It's a BYOD world, even more so after this week's highly-publicized RIM/Blackberry outage. Not every enterprise is giving up on Blackberries and centralized purchasing/corporate liable plans, but the momentum is clearly on the side of doing everything you can to let employees do what they want when it comes to mobile device usage.
The seemingly obvious solution to making BYOD work for the enterprise would be to allow the smartphone to maintain dual personalities—you log in as your non-work persona, and you get all your personal settings; or you log in as your work persona and get an entirely separate interface that's walled off from the personal side. That work persona is completely managed and controlled by your corporate IT department.
This is exactly what's starting to emerge, both from the major carriers as part of their slate of offerings, and from third-party software providers operating either in conjunction with the carriers or as standalone SaaS providers. At this week's CTIA Enterprise show in San Diego, Verizon Wireless announced a partnership with VMWare for dual-personality smartphones, while AT&T announced a similar deal with a small SaaS startup called Enterproid.
I had a chance to meet the CEO of Enterproid, Andrew Toy, at CTIA Enterprise. Though it’s a new, relatively unknown company, especially when compared with Verizon partner VMWare, Enterproid’s prospects look good: The company is 18 months old and secured $11 million in Series A financing from Comcast, Google Ventures and Qualcomm. Its leaders spent 5 years as the mobile applications team at Morgan Stanley, and Andrew Toy has a security background, suggesting that Enterproid will have a grasp of the important security and management issues that currently make enterprises uneasy about BYOD.
Here's how the Enterproid solution works: The enterprise contracts with Enterproid for its SaaS service, which it brands as Divide (or it signs up with the soon-to-roll-out AT&T service, named Toggle; more on that shortly). Then, when a user wants to use their Android phone as their corporate device (iOS support is coming later this year), they download the Enterproid app and it dials into the management system that the network administrator controls via a console. The new user appears in the system automatically and the network administrator configures that user for the security, permissions, and applications that they need and are entitled to. The process is essentially a modern-day, BYOD version of what PBX administrators do on the landline side. The Divide service costs $5 per month per user.
The SaaS-based console integrates with the enterprise's Active Directory or other directory infrastructure so that it knows where the user fits in the organization and thus what they're allowed to have and do. This integration can be direct, or the Enterproid system can integrate with a Mobile Device Management system that offers finer-grained, more complex controls. Andrew Toy explained that Enterproid isn't an MDM system itself; it's a client software system supported by basic SaaS management.
On the client side, the user has to log in via password to their business identity, at which point all the applications and databases are different from what's on the user’s personal identity. The photo below is a sort of composite—the left side shows the work identity, while the right is personal; it’s a bit of poetic license—the two don’t appear side by side when you actually use the system.
The key thing is that there’s complete separation between the two identities. For all practical purposes, "The work side is a different device," Andrew Toy said. "It's a fully separate environment on the device."
Andrew Toy explained that Enterproid started with Android only because, "There's a lot of intellectual property we had to develop, and the open nature of Android made it easier to innovate and iterate." The system can still provide management for iPhones, so that all of the enterprise’s BYOD devices can be viewed together in the same management console; the difference is that, for now, the iPhones under management don't have the dual personality—the system is essentially seeing the whole device, not just one of two existing identities.
This week's announcement was that AT&T Wireless is partnering with Enterproid to release a version of Divide that AT&T is branding as Toggle. AT&T is essentially going to add some features from its own intellectual property, on top of the Enterproid system, and sell the service through its channel—interestingly, AT&T will offer the Toggle service to enterprises without regard to whether the user is an AT&T Wireless customer for basic cellular connectivity.
The dual-personality service seems like an obvious way to let users bring their own devices into work, while still giving enterprise managers the control and security they demand. As device manufacturers, together with Apple and Android, continue to improve these aspects of their own products, this makes a lot of sense. We'll see if it really becomes the default option for BYOD.
