The BYOD (bring your own device) to work debate has exercised plenty of minds over the last two years and a whole plethora of solutions are being thrown at the problem. Both public sector organisations and enterprises have woken up to the fact that they have to somehow find a way to allow their staff to combine personal and work use on one device.
Chicago-based Open Kernel Labs (OK Labs) has been working on the problem for nearly six years now. It’s software solution enables device manufacturers to create a separate ‘work’ environment on an off-the-shelf mobile device. This isolates the work environment from both the main operating system and the ‘play’ environment, so that it remains protected in the event of malware attack.
Its software has been deployed on more than 1.5 billion devices worldwide to date, which makes it easily the most widely deployed mobile virtualisation software solution in the world, according to its founder and CEO Steve Subar.
Speaking to Wireless at Mobile World Congress 2012, Subar said: ‘I think they [enterprises] are eager to implement the dual persona device, but they are frustrated at how to do it so there has not been much deployment.’
For organisations like the military the situation is even more critical. Subar reports that the US Air Force recently cancelled an order for 2,800 iPads as it could not find the level of security it required to let staff take devices home or out into the field.
‘So, we decided to focus on the military, government and public safety markets over the last year,’ says Subar. The logic here is that if the company can provide a ‘defence-grade’ solution that meets the very stringent security demands of the military and public safety community, then that should provide a very reassuring solution to big corporates and other enterprises.
LG Electronics to use OK Labs software
OK Labs unveiled three new announcements around this at MWC; the first being a link up with Korean device manufacturer LG Electronics to develop defence grade mobile devices for the US Department of Defence (and other ‘three letter’ US agencies).
The aim is to use COTS (commercial off-the-shelf) devices for secure communications; what Subar refers to as COTS to GOTS (government off-the-shelf). The point here is that a COTS device is far cheaper than the specialist products often developed for the military in the past. With budgets being squeezed, a COTS device that can deployed in volumes is a very attractive option.
‘We will provide the required level of security using a commercial device by adding our virtualisation software and isolating the portions of the device that need to be guaranteed secure for encrypted communications,’ says Subar, adding: ‘The solution is very relevant to the public safety sector too and we have another client in that space, which we hope to reveal in September or October this year.’
High Assurance Framework
The second announcement is a reference design called the High Assurance Framework (HAF) for mobile/wireless device applications. Subar says that many customers can usually describe what it is they want, but find it harder to describe how they want that to happen. Hence, the publication of the HAF as a reference tool for industry.
‘The aim is to get the credibility from those parts of the public sector that have very demanding security, isolation, performance and cost needs and illustrate that that works for them and so it will meet whatever requirements sectors such as finance and healthcare might have too,’ he says.
Subar adds that the company has become a kind of a king maker at the moment, although that is not its business model. ‘Because we understand how to make this work we can facilitate what needs to happen between all the ecosystem partners. So if General Dynamics comes to us and says we’d like to serve up one of these devices, we can help them by connecting them with an OEM already familiar with our software and with partners who can provide solutions to specific needs such as data management or securely handling photographs,’ he says.
STMicroelectronics licenses OK Labs software
The company’s third announcement is that STMicroelectronics has joined its partner programme for chipsets. It has acquired additional software licenses for the OKL4 Microvisor for ARM9 processors. The additional licensing follows the agreement in 2009 between OK Labs and ST-Ericsson, the joint venture between STMicroelectronics and Ericsson.
OK Labs’s software needs to be incorporated into the mobile device at the factory stage, so collaboration with the device manufacturer and other partners in the supply chain is critical.
Subar describes what OK Labs does as providing the foundation to build house. ‘We provide a virtual empty room on the device and each customer can put whatever furniture they want in the room. We provide the capability to organise that based on their requirements and we have software company partners who will supply their particular needs. We don’t do secure VoIP for example, but we have partners that do.
‘Look at data security. There has to be a way to secure data in motion, in use and at rest and do different things with it. For example, you can programme the device so that it is okay to view a document, but not copy or paste it,’ says Subar.
‘Or take encryption for voice, data and apps,’ he continues. ‘Public safety and defence people talk about high and low classification. So, you might have two instances of Android: a secure version for sensitive calls and an unsecure version where you can download Angry Birds. The point is you know if the open side is attacked by malware, the secure Android side is safe.’
Some customers require encrypted VoIP and access to high speed broadband data, but need to know that if they are in some kind of unsecured area that certain applications will be disabled. ‘If a staff member is in China, the organisation will want to make sure that Wi-Fi and Bluetooth turn off automatically. If the device is outside of a defined area, you can programme it so certain things won’t work for security reasons. By doing it automatically you avoid human error or forgetfulness and you don’t get issues with key logging and malware and other kinds of intrusions,’ says Subar.
Pure player for mobile virtualisation
Subar reckons that OK Labs has an advantage over other software virtualisation rivals in that it is the only pure player out there. The others make operating systems and other tools, as well as virtualisation software, which can sometimes compromise their ability to work with others in the ecosystem. Virtualising parts of a mobile device usually requires handing over software code to another company, but if that means handing it over to a rival then the collaboration is unlikely to happen.
‘We don’t make an operating system and can work with all OS vendors or anybody else, so that helps in winning deals,’ observes Subar.
It is also helping to make OK Labs the favoured point of reference for mobile/wireless virtualisation. ‘If you want to make a device that meets US Government security requirements you talk to the NSA (National Security Agency) and they say talk to OK Labs,’ says Subar. ‘The LG Prada phone will help cement our position here. With more devices going into public safety, government and defence this year, we hope that next year enterprises will say: “If it’s good enough for them, it’ll be good enough for us”.’
The future: more software vendor integration
Subar thinks there will be a shift in the market in the next couple of years. ‘It is challenging and frustrating for end users to figure out who has got the best in class solution in each category of application they want for their devices. When they do figure it out they may end up with having to work with many different companies. That’s a lot of vendors to co-ordinate and lot of software to knit together, but they don’t want to do that; it is not their business.
‘So, what I predict over the next couple of years is that we will start to see some consolidation, with companies like OK Labs providing more one-stop shop solutions of these different piece parts. That will make it easier to deploy a full system onto the device in one go, as the software will come as an integrated system. It is like automobiles. You don’t go to one place for the engine and another for the chassis. You buy it as an integrated machine and expect it all to work together,’ concludes Subar.