Dual-persona technology may become a popular element in corporate mobility strategies, but it doesn't guarantee the security of enterprise data.
There are two ways to implement dual persona technology. One is when all of the corporate apps and data are containerized on a device. It's possible to implement multiple of these personalities on the same device and isolate them from one another, so employees can have a personal handset and a business handset on the same smartphone. Users can easily shift between the personal and business sides of the device while the personas remain in separate management domains.
The other approach to utilizing dual persona technology is virtualization. Just use a hypervisor to create separate virtual machines, and most of the work is done. While it might seem strange to implement a hypervisor on a handset, VMware has already done exactly that with its Horizon Mobile platform (part of Horizon Workspace). The core disadvantage of VMware's approach is that the required hypervisor must be resident on the handset. Horizon Mobile currently runs only on Android, and it is available only on two less popular phones from Verizon Wireless.
VMware isn't the only company working on dual-persona technology. Many mobile application management (MAM) providers have also dipped their toes in the waters. When you think about it, MAM is really the umbrella concept for dual persona in the first place. The issue of dual persona isn't really creating two separate and distinct spaces for applications, but rather making sure that applications are valid, authorized, effective and appropriate in dealing with data.
Dual-persona technology is likely to become an offshoot of or an adjunct element of MAM, whether it uses a hypervisor or not. But there is a real downside to dual persona: Absolute security is -- and likely always will be -- an abstract, theoretical concept that is almost impossible to reach in real life. Dual persona is not a substitute for identity management tools, appropriate user agreements, employee training, and a broad, comprehensive security policy.
Vendors that currently offer dual persona technology include:
BlackBerry Balance is available on BlackBerry Enterprise Service 10, and is supported on BlackBerry handsets. Balance is a policy-based facility that isolates and separates the management of users' personal and enterprise data. BlackBerry also offers Work Spaces, which is the equivalent to Balance for Android and iOS devices, but trying to use multiple dual-persona options in large production deployments could be a serious pain for IT.
MobileSpaces virtualizes applications and assigns them to personal or enterprise workspaces, isolating the two. The company has described this approach as a "shim" rather than a full-blown hypervisor, which makes deployment, management and use easier.
Mocana MAP (Mobile App Protection) lets IT secure apps and data without writing any code. The product features FIPS 140-2 security, and easier compliance and audit certification. The company claims that applying security controls to enterprise apps is reduced to a few clicks.
Symantec App Center comes from Symantec's recent acquisition of Nukona and is part of Symantec's Mobile Management Suite. App Center isolates corporate data on a personal device.