Instrumented Interconnecteds Intelligent

Data security in mobile devices is a key topic of discussion and a pain point among the enterprises that want to adopt a bring your own device (BYOD) policy. Mobile containerization, however, might be the answer to address the security woes of IT administrators and Chief Information Officers (CIOs).

Mobile containerization is very popular among enterprises today as they feel more secure in sharing corporate data on their employees’ devices. This means that not only are employees happy about getting those applications on their favorite devices and staying mobile wherever they are, but also the Chief Technology Officer of the organization can sleep soundly and not have to worry about confidential data leakage from employees’ devices.

However, as requirements vary from organization to organization, it is important to choose the container that fits the organization’s needs. There are basically three different types of container options to choose from:

  1. Encrypted folder: Creates an encrypted space, or folder, into which applications and data may be poured. This is a very traditional type of mobile container. Examples for this kind of container are Good for Enterprise and Enterproid Divide.
  2. Enterproid devicesApp wrapping: Creates a protective “wrapping” that forms a secure bubble around each corporate application and its associated data.
  3. This kind of containerization is actually getting popular among enterprises today, as they can secure any application without writing a single line of code. This means you can just upload your app in the app wrapping tool and create a security wrapper around it. You don’t need to spend a huge amount of money for developers to write code with a specific application programming interface (API) to make it secure. All these app uses per app virtual private network (VPN) mean that data at rest and data in transit are secure.

    One caveat of this form of containerization is that currently you cannot use this to wrap the native email client that comes with the device. Examples of this kind of container are Mocana and Apperian.

  4. Dual persona: We are all very used to porting one operating system on the top of another using a hypervisor on our computer, and now we can use the same technique to create a dual persona within a mobile device.
  5. Just imagine you are working on a presentation on your computer from your Hong Kong office and haven’t saved that presentation, and the next thing you do is catch a flight to New York and check into a hotel. You realize that the presentation you were working on needs to be completed, and you open the virtual desktop infrastructure (VDI) session on your tablet and start working on your presentation from where you left off.

    The great thing about this solution is that you don’t need to spend time and money in strategizing and building an enterprise application to deploy on the device as you are accessing your office desktop on your tablet. Thus you can use each productive application on your desktop as it is. An example of this kind of container is XenDesktop from Citrix.

However, this kind of containerization has a few shortcomings:

  • To access VDI on your device, your organization must have deployed VDI at the back end, and your profile should be present or migrated to VDI space. This is a limitation of using this kind of containerization on a device.
  • Considering the size of the device’s screen, it may be a bit cumbersome to port a VDI profile on it. This kind of solution works much better on a tablet, which has a bigger screen area compared to a smartphone.
  • To access a VDI profile on your device, you will require very good bandwidth. When the user is moving, the network fluctuation might break or stale the VDI session, which hurts user experience and thus productivity. It works really well when customers are using WiFi compared to a cellular data network.

Mobile tablet

Mobile containerization has evolved from a single encrypted sandboxed folder to application wrapping over the last few years, and the evolution is still going on as we speak. As enterprises are very conscious about security and leakage of corporate data, mobile containerization comes as a solution that CIOs can bank upon for adopting BYOD in their organization.

Make sure you choose your container well to make BYOD a success in your organization.

To learn more about containerization, check out these Mobile Business Insights posts from my colleagues: “Balancing corporate security with user experience” and “Mobile and virtualization—The dynamic duo for BYOD!”

If you want to talk more about mobile containerization or share your experience, leave a comment or reach out to me on Twitter.

Bookmark and Share

Previous post

Next post

October 9, 2014
7:14 am

From an enterprise app development perspective, is there any specifics that should be addressed to be able to run it in secure container.

Posted by: Revathi
December 19, 2013
1:43 pm

According to mobile market researchers, research is the key to ensuring mobile device
security concerns. The security team employed theft
at your organization. 3 Enterprises often assume that hardware encryption on
a mobile device must be derived from not only IT but also the non IT staff in the enterprise, the security shortcomings will also
remain unidentifiable. The employer is liable for potentially
lost data on your mobile device information? While
the main benefit of a mobile device in the enterprise,
the security shortcomings.

Posted by: device manager download
September 25, 2013
4:46 am

Hi Sandipan the answer to your query is actually been answered by Mike in his comments. Thanks Mike for mentioning the IBM Worklight details here. IBM Worklight have lot of security measure which can be build within a B2C(Public) app.

Posted by: Prosenjit Chowdhury
September 24, 2013
4:05 am

Hi, good article. It would be useful to have a paragraph on different approaches too; e.g. another option for secure access to enterprise data is to use custom apps that are inherently more secure; so they have built-in security (AAA), encrypted data store, ability to prevent access etc – you know I’m referring to Worklight as the MEAP here. Secure apps can be a good alternative to a containerisation solution.

Posted by: Mike
September 23, 2013
11:57 pm

Prosenjit: Very helpful blog. But what options are available for non-BYOD situation? Say for citizens and customers, if we want to publish apps what security measures can we take?

Posted by: Sandipan Sarkar
September 23, 2013
5:44 am

Hi Tiju, that is exactly the reason why Container is a solution which CIO and IT Administrator should be happy about, as they need not to worry about a misbehaving application within the device. An enterprise application in container (either in a encrypted folder or through app wrapping) is secure from any other application running on the same device (say misbehaving app here). Misbehaving application cannot penetrate the security layer of the application which are containerized. Hence both application and the data used by them is secured.

Posted by: Prosenjit Chowdhury
September 23, 2013
5:32 am

Good article!

Posted by: Tinniam V Ganesh
September 23, 2013
5:20 am

The Blog doesn’t says how to prevent a misbehaving app. Now all app has full control on devices and impersonate many things. Unless App certification or preventing un-certified apps not installed. This has been failure always ??

Posted by: Tiju
September 23, 2013
5:01 am

Very insightful blog. It provides a good view of the choices available for CIOs in the BYOD space. I will be interested to know how to make these choices given a set of enterprise BYOD requirements.

Posted by: Alwyn
1 Trackback
January 30, 2014
8:52 am

[…] one of my previous blog posts, “Mobile containerization: Choose your container well,” I mentioned the importance of having a container solution for data security. IBM Fiberlink […]

Posted by: Five things I love about IBM Fiberlink MaaS360 | IBM Mobile
Post a Comment