Andrea Danti - Fotolia
Organizations that place a high priority on data security can take a cue from how the Department of Defense (DoD) uses virtual mobile infrastructure to secure its mobile computing.
Much of the recent attention around virtual mobile infrastructure (VMI) has been within the private sector, focusing on how it can help address the influx of consumer technologies in the enterprise. But VMI actually has deep roots in the U.S. armed forces, which has been investing in mobile virtualization for several years. If VMI is safe enough for the U.S. military's mobile applications, it might also be a fit for security-conscious enterprises.
With VMI, Android virtual machines (VMs) run on a hypervisor in an organization's data center, and they deliver virtual mobile applications through a client on the user's device. To date, VMI is only compatible with Android as the host operating system because Apple does not allow iOS to run on VMs.
The battle to secure mobile apps
The most well-known military advancement into VMI territory is the joint effort between the DoD and Hypori, a software company that specializes in VMI technologies. The DoD and Hypori coarchitected the Android Cloud Environment (ACE) platform to deliver mobile cirtualization on secure military networks.
The ACE platform lets defense personnel access virtual Android apps on commercial Android and iOS devices from any location. The devices require only the ACE client and do not need to be modified in any other way. The client renders an image of the virtual app on the local device, but doesn't store any data on the user's device.
Using virtual apps gives the military the protection it needs because lost or stolen devices pose less of a threat; no corporate information is stored on the device. And once IT remotely cuts off access to the ACE platform, whoever is in possession of the compromised device no longer has any access to data from VMI apps.
With the ACE platform, military units can implement a specialized microserver that can host between 20 and 100 users. The users can access multiple virtual devices, each corresponding to a different classified network or role. Users can also roam between tactical clouds. Military units can easily transport the server without compromising the data at rest, even if that means riding around in the back of a Humvee.
By using VMI, the DoD has embraced the Commercial for Classified Program adopted by the National Security Agency (NSA), which enables the use of commercial products in classified U.S. national security systems. Part of that program is the Mobile Access Capability Package, which safeguards mobile communication. The Hypori ACE server and mobile client are the first VMI products to make the NSA's coveted Commercial Solutions for Classified Program Components List, which shows products that have been approved by the Committee on National Security Systems.
All of this demonstrates how serious the military is about securing mobile access through virtualization. Personnel can access the apps they need without compromising data security, whether to facilitate chat messaging, squad communications, rally point mapping or any number of other scenarios. Enterprises have different use cases, but the same theory applies in the workplace: Organizations can use mobile virtualization to deliver corporate apps and data to personally-owned devices to facilitate productivity and mitigate risk.
Hypori didn't unveil the ACE platform until March 2015, but the DoD has been serious about ACE and virtual mobile infrastructure since long before that. Of course, the U.S. military confronts many challenges unlikely to ever come up in an enterprise setting, but companies that need to balance mobility with data security may want to consider the DoD's use of VMI as a model for themselves.
Pros and cons of VMI
How VMI is different than VDI
Can VMI provide secure access to apps?