Enterprises are encouraging the use of mobile smartphones in the workplace to increase productivity. In one industry practice, employees buy their own smartphones and install enterprise software on the phones to increase productivity on the move. However, in many industry sectors, e.g., finance and defense, employees are provided with standardized smartphones due to security concerns, these standardized smartphones are “locked down” and have limited functionality. For example, the universal serial bus (USB) ports, javascript the web browser and software upgrades over popular marketplaces (iTunes, Android) are disabled on these devices. Only enterprise applications from a secure portal can be installed.
Giving a separate locked phone to each employee, however, presents a number of drawbacks. For example, users are frustrated as phones are not fully functional and cannot be used for personal usage, prompting some users to carry two phones—one for business and a second for personal use. In addition, the enterprises providing these phones incur both capital expenditures and operating expenditures from owning and supporting these phones. Other solutions to the security concerns include installing a hypervisor on each mobile phone and securely booting a business image on the mobile phone. However, this approach requires cooperation of both device manufacturers and service providers, who tightly control the phones. The virtualization if done correctly can solve most of the security issues but not when a root kit operates below the hypervisor layer.