New trend in BYOD security: contain the data, not the device
Over the past eighteen months, the conversation about mobile management has changed dramatically.
Where the primary goal used to be to secure and manage individual devices, the BYOD trend has made organizations of all sizes and types reconsider what mobile security means. The goal for many IT departments today isn't to lock down devices, but to securely deploy business apps so that users can safely work with business data anywhere at any time.
This new focus has led to a major new mobile security concepts known as containerization. Containerization refers to a solution that creates an encrypted data store or container on a device. Access to data in the container requires secure authentication independent of any other device settings or restriction. The result being that even on a device with no unlock passcode, no whole device encryption, and no security policies of any type, the contents of the container remain inaccessible unless an authorized user enters valid credentials. Securing data in a container also allows IT to wipe all business data from a personal device without wiping any personal data or apps.
That's a pretty attractive feature set for enterprises in itself and one that works well for organizations with BYOD programs, but containerization shouldn't stop at just encrypting business data.
To prevent data leaks, enterprises need to be able to manage the interaction between data in the secure container and the rest of a mobile device. That includes the ability to prevent unauthorized apps from opening business files stored in the container and the ability to disable copying and pasting between approved and unapproved apps. It can also mean disabling the ability of a device to print files that are stored in the container.
Early container tools were focused on securing specific data through a single enterprise app. Good Technology, one of the containerization pioneers, initially focused on providing a secure container for email, contacts, and calendar data. Good's approach in this area has been to offer an alternate enterprise app for access to corporate services like an Exchange server instead of using the stock apps included with iOS or Android. That approach works well in some respects, but it prevents users from interacting with enterprise data using the hundreds of thousands of apps available to them.
There are two solutions to that challenge.
The first is to develop a security framework that business and enterprise developers can integrate into their apps using a published SDK.
That allows developers to write apps that can securely access and store data in an encrypted container offered by a mobile management vendor. Good launched a program earlier this year known as Good Dynamics that takes this approach and other companies have followed suit, including Centrify, which recently launched its own enterprise authentication system for mobile devices, and MobileIron, which announced a pair of new solutions called AppConnect and AppTunnel earlier this week.
Although this approach is effective, it requires developers to build apps in partnership with one or more vendors. That can present challenges. The most obvious is that an organization will need to integrate mobile management tools from a specific vendor into their mobile strategy in order to take full advantage of container-based security.
Chairman Eric Schmidt said it would ship next year, but we're hearing sources say that Glass will start shipping in 2013.
Jive has decided to offer its task management offering for free in hopes that users will later upgrade to using Jive's broader social collaboration service.
New threats reported by F-Secure underscore Android's vulnerability and may make it even harder for enterprise professionals to embrace Google's mobile OS.
Do you know what information your employees are creating, and where they're storing it? Could you retrieve it if required by law? Are they destroying information that's supposed to be kept, or keeping information that's supposed to expire after a certain date? Data governance is going to become a big deal in the coming years, warns CITE Conference speaker Deborah Juhnke.
Devices from BlackBerry and Samsung Electronics were earlier also cleared by the department.