Companies adopting BYOD policies are struggling with the thorny problem of how they might separate corporate and personal data on an employee's device.
One technology approach to this challenge involves separating out the corporate mobile apps and the data associated with these into "containers" on the mobile device, creating a clear division as to what is subject to corporate security policies such as wiping. But one Gartner analyst delving into the "containerisation" subject recently noted the current array of technology choices each have advantages and disadvantages.
"BYOD means my phone, my tablet, my pictures, my music -- it's all about the user," said analyst Eric Maiwald at the recent Gartner Security and Risk Management Summit.
But if IT security managers want to place controls on the user device to separate out and manage corporate e-mail, applications and data, it's possible to enforce security such as authentication, encryption, data leakage, cut-and-paste restrictions and selective content wiping through various types of container technologies.
However, the ability of containers to detect "jailbreaking" of Apple iOS devices, which strips out Apple's security model completely, remains "nearly zero," Maiwald added. "If you have a rooted device, a container will not protect you."
There are many choices for container technology. The secure "container" can be embedded in the operating system itself, such as Samsung's Knox smartphone or the Blackberry 10, Maiwald noted. And the mobile-device management (MDM) vendors such as AirWatch, MobileIron and WatchDocs also have taken a stab at containers, though Gartner sees some of what the MDM vendors are doing as more akin to "tags" available to do things like tag a mailbox and message as corporate.
Companies that include, Enterproid, Excitor, Fixmo, Good Technology, LRW Technologies, NitroDesk, VMware and Citrix also have approaches to containerisation that get attention from Gartner as possible ways to containerise corporate apps.
But selecting a container vendor is not necessarily simple because what you are doing is making an important IT decision about enterprise development of apps, says Maiwald. "Container vendors provide mechanisms for linking a customised app to the container," he said. It typically means choosing an API as part of your corporate mobile-device strategy.
For example, Citrix's containerisation software is called XenMobile, and Kurt Roemer, Citrix chief security strategist, says to make use of it, apps have to be developed using the Citrix API and SDK for this. However, there are several app developers that already do that through what Citrix calls its Worx-enabled program for XenMobile. These include Adobe, Cisco, Evernote, Egnyte and Concur, to name a few. The Citrix containerisation approach, which includes an app-specific VPN, will let IT managers do many kinds of tasks, such as automating SharePoint links to mobile devices for specific apps or easily control provisioning of corporate apps on BYOD mobile devices, Roemer says.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: [email protected]