"In many cases, you actually have great control over protecting that data than you would with a general MDM solution," Symantec's Duckering notes.
It should be noted that even when you manage applications rather than devices, special care is necessary for certain high-risk application types. For instance, in addition to providing the ability to manage internally developed apps and third party apps, Good also provides its own secure email app and secure browser app.
"The reason we have a secure email app and a secure browser app is that the native apps on these devices are inherently leaky," says Good's Herrema. "If you can't actually secure and manage the core browser and the core address book and core email app, you're still going to have data loss."
Run a Second Virtual Phone with Hypervisors
Instead of MAM, Red Bend Software takes an alternative approach that is more reminiscent of MDM. It uses type 1 hypervisors on particular Android handsets to create what is essentially two virtual phones running simultaneously on the same physical hardware. One phone is the standard consumer device for use with Facebook and Twitter and other consumer-facing applications. The other is a phone running a dedicated Android operating system geared for the enterprise.
"We allow the enterprise to completely manage that part of the phone," says Morten Grauballe, executive vice president of Corporate Development and Strategy at Red Bend.
Grauballe explains that by leveraging a type 1 hypervisor, Red Bend is able to achieve excellent performance because it runs directly on the phone's hardware (as opposed to a type 2 hypervisor, which runs as a software layer above a device's operating system). And, he adds, Red Bend achieves significantly better security because it doesn't run inside the same OS as the other consumer-facing applications.
"The usability goes both ways," he says. "It gives the IT organization better control, but gives the user the privacy and freedom they would like."
One drawback of Red Bend's type 1 hypervisor approach is that it can't be implemented on just any smartphone. It requires the handset manufacturer or chipset manufacturer to architect the device to support bare metal virtualization. Red Bend is attacking that problem aggressively.
"We're working with our customers, who are all the mobile device manufacturers-chipset manufacturers to ODMs and OEMs-to actually change the architecture and how the next generation of mass-market devices are designed and built so they are enterprise ready from the beginning," explains Lori Sylvia, executive vice president of Marketing at Red Bend.