"More and more of this will move into the cloud. But today, it's still a small percentage," says Phillip Redman, an analyst at Gartner.
"Where this is leading is dual data plans on the same device," says Mobeen Khan, executive director of advanced mobility solutions at AT&T. "You will have a phone number for the container and one for your personal device."
Anthony Perkins, CIO for BNY Mellon's Wealth Management business, is excited about that prospect. "We're talking with Verizon and AT&T about phones with a SIM that has two phone numbers," he says. Those devices are currently in development, and Perkins says that carriers are telling him they will be available in just a few years -- AT&T declined to comment on availability. But whether the time frame is two years or 10, he says, "that's probably the direction we'll go."
The third approach to containment is to create a virtual machine that includes its own instance of the mobile operating system -- a virtual phone within a phone. This requires that the vendor work with smartphone makers and carriers to embed and support a hypervisor on the phone. Such technology isn't generally available yet, but devices that support a hypervisor may eventually allow users to separate personal and business voice and data.
VMware is developing an offering called VMware Horizon. It will support Android and iOS, and function as a Type 2 hypervisor, which means the virtual machine runs as a guest on top of the native installation of the device's operating system.
Having a guest OS run on top of a host operating system tends to consume more resources than a Type 1 "bare metal" hypervisor that's installed directly on the mobile device hardware. It's also considered a less secure approach, since the host operating system could be compromised, creating a path of attack into the virtual machine.
Another vendor, Open Kernel Labs, offers a Type 1 hypervisor that it calls "defense-grade virtualization." Open Kernel's technology is currently used mostly by mobile chipset and smartphone manufacturers that serve the military. The company has yet to break into the commercial market, says Redman.
Developing a Type 1 hypervisor that interacts directly with the hardware is impractical, says Ben Goodman, lead evangelist for VMware Horizon. "We moved to a Type 2 hypervisor because the speed at which mobile devices are being revised makes it nearly impossible to keep up," he says.
As for security, VMware is working on an encryption approach similar to the Trusted Computing Group's Trusted Platform Module standard. It's also researching jail-break detection.