Is "Containerization" The Right Approach?

Blog /Is-Containerization-The-Right-Approach

As we add more iOS, Android, and Windows Phone devices to our networks, and ask our employees to use their own devices to get company data, what is the right approach to securing your company data?

When BlackBerry approached this issue, they built the separation of personal and company data right into the file system of the PlayBook and BB10 operating system. The user uses the same apps to access both personal and company data.

On other platforms like iOS and Android, the solution that is gaining popularity, especially amongst companies that adopt a Bring Your Own Device (BYOD) policy, is containerization.

Containerization is the idea that you keep data in a secure container on the mobile device. Authentication is required to see and work with the data in the container and, in most cases, data inside the container cannot be shared with apps outside the container.

Containers can vary in complexity.  They can emulate full environments like many Android containers do today.  They emulate the Android Launcher, complete with multiple Home screen pages, Widgets, and app shortcuts.  BlackBerry’s Secure Workspace on Android does this, as well as Divide’s Android container.

Other container solutions are more focused on per-app containerization.  Either way, the message is the same: No matter what mobile platform the data resides on, it can be secure in the same way using the same IT policies across all devices, and can be managed and wiped in the same way using the same management console.

What About Mobile Device Management (MDM)?

MDM is a great solution to controlling company devices and data;  however, the IT policies that can be enforced across all mobile operating systems differ.  For example, iOS allows for strong admin control and restrictions if they want to use them, while Android has bare bones control and restrictions.

Hardware vendors that sell Android-based phones and tablets have taken up the challenge by adding on extra support.  These vendors include Samsung, HTC, LG, and Motorola.  Each has their own proprietary way of doing it, which means that vendors that create device security software need to support a wide variety of APIs that can be costly.

Providing control using a container seems to be the best approach if you do not want to limit your user’s device choices.

Post Date: 4/23/2014

default blog image Craig Johnston

About the author