Organizations and enterprises, both public and private (including government, business, education, health care and other institutions, among others) are struggling with many challenges around securing information assets while trying to support mobile workers through the use of rapidly evolving wireless computing technologies. The choices are costly and complicated. Mobile workers want to remain connected with their enterprises when mobile and often rely upon wireless handheld communication devices such as cellular telephones, PDAs, etc. for messaging and other applications.
BlackBerry® from Research In Motion Ltd. stands out as the dominant mobile device and supporting infrastructure that is trusted by IT departments to be authenticated to safely access information assets—both on the device and in the enterprise. Other commercially available handheld mobile devices and/or systems therefor include Palm Treo, Pocket PC and other devices executing Good Mobile Messaging and Intranet from Motorola Good Technology Group, Motorola, Nokia, Palm Treo and other devices executing Seven software from Seven Networks, Inc., Apple's iPhone, devices executing Microsoft's Mobile 5 (M5) platform, and devices executing Google Inc.'s Android platform, among others.
BlackBerry devices are wireless handheld communication devices comprising relatively small display and keyboard interfaces. The strength of these devices lays in their secure and reliable communication capabilities. They are not intended to be general purpose computing devices. Often mobile workers have both a BlackBerry device and a laptop computing device to meet all of their needs.
Organizations have invested significantly in secure infrastructure for remote access with technologies like: Citrix, RSA ID, and Virtual Private Networks (VPNs) to enable laptops and other remotely located computing devices to connect in a secure manner to the enterprise (i.e. to the organizations' private networks via the public Internet). As well, some organizations empower their mobile workers with “Air Cards” to enable their laptops to connect to the enterprise, using the incumbent security infrastructure (e.g. VPNs), over the same wireless networks (e.g. cellular networks) supporting the BlackBerry. Yet in general, many people with laptops that require remote access beyond email also carry a BlackBerry—an already trusted conduit to the enterprise.
Organizations prefer not to manage disparate technologies that achieve the same results. Leading organizations have a vision of “endpoint independence”; meaning organizations can allow their users to select and use whatever endpoint computer they want as their personal computing device, leaving the user to maintain that computer and keep it free of viruses, allowing them to use the computer both for business and personal use, while the assets of the enterprise remain controlled, monitored, and secured.
In situations in which the endpoint computer is not managed by the enterprise, there is concern over the potential for sensitive data to be left behind on the endpoint computer (e.g. PC, laptop). In situations in which data is moved from a user's handheld device to the endpoint computer's resident applications (e.g. Microsoft Word or Excel), there is a risk that temporary files that contain such data could be left behind after the user's session ends.
Thus it is desirable to provide a solution that will allow the mobile user to connect from a laptop or other presentation appliance that is capable of executing a web browser, to their wireless handheld communication device (e.g. BlackBerry). By virtualizing the presentation layer of the handheld and running the applications on the handheld, using the laptop as a presentation device, users can leverage the secure connection to the enterprise from the handheld. The laptop can leverage the handheld's radio access technology to connect to a wireless network and operate the handheld's secure communication capabilities to authenticate to the enterprise's private network. It may also be desirable that no data trace (i.e. “zero residuals”) of sensitive information be left behind on the laptop or other endpoint computer.