BYOD is changing the way organizations will be managing corporate data security. In this article, we discuss how exactly mobile virtualization will be impacting data privacy and security on mobile devices.
I interviewed Dror Nadler, former executive at EMC and Rapid7 that is currently with Cellrox as their SVP of Sales & Alliances, to discuss the future of mobile device management. He believes that the current mobile container solutions out there don’t deliver on their promise to isolate the sensitive and the most important data on any given mobile device.
Tamer Marzouk: What do you aspire to as a player in this emerging market segment?
Dror Nadler: “Cellrox is a startup that formed in the summer of 2011. Cellrox built a unique virtualization technology tailored specifically for mobile devices. We believe that virtualizing a mobile device is the only viable option to address the growing demand for security and privacy within the mobility space. Users want to preserve their privacy, regain control and protect what matters to them. It could either be their employer data, personal/financial information, healthcare records or all of the above.Our goal is to make mobile virtualization a standard on any mobile device. We are actively working with OEMs to deploy our virtualization technology on new mobile devices. We are expecting to have our solution deployed on 50 million devices by the end of 2016.”
Marzouk: In your opinion what is the driving force behind your idea to use virtualization?
Nadler: “We usemobile devices extensively and it is an integral part of our daily routine. Each one of us leverages their mobile device for different purposes; some may be conflicting purposes, for example gaming and work. This isn’t going to change anytime soon, and there is no way around it. Mobile virtualization allows users to run multiple virtual mobile instances on one physical device; each VMI dedicated for a different usage, could be customized based on the usage and most importantly completely isolated from one another.”
Setting the stage
Marzouk: Virtualization isn’t a new concept. Who are the first players, why do think your virtualization solution is different?
Nadler: “Mobile virtualization isn’t new. There were few players that attempted to introduce mobile virtualization in the past: Trango, a French company, offered a type-2 virtualization, acquired in 2008 by VMware, OK-labs, offered atype-1virtualization, acquired in 2012 by General dynamics, and recently Red Bend which offered type-1 virtualization, was acquired in 2015 by Harman.
The main reason why these companies were unable to drive adoption for mobile virtualization is due to the fact that they tried to impose server virtualization technologies on mobile devices. When trying to do so, the end result is an under performing device with overall poor user experience. Cellrox developed virtualization technology that resides at the kernel level of the device without impacting overall device performance and while allowing superior user experience. Our solution is scalable, allowing the device to run multiple VMIs at the same time (we tested up to 5 VMIs on a single physical device).”
Virtualization vs. containerization
Marzouk: What are the key differences between containerization and virtualization?
Nadler: “Containerization attempt to ‘fence out’ a section of the mobile device OS in order to protect certain apps and data that reside within the container. All apps share the same namespace and leverage the same OS services. Virtualization on the other hand, can run multiple OSs on a single mobile device. Each virtual mobile instance has a separate OS with a separate namespace and dedicated OS services; One VMI isn’t aware of the existence of other VMIs that may reside on the same device.”
Marzouk: What are the hidden risks to containerization deployment and why might this not be a long term solution?
Nadler: “Containerization is deficient by design with major concerns in its ability to completely isolate the data and information you’re trying to protect.All applications that reside on the mobile device, regardless of whether they’re located inside the container or outside, need to leverage the same mobile OS services, such as displaying info on the screen or receiving input from the keyboard. A malicious app/malware can take advantage of a vulnerability that may exist at the OS services code and intercept information that is about to be displayed on the screen from a secure app that resides within the container.Organizations may think that their information is protected where in reality this isn’t necessary the case.”
Market & Customer base
Marzouk: What is your core customer demographic? Which is your target market?
Nadler: “Our main focus right now are OEMs and Telecom operators in North America and Western Europe. We view mobile virtualization as a necessity for both consumers and enterprises, and are planning to offer virtualization services through our growing partners’ ecosystem for Cellrox-enabled devices in the future.”
Marzouk: In terms of competition, who are your direct competitors?
Nadler: “Cellrox has no direct competition in the virtualization space. There are different container providers that trying to address similar need but can’t match the level of security and privacy we can provide.”
Marzouk: Which companies in Canada provides comparable mobile security solutions?
Nadler: “In Canada, we know of Graphite Software that attempt to provide isolation by extending Android profiles, but this methodology isn’t as secure and robust compare to the mobile virtualization solution we offer since the Android profiles leverage the same OS services I’ve mentioned earlier.”
Marzouk: What are the characteristicsof your solution? And howhas it been perceived by customers?
Nadler: “For OEM deployments, we offer couple of flavours: Cellrox Virtualization embedded or Cellrox Virtualization activated with either 2 or 3 VMI. For enterprises that purchase mobile devices for their employees, we offer post market ROM installation for Nexus devices. Our future plan is to provide virtualization-as-a-service that could be used on any Cellrox enabled device. We also offer on our website a freemium version for Nexus 5 & Nexus 7 for early adopters that would like to try mobile virtualization.
We introduced a pilot for virtualization-as-a-service with Orange at the Mobile World Congress in March which was well received by both customers and partners. Cellrox virtualization is device independent and can operate on any smartphone device. We currently support Android OS and are planning to introduce our technology for iOS and Windows phones in the future.”
Marzouk: What are the challenges you face right now and how are you going to address them?
Nadler: “Our immediate challenge is figuring out how to get on as many mobile devices as possible. We are actively working with OEMs in China, Korea and Japan and making significant progress. The initial batch of virtualized devices will be available later this year.”
Marzouk: Can you give me a sense of the success you at Cellrox are looking forward to?
Nadler: “We view mobile virtualization as a true enabler to ensure security and privacy on mobile devices. We would like to get to a point where mobile virtualization becomes a standard where most mobile users leveraging it every day in order to preserve their privacy and protect the information that matters to them the most.”