New trend in BYOD security: contain the data, not the device

Credit: Jim Bahn via Flickr

Over the past eighteen months, the conversation about mobile management has changed dramatically.

Where the primary goal used to be to secure and manage individual devices, the BYOD trend has made organizations of all sizes and types reconsider what mobile security means. The goal for many IT departments today isn't to lock down devices, but to securely deploy business apps so that users can safely work with business data anywhere at any time.

This new focus has led to a major new mobile security concepts known as containerization. Containerization refers to a solution that creates an encrypted data store or container on a device. Access to data in the container requires secure authentication independent of any other device settings or restriction. The result being that even on a device with no unlock passcode, no whole device encryption, and no security policies of any type, the contents of the container remain inaccessible unless an authorized user enters valid  credentials. Securing data in a container also allows IT to wipe all business data from a personal device without wiping any personal data or apps.

Surprising Legal Facts About BYOD - Searches, Seizures, And More
CITE Goes Live! Register for the CITE Conference & Expo, June 2-4, in San Francisco.

That's a pretty attractive feature set for enterprises in itself and one that works well for organizations with BYOD programs, but containerization shouldn't stop at just encrypting business data.

To prevent data leaks, enterprises need to be able to manage the interaction between data in the secure container and the rest of a mobile device. That includes the ability to prevent unauthorized apps from opening business files stored in the container and the ability to disable copying and pasting between approved and unapproved apps. It can also mean disabling the ability of a device to print files that are stored in the container.

Early container tools were focused on securing specific data through a single enterprise app. Good Technology, one of the containerization pioneers, initially focused on providing a secure container for email, contacts, and calendar data. Good's approach in this area has been to offer an alternate enterprise app for access to corporate services like an Exchange server instead of using the stock apps included with iOS or Android. That approach works well in some respects, but it prevents users from interacting with enterprise data using the hundreds of thousands of apps available to them.

There are two solutions to that challenge.

The first is to develop a security framework that business and enterprise developers can integrate into their apps using a published SDK.

That allows developers to write apps that can securely access and store data in an encrypted container offered by a mobile management vendor. Good launched a program earlier this year known as Good Dynamics that takes this approach and other companies have followed suit, including Centrify, which recently launched its own enterprise authentication system for mobile devices, and MobileIron, which announced a pair of new solutions called AppConnect and AppTunnel earlier this week.

Although this approach is effective, it requires developers to build apps in partnership with one or more vendors. That can present challenges. The most obvious is that an organization will need to integrate mobile management tools from a specific vendor into their mobile strategy in order to take full advantage of container-based security.