Simply Security - News, Views, and Opinions from Trend Micro

Posted on September 5th, 2012 in Consumerization by Simply Security | 1 Comment | Tags: Consumerization

Containerization could be the answer to preserving data security without inhibiting mobile productivity.

No discussion of enterprise mobility is complete, these days, without mention of BYOD (Bring your own Device) programs and policies. While employees are all in favor of using personal technology in the workplace, IT teams are having a tough time reconciling the confirmed security risks with the anticipated productivity gains. But in many cases, company executives are breaking the tie and deciding that the business case presented by workforce mobilization is simply too attractive to overlook.

As a result, technology administrators are effectively being asked to learn on the fly and rapidly evolve their regulatory protocols. Striking the proper balance between overly permissive and overly aggressive has been an elusive goal, however, considering the convergence of complex corporate data security and personal privacy imperatives. One of the most promising emerging strategies could be containerization, or the segmentation of information and applications used for work and play.

Containerization served three ways

Although this mobile device management tactic is still relatively immature, there are already at least three roads leading to the same goal. According to Computerworld, the most popular approach to containerization has been using tools to create an encrypted space or folder on the device to house more sensitive data and applications. By placing a corporate email app in one of these security bubbles, for example, the program remains isolated and insulated against any actions taking place on unregulated portions of the operating system.

Like all containerization strategies, it provides IT with more granular control over consumer-styled the devices that are largely devoid of advanced, business-ready default security features. Meanwhile, employees still retain the power of device and application choice that they have been clamoring for.

The second containerization option available to mobile device managers is often referred to as "app wrapping." According to Computerworld, this tactic employs the same isolation and encryption concepts as the folder-style approach except that each app is enclosed in its own unique container. Instead of broadly classifying mobile utilities as either personal or mission-critical, IT teams can tailor custom policies to account for all the notable variations in their enterprise apps.

The final, and perhaps most intriguing, approach to containerization is the use of hypervisors to effectively create a virtual phone within a phone. Though the technology may be many months away from the mass market, according to Computerworld, it could effectively allow companies to split an employee device into two isolated segments for personal pursuits and work tasks.

The National Security Agency raised awareness for this technique earlier in the year in a progress report on its SE Android project intended to provide government agents with a mobile device capable enough to safely carry classified intelligence.

Caveats and questions

The IT community has been encouraged by the rapid maturation of these mobile device management complements, but as with any emerging technology there are some questions and concerns left to be answered.

The initial concerns may be whether or not employees even deem containerization a palatable solution. The security functionality is not in doubt, but end users could be easily frustrated by toggling back and forth between encrypted and unregulated applications or folders if the interface proves too clunky.

According to Computerworld, however, the real concern should be the fact that personal data could still be placed in the crosshairs. As it stands, many of the containerization tools fail to make the distinction between categories and sanitize the entire device when IT issues a remote wipe command. Unless users have been diligently backing up their apps, they could see personal address books erased right alongside corporate calendars.

Finally, the application wrapping approach could be too resource-intensive for some teams as it requires administrators to make coding edits within each individual app they are looking to govern and secure.

Data Security News from SimplySecurity.com by Trend Micro