The rise of mobile virtualization protects BYOD deployments

A man uses a laptop at a coffee shop in downtown Hanoi. – AFP

According to some analysts, there will be a rise of mobile virtualisation in workplaces to protect bring your own device (BYOD) policy mobile devices. Among those making such predictions is Hypori CEO Jared Shepard, as he explains to Digital Journal.

Organizations move from device-centric mobile security toward mobile virtualisation

The pace of technology at work continues unbounded, observes Shepard. He states: “The enterprise edge is evolving fast and being completely redefined. What was once an infrastructure decision anchored in offices and owned hardware has become an operational reality defined by mobility.”

As an example of such changes, Shepard sees: “Employees now work from customer sites, shared spaces, home offices, and virtually anywhere a secure connection exists. Mobility is no longer an exception to the enterprise; it is the enterprise.”

Mobile virtualisation creates isolated, virtual environments on a single physical phone, letting you run multiple OSes or separate work/personal spaces.

There are other changes taking place: “At the same time, legacy assumptions about corporate mobility have collapsed. The era of carrying a separate “work phone” is effectively over. This shift is not driven by device cost or availability, but by employee choice.”

This means BOYD is becoming increasingly commonplace, as Shepard finds: “Today, more than 80% of organizations operate formal BYOD programs, not because enterprises cannot issue hardware, but because employees refuse to carry (or tolerate) a second device.”

Mobile Application Management

How do business cope with the complications? Says Shepard: “Enterprises initially attempted to secure this new reality using traditional mobile security approaches such as Mobile Device Management (MDM) and, later, Mobile Application Management (MAM). Both were logical responses in their time. Neither, however, was designed for an environment where the enterprise does not own the endpoint.”

As to what this means, Shepard explains: “MDM is, at its core, a legacy inventory and compliance platform that’s built for environments where organizations own the hardware, dictate configuration, and enforce control at the device level. Over time, MDM has accumulated compensating controls intended to resemble modern security, but its foundation remains rooted in asset visibility and administrative authority rather than true threat isolation. In BYOD environments, that authority does not exist.”

Yet the risks need to be clear and understood: “MAM emerged as a reactive response to employee demands for privacy and independence, narrowing the scope of control to avoid full device management. But this shift did not solve the underlying problem. MAM does not prevent enterprise data from residing on the device. It does not eliminate exposure to compromised operating systems, malicious firmware, or advanced mobile threats. Instead, it relies primarily on application-level encryption and logical containers, assuming the device itself remains trustworthy.”

“But that assumption no longer holds true”, warns Shepard.

Here he cautions: “Application-level encryption without hardware trust is not a security boundary; it is a risk-mitigation technique dependent on ideal conditions. It presumes the absence of device-level compromise, hostile co-resident applications, or supply-chain risk. This is an increasingly unrealistic posture in modern mobile threat environments. As a result, organizations are forced into an untenable trade-off: limited security with constrained visibility, or expanded control at the expense of employee privacy.”

Mobile virtualization architectures

How to resolve this dialectic? Shepard suggests: “As control increases, privacy erodes. As privacy protections expand, security assurance weakens. This tension is no longer theoretical. It is now a daily operational, regulatory, and cultural reality for enterprises. The predictable outcome is resistance, circumvention, policy exceptions, and explicitly accepted risk. Not because organizations are indifferent to security, but because device-centric mobile models are structurally incapable of delivering both security and privacy at scale.”

Citing a best case example, Shepard notes: “Forward-looking enterprises are beginning to recognize a critical shift in perspective: they do not need to secure the device to secure the business. What truly matters is protecting enterprise data, applications, and identity, without inheriting the risk of unmanaged, employee-owned hardware.”

In terms of the predicted changes, Shepard thinks: “By 2026, we will see a decisive transition away from device-centric mobile security toward mobile virtualization architectures. Organizations will increasingly separate enterprise data and operations from personal devices entirely, delivering secure access without ever placing sensitive data on the endpoint. Compliance will no longer require hardware ownership. Security will no longer require personal intrusion. Privacy will be preserved by architecture, not policy.”

He adds further: “The future of secure enterprise mobility does not depend on managing the device. It depends on eliminating the device as a risk domain altogether. The real innovation is delivering a complete enterprise experience to any smartphone, securely, privately, and without trusting the endpoint.”