A new virtualization technique lets users create two separate Android "spaces" on their smartphone or tablet, one for personal use and a kind of walled garden for work use. The beta software, from Cellrox, is being demonstrated this week at Mobile World Congress 2012 in Barcelona, Spain.
Using Cellrox Jade, this work "persona" can be fully secured and managed for enterprise data, applications and networks. Yet the owner of a personal device with Jade installed, still has complete freedom to configure it as he wants, with his personal choice of apps, social media and all the rest.
Scheduled for a May release, Cellrox Jade, which consists of an on-device client and server software that's either loaded behind the firewall or hosted by a provider, including Cellrox, is aimed squarely at enterprise IT groups, struggling how to secure the mobile explosion of personally and corporately owned smartphones and tablets, says Omer Eiferman, CEO of Israel-based Cellrox. The company was founded in 2012.
From the user's viewpoint, Cellrox "intrudes" hardly at all. The private and personal "spaces" are color-coded: blue for the workspace and red or orange for the personal space. Jade installs as a bar at the top of the phone's screen, showing the space you're active in, and reducing the other space to a color-coded mini-tab on the bar. Just touching the bar will switch the user from one persona to the other, with no observable impact on performance. That context switching was created by Cellrox, through a set of patent-pending certification and sharing mechanisms.
Cellrox has started working with carriers and manufacturers on the possibility of pre-installing Jade on specific devices. The enterprise then can activate them when they connect automatically to the Cellrox management system. A companion product, Cellrox Amber, is tailored for the consumer market and it will follow Jade's release later this year.
This "lightweight virtualization" technology was overseen by Jason Nieh, associate professor of computer science at Columbia's School of Engineering and Applied Science. Cellrox has been granted exclusive global rights to turn it into a viable commercial product.
The Columbia University researchers created a virtualization layer not between the operating system and underlying hardware, but between two software elements: the OS kernel the UI that runs above it.
"We can use the same kernel, the OS core, and then create different containers [for the UI space] above that," Eifferman says. "We can even run more than two instances. In the future, you'll have on your smartphone a work persona and one for your private life, and perhaps yet another one for your online gaming persona."
Each one is a self-contained Android environment, but despite the common underlying kernel, completely separate from each other. Eifferman says one implication of this a user could download a malware-infested app from Android Marketplace, install it on his phone in his personal space, and leave the enterprise space on the phone completely unaffected.
"The work persona is managed by Cellrox Manager, and administered through Cellrox Manager, just like a typical MDM software product," he says. The user's unmanaged personal apps, data, social networking configurations and so on coexist with the managed business persona.
Once it becomes widely available in May, enterprise customers will simply use a Web interface to the cloud service to register single or groups of devices. The monthly subscription fee per user will range from $5 to $8, depending on the number of users.