Smartphones - one for business and one for private use?

Basically, the approach with Android is similar to a container solution. The so-called work profile on a private smartphone has already been enabled regardless of whether the smartphone is provided by a company or by a private  person (BYOD= Bring your own device). The company profile is then created and encrypted with the help of the baramundi EMM agent (Enterprise Mobile Management). IT admins can also use the bMS to automate device configuration according to the profile requirements. Since users may not always be security-aware, the workspace settings are additionally protected by an access code. 

IT teams can use the bMS to automate installation of needed apps in the work profile. The bMS also enables administrators to transfer corresponding rights for individual applications to users, so that they can obtain authorized -- and only authorized – work apps from a specially protected area in Google's Play Store.

Because memory and processor power on today’s devices is readily available, the strict separation of work and personal workspaces enables installation of the same app twice, one in the work profile and another the user’s private workspace. For users, business and personal apps appear in corresponding “tabs” with company applications usually marked with a small briefcase icon.

App installation on Apple devices is one of the most important differencesbetween the two operating systems. On Android devices, an app like Dropbox, for example, is installed once in the private area for a user’s personal use and a second time in the business workspace for use only with company data. It’s more involved on Apple devices.

If users have already installed an app for personal use and want to use it for work data, the IT team must remove it from the user’s private workspace and assign it to the business area. This is certainly not a perfect solution. Fortunately, some app developers provide essentially the same app with a different name and ID in the Apple App Store – like Dropbox and Dropbox for Business. For users, the app appears twice like it does in Android, but with the company app usually labeled "... for Business".

As with Android, the setup of an iOS device starts with a smartphone that either already has a private Apple ID or one that’s added to a company-provided device. The baramundi EMM agent is similarly used to upload and configure the company profile via an administration profile. iOS devices also use different encryption keys for the private and business workspaces so user and company apps and data are appropriately protected.

In contrast to the open source Android Enterprise, the newly created company area is only active in the background on iOS devices. Users initially only see the same start screen for both workspaces.

And it can get even more confusing. Both installed apps and iOS native applications such as e-mail, calendar, contacts, etc., have access to all data. For example, in the shared native apps, end users see private and business contacts in the same application. Only when there is an action within the app – such as searching for a contact - is access limited to one data area. This can irritate users under certain circumstances. We recommend that IT admins inform employees about this behavior early on to reduce corresponding support requests in the future.

baramundi also tries to make life easier for IT teams managing iOS devices in other ways. Company apps installed on an iOS device via the bMS are given a special label, while personal apps installed via the user’s Apple ID are not. And depending on the workspace where a user launches an app (personal vs. business), they’ll only get access to the data corresponding to that area. 

The completely separate use of personal and business apps and data is evident to users on either platform, though it’s very transparent with Android and more subtle with Apple. In both cases, however, the user experience can be nearly as important as the technical considerations involved in managing the different devices, especially in a highly competitive job market. The MDM and EMM capabilities in the bMS gives IT teams the flexibility and power to meet company needs, protect data and user privacy, provide user choice and give employees all of the advantages of using a single device.