have a solution from one organization we need to take a look at the landscape we currently have in the mobile space.
Almost all mobile phones can trace their roots back to a unix and linux based Operating system, the software engine that keeps all the applications and functions running properly on your smart phone. Without this operating system nothing would work.
Linux was developed for computers of all sizes, however, it was never really envisaged that it would end up on mobile devices so extension to the OS had to be made to support many of the functions one would need in a small compact mobile device. Screen sizes, user interfaces. While a good solid and evolved over decades this vital piece of software had more holes in it for hackers to get into than a swiss cheese.
So along comes the smart phone that needed an operating system to control its functions and engineers took to Linux. The price was right… you can’t beat FREE and it had an established and vast set of trained programmers out there who knew their way around it. Manufacturers quickly embraced the operating system and built their additional value-added extensions to it and soon each variation of the OS generated its own gravitational pull of applications and development environments to create collections of apps that would run on these new flavors of OS.
One flavor was called Android, developed by google and licensed to manufacturers to run on each of their unique smartphones. Manufacturers would build HW and their smartphones would be classed as Android phones.
In contrast to this, Apple provided its developers with a similar path on its smartphones the iPhone family. And with each new model the operating system would need to be extended to support new screen resolutions and extended functionality such as integrated scanner or finger gesture input etc.
Apple decided to keep control of, what they call in the industry, their ecosystem which basically means their hardware design and the software applications that run on that hardware. This would be called a closed system and so they would not license their designs or software to others. There are no other companies, for example, who make iphones other than Apple. Only Apple design and manufacture, iphones. This allowed Apple to control their hardware more effectively and consistently across their line of products but of course, there is only one Apple Computer and variations of design are limited and more costly.
Google took a different approach; they decided to license their Android Operating system to any and all hardware manufacturers who wanted to integrate it into new mobile devices or smartphones. The terminology for this is called an open system.
While this option created an explosion of smartphones at various price points from various manufacturers, it also left HW manufacturers to support whatever “kitchen sink” functionality they included for a particular variant of their hardware du jour.
Each quarter would bring a new raft of shiny new phones with new unique features and functions over and above what came wrapped up in the basic operating system release (each release was associated with a codename rather than being associated with a release number, while there was a release number – people would just talk about its code name such as “jelly bean” or “ice-cream-sandwich”, ”Cupcake” and “KitKat”. This meant that there were now many versions of Android and many variations that did not all talk to each other. All Android phones but not all made equal. For developers of applications this was a little nightmare to support up to 100 variants of the OS running on different types of phones.
So now you see the background of the landscape of how diverse a universe of mobile phones has become in a very short time. While all run what is known collectively as Android, some variants are very different in how they perform and what functionality they can provide.
Linux is not a particularly secure operating system, consequently neither is Android. So in order to provide a level of security for an individual one would need to create an “environment” that would be more secure than the current operating system offering.
The only way to separate business from personal was to create a “walled garden” that would keep one from the other – any routes in or out would be closely monitored. This is called containerization and is the basis for several companies’ efforts who are working to achieve this.
Manufacturers have taken unique approaches to provide differing levels of security, starting from the HW design itself to software solutions that provide the best security while being flexible and manageable. All these systems are managed by programs that run at the IT-end of the business.
Consequently, we are back to our IT departments who are able to manage and implement policies (i.e. who gets to see what information, think 007 and what security level they would be and what they would be allowed to see?) and track use and access to sensitive information.
Blackberry with BES (BlackBerry Enterprise Server) has until recently been leading this lucrative market but now is under intense pressure not only from HW competitors but also from companies who are offering cost effective solutions to the BYOD security issue at large enterprises.
Samsung, KNOX is a software offering which provides an android software/firmware solution that enterprises can enable and manage android devices. Firmware is software that re-routes the hardware itself before the operating system gets a chance to control functions. This means that very low level functionality can be woven into the device which would make it even harder to break the security that already comes standard with the package.
Apple, with their iOS had to essentially re-write their Operating system version 7 in order to fully realize some of the necessary levels of security needed to perform containerized (in software) or compartmentalized (in both software and hardware) security.
The US government passed Apple by validating their ios7 was indeed a valid option to be used for secure Agencies and thus became members of an exclusive club of approved manufacturers for mobile devices. A club consisting of BlackBerry, Apple, Samsung, Microsoft. For more info, check this website.
So, Knox is an Android-based solution designed to enhance security of the current open source Android platform for enterprises to manage mobile devices.
Quite simply, it means that employees don’t have to carry 2 phones anymore, one for personal use and one for private. Installing and using the Knox app on any of these android platforms will allow employees a secure means to keep both types of data separated.
IT departments are eager to use a solution like this because they can push sensitive data around in the knowledge that they can see who is accessing it at any given moment. 2014 will be the year in which enterprises will be implementing a new flexible method to bring your own device to work and still be able to receive family emergency messages that you need to send Auntie Mable her birthday card on the same mobile as reviewing tomorrow’s presentation to the board. The future looks bright for the minions to cut down on the devices that they have carry around in order to comfortably work and play.
Enjoy the New Year!
Published on Dec 19, 2013