Containerization can create a BYOD disaster

Credit: maria_lc via Flickr

Containerization has become a buzzword in IT circles over the past year. It refers to the ability to setup an encrypted storage space on a mobile device and manage access that space. Many mobile management vendors have introduced containerization capabilities into their products and married the ability to control access to the secure container to app management capabilities. This allows IT not only to secure data on a device, but also to control which apps can access that data and how those apps can share or make use of that data. Containerization fits in very well with today's mobile management mantra -- manage the data, not the device.

An outgrowth of the container concept is the idea of dual-persona devices, where there is such rigid separation between a corporate-managed container and its associated apps and settings, and the unmanaged personal space, that a user is effectively using two different platforms or environments on a single device. From an IT perspective, the containerized environment is Dr. Jekyll -- perfectly tame and harmless -- while everything outside the container is his dangerous alter ego Mr. Hyde.

Containerization and dual-persona solutions appeal to enterprise IT professionals and CIOs because they offer a rather simple but effective solution the conundrum posed by BYOD. They manage and secure corporate data on the device as well as access to corporate resources from inside or outside the firewall, but they don't limit what a device's owner can do during his or her off hours.

Want to use Dropbox for your personal file sharing? No problem. Install games from questionable app stores? Go ahead. Want to tie your phone to free email services and social networks? Sure.

So long as the container and its data are secured and outside apps or outside portions of the mobile OS are barred from doing anything with that data -- copying and pasting, emailing, or accessing it from an unsecured app -- IT has done its job. It has kept corporate data secure and away from prying eyes, malware-infected apps, and petty thieves. And all that has been accomplished without disabling features of a user's personal device.

There's just one little problem -- containerization in general, and the dual-persona solution in particular, can easily become a new version of the solution IT offered mobile professionals before terms like consumerization and BYOD became part of the corporate lexicon. That solution was to give employees a locked-down and IT-controlled BlackBerry with just the apps on it that IT deemed necessary, and let them carry their personal phone with them as well.

When these solutions are implemented to that extreme, they disable most of the advantages that BYOD offers. Users cannot make their own workflows, select the best apps for their job functions, and capitalize on the potential for increased productivity and satisfaction. In such situations, there are just two outcomes - user productivity is stifled or users will find ways to work around the restrictions that IT has imposed on them.

What's good for one company may not be good for another

Discussing this topic with panelists and attendees at CITE 2013 last month was particularly interesting because there is a range of opinions around containerization. Several attendees found a lot of value in securing some critical data using a container approach, particularly those in regulated industries. Others, however, actually blamed containerization for failures and setbacks in their efforts to implement an effective BYOD program because the dividing line between work and personal use. IT leaders in creative industries seemed to have been burned the most by trying to create a demarcation line on devices brought into the office.

A common refrain among those that either chose not to go the container route or attempted it and later bowed to user pressure was simple "this isn't how my users work" or, in a few cases, "this isn't how human beings work."

The one thing everyone seemed to agree on is that IT can't approach BYOD -- with or without containerization -- as a purely technical exercise. BYOD is layered with expectations and assumption from users and IT, which makes it a people challenge as well as a technology hurdle. Fundamentally, it is about supporting and empowering users in the most secure methods appropriate to individual and organizational needs. There is no one size fits all approach and each CIO and IT team need to understand how mobile devices and apps are used by workers across their organization before selecting their mobile management strategy -- a key reason that IT must partner with HR and other departments when creating and revising a BYOD strategy.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies