Over the past 18 months, the conversation about mobile management has changed dramatically.
Where the primary goal used to be to secure and manage individual devices, the BYOD trend has made organizations of all sizes and types reconsider the meaning of mobile security. The goal for many IT departments today isn't to lock down devices, but to securely deploy business apps so that users can safely work with company data anywhere at any time.
[ InfoWorld's Galen Gruman explains the landscape of mobile management tools. | Also from CITEworld: Cisco and the Zen art of BYOD -- how Cisco handles more than 60,000 users bringing their own devices to work. ]
This new focus has led to a major new mobile security concept known as containerization: a solution that creates an encrypted data store or container on a device. Access to data in the container requires secure authentication independent of any other device setting or restriction. As a result, even on a device with no unlock passcode, no whole-device encryption, and no security policies of any type, the contents of the container remain inaccessible unless an authorized user enters valid credentials. Securing data in a container also allows IT to wipe all business data from a personal device without affecting personal data or apps.
That in itself is an attractive feature set for enterprises and one that works well for organizations with BYOD programs, but containerization shouldn't stop at encrypting just business data.
To prevent data leaks, enterprises need to be able to manage the interaction between data in the secure container and the rest of a mobile device. That includes the ability to prevent unauthorized apps from opening business files stored in the container and the ability to disable copying and pasting between approved and unapproved apps. It can also mean disabling a device from printing files stored in the container.
Early container tools were focused on securing specific data through a single enterprise app. Good Technology, one of the containerization pioneers, initially focused on providing a secure container for email, contacts, and calendar data. Good's approach in this area has been to offer an alternate enterprise app for access to corporate services like an Exchange server instead of using the stock apps included with iOS or Android. That approach works well in some respects, but it prevents users from interacting with enterprise data using the hundreds of thousands of apps available to them.
There are two solutions to that challenge.
The first is to develop a security framework that business and enterprise developers can integrate into their apps using a published SDK. That allows developers to write apps that can securely access and store data in an encrypted container offered by a mobile management vendor. Good launched a program earlier this year known as Good Dynamics that takes this approach, and other companies have followed suit, including Centrify, which recently launched its own enterprise authentication system for mobile devices, and MobileIron, which announced a pair of new solutions called AppConnect and AppTunnel earlier this week.
Although this approach is effective, it requires developers to build apps in partnership with one or more vendors. That can present roadblocks. The most obvious is that an organization will need to integrate mobile management tools from a specific vendor into its mobile strategy in order to take full advantage of container-based security.
Another key consideration is that existing apps may have already been built and deployed throughout an organization. To build in container security, these would need to be updated or rewritten to take advantage of a vendor's container SDK. That can be vexing if enterprise apps were created by a contractor or employee no longer working with/for a company. For publicly available apps, there's also the question of getting a secure version of an app through the review process of Apple's App Store in addition to an existing version that doesn't use any third-party functionality like that offered by an enterprise vendor's SDK.