Using Virtual Mobile Infrastructure to Protect Corporate Data
|Stuart Parkerson in Security Saturday, March 5, 2016|
We chatted with Avast Vice President Sinan Eren to talk BYOD mobile security and how the Avast VMP solution provides companies with the ability to create a virtual mobile infrastructure (VMI) that streams mobile apps to any device. Sinan is a cybersecurity expert, who has extensive knowledge in both the engineering and business aspects of security.
ADM: What is the Avast Virtual Mobile Platform (VMP)?
Eren: When Avast acquired Remotium in July 2015, the goal was to build on Remotium’s virtual mobile infrastructure (VMI) platform and deliver Avast VMP to the enterprise to address the security and compliance challenges of BYOD.
Avast VMP is an award-winning solution that solves the challenges of delivering corporate applications to employees’ mobile devices by ensuring data security and compliance, while creating a smooth user experience. Its patent-pending technology allows users to work from anywhere – in the office, remotely from their home office or while on business trips. Users can connect to Avast VMP from any device they are using – smartphones, tablets, and desktops – in order to get access to their corporate tools, apps and data.
The platform delivers reliability and confidence that company information and data remain secure--no data footprint is ever left on the device, and workers’ personal privacy is respected. It includes powerful features that enable users to make and receive encrypted calls to each other and send instant messages without leaving a trace on devices. It also includes a comprehensive policy engine for greater security, flexibility and control over apps, data and users.
ADM: What is VMI?
Eren: VMI (virtual mobile infrastructure) enables unmodified mobile apps to be used on any end device (smartphone, tablet, or desktop) without being installed on the end device. Apps run on a server, and since only views of the app and data are streamed to the end device, data can’t be lost or stolen even if the end device is.
ADM: Why aren’t the current enterprise mobile security solutions enough? Do you see a demand for VMI?
Eren: While there are many enterprise mobile security offerings in the market, including Mobile Device Management, because they are focused on securing devices, they are vulnerable to datajacking, which is the unsanctioned appropriation of data on a mobile device (it can be a phone or tablet) from the data’s primary owner. With Avast VMP, we focus on securing data rather than devices. We recently conducted a survey of more than 100 senior IT professionals, and 72% of them cited datajacking as their number one security challenge.
ADM: What are the main features of the Avast Virtual Mobile Platform? What problems are they solving?
Eren: Avast Virtual Mobile Platform was built to protect corporate IP on mobile devices. The key features are a virtual phone-within-a-phone that streams data from corporate servers and leaves no data on the device; a robust policy engine that ensures ultimate control and visibility; complete separation of user and company data to preserve user privacy; and now, SecurePhone and SecureIM.
Using these features within the Avast VMP, users can make encrypted phone calls and send encrypted instant messages to each other, while leaving no data footprint behind. All information is kept confidential without any way for competitors to access it. Having the ability to communicate without fear of datajacking ties to business productivity and performance because the organization can stay focused on the most important tasks at hand.
Our recent survey showed that increased productivity is the top goal when deploying enterprise mobility programs, ranking even higher than improved customer service or increased revenue.
ADM: Which type of customers will benefit from Avast VMP?
Eren: Any modern enterprise can benefit from Avast VMP. Companies in highly regulated industries such as healthcare, legal, and financial services need to balance the competitive pressure to move faster and be mobile with the significant cost of a compliance breach; Avast VMP enables them to achieve the benefits of mobility without the risk.
For example, the average doctor today cannot receive text messages with detailed information about a patient’s condition; instead, they receive a notification that there is a message waiting for them, and they have to call the hospital for an update. Avast VMP eliminates that friction, allowing doctors to access protected health information (PHI) from any device.
Other companies benefit by being freed from the need to manage end devices. With the growth of the “gig economy,” many companies have a constant flow of contractors or non-permanent employees. Avast VMP allows companies to distribute mobile apps and corporate data to their mobile devices without having to enroll them in MDM.
ADM: How can Avast VMP help enterprise developers improve app security?
Eren: What we have today is a broken mobile ecosystem of borrowed frameworks, libraries, tools and copy/paste driven development powered by GitHub and StackOverflow. Mobile operating systems are only as strong as their weakest component. A poorly developed library/framework can expose your whole company to risk.
Our main goal was to create an environment that is virtual and non-persistent. A good analogy is the medical field. When you go to a doctor’s office, they consider needles a single-use device, assuming contamination after each use. We thought that was the right way to think about corporate apps on mobile devices, and virtualization was the only way to get there. We create a new mobile workspace on the employee’s device for each session. When they’re finished working, that workspace is destroyed. This prevents attackers from gaining a toehold.
ADM: How does virtual mobility (and therefore Avast VMP) save developers time?
Eren: Virtual mobility can reduce the number of platforms that a developer needs to develop for; Android apps can be accessed from iOS or even desktops. Furthermore, it reduces the QA burden as developers can use virtual mobility to deploy an app to any end point. Regardless of the end device’s OS revision or device firmware, if it is supported by the virtual mobility solution it will work. Finally, virtual mobility enables new models for app delivery -- App-as-a-Service, for example. An app developer can update the app with a single click, and instantly all users will be updated.
ADM: Why is developing and deploying mobile apps so different from desktop apps?
Eren: Today’s mobile environment is one of rapid development, with little to no auditing of apps like in the enterprise software world. Many developers depend on digital rights management solutions like Apple’s FairPlay, security mechanisms like seatbelt profiles and code signing to obscure their development shortcomings.
For example, some apps relay passwords or medical record information in clear text or hide unauthenticated backend APIs because they are depending on the mobile OS security and DRM layers. Recent hacks have proven that these layers provided a false sense of security.
The one thing that business unit managers and software developers need to realize is that Apple iOS and Google Android security measures are built to protect their revenue streams, not applications or users. You must build security into the development process just as in the desktop/enterprise software market.
ADM: How do you see VMI evolving? What’s next for Avast VMP?
Eren: As the mobile-first trend becomes the norm in development, the need for secure deployment platforms will increase. We’ll see more organizations transitioning from first-generation enterprise mobility solutions to meet the needs of a new development environment. VMI provides built-in app protection that gives developers more time to repair vulnerabilities without risking compromise.
As part of the Avast Software family, I can imagine many opportunities to incorporate the data gathered by Avast’s endpoint security products into Avast VMP. We can track apps throughout their lifecycle, and integrate reputation management features.
Read more: https://www.avast.com/en-us/enterprise