Containerization of enterprise data is gaining popularity as evidenced at Mobile World Congress recently in Barcelona.
Containerization involves separating enterprise data from personal data in order to enable a person to carry a single device. If the company needs to wipe the corporate data for any reason, it doesn't have any impact on the personal data the person has on their phone including texts, photos, email, apps and so forth. The only thing that gets destroyed is the corporate data.
There are a lot of advantages to this approach and it preserves the experience the user is used to having on the device while protecting the corporate data
Containerization comes in many forms, but it basically involves two different approaches. In one you separate your personal data from your work data and switch back and forth between the two worlds. In the second you create a secure container specifically for one app. With the latter, secure apps live side by side with personal ones which might or might not be secure.
BlackBerry and Samsung have taken the separate container approach. With the BlackBerry Z10, you simply flick your finger upward and the BlackBerry Balance toggle appears. You click Enterprise and you're in your enterprise data. Click Personal and your in your personal side. Interestingly, it has the typical BlackBerry centralized communications center where you can see your personal and professional communications in a single interface, -including email, SMS, Twitter, Facebook, and BlackBerry Messenger content.
Samsung KNOX, which was launched at MWC, takes a complete separate container approach -- it even goes so far as to separate your contacts and calendars. The total separation approach is more secure, but could lead to usability issues -- for instance, sometimes your colleagues at work are also friends, yet you would have to go into your work side to access their contact information. In a more serious example, separating calendars could mean you schedule a meeting on your professional calendar, not realizing you have a commitment on your personal one.
That's why containerization of individual apps could be a better approach -- users just open the app and the app itself is protected regardless of what else the user might have on the device. If an employee leaves the company you shut down access to the enterprise side and the personal data is not affected at all.
One company taking this approach is Good Technologies. As John Herrema, the SVP for corporate strategy at Good told me, "You don't have to worry about putting a business persona on the device." Instead, he said, you put the business applications on a device, and if the relationship ends, you simply shut off access to the apps and they no longer work. It has not no impact whatsoever on personal information. He says there is a fair amount of elegance and simplicity to the solution.
Another company looking at this approach is Apperian, which encourages companies to build their own secure apps or secure the ones you get off the shelf. Cimarron Buser, who is VP of business development at Apperian calls mobile device management and other IT-led security solutions "security theater" because in his view it gives an illusion of security.
He says instead you need to build secure apps or secure the off-the-shelf ones. Then, when the employee leaves the company, you shut down the corporate ones and the rest of the phone is left intact. He believes employees will find a way to work around any other types of security that limit their ability to use the phones the way they want to.
Yet another option is to simply lock down the content. This is part of the approach MDM provider AirWatch takes with its Secure Content Locker. One example of this is giving secure content to pilots on iPads. When the content changes, if the pilot has not uploaded the most recent document, the old document will not open. This prevents the pilot from using obsolete charts and maps until he or she downloads the most accurate and up-to-date information.
Of you can share a document with someone and after they open it and read it, the document is dead. You can't copy, paste, share or open it again. It's a one-time read-only experience.
All of these approaches are trying to help companies come to grips with security in the Bring Your Own Device era without affecting the user's experience or having any impact on the user's personal data. There are pros and cons to each approach, but containerizing the data lets employees have a professional life and a personal one on the same phone and that's a worthwhile goal.