But uptake has slowed.
New trend in BYOD security: contain the data, not the device
Over the past eighteen months, the conversation about mobile management has changed dramatically.
Where the primary goal used to be to secure and manage individual devices, the BYOD trend has made organizations of all sizes and types reconsider what mobile security means. The goal for many IT departments today isn't to lock down devices, but to securely deploy business apps so that users can safely work with business data anywhere at any time.
This new focus has led to a major new mobile security concepts known as containerization. Containerization refers to a solution that creates an encrypted data store or container on a device. Access to data in the container requires secure authentication independent of any other device settings or restriction. The result being that even on a device with no unlock passcode, no whole device encryption, and no security policies of any type, the contents of the container remain inaccessible unless an authorized user enters valid credentials. Securing data in a container also allows IT to wipe all business data from a personal device without wiping any personal data or apps.
That's a pretty attractive feature set for enterprises in itself and one that works well for organizations with BYOD programs, but containerization shouldn't stop at just encrypting business data.
To prevent data leaks, enterprises need to be able to manage the interaction between data in the secure container and the rest of a mobile device. That includes the ability to prevent unauthorized apps from opening business files stored in the container and the ability to disable copying and pasting between approved and unapproved apps. It can also mean disabling the ability of a device to print files that are stored in the container.
Early container tools were focused on securing specific data through a single enterprise app. Good Technology, one of the containerization pioneers, initially focused on providing a secure container for email, contacts, and calendar data. Good's approach in this area has been to offer an alternate enterprise app for access to corporate services like an Exchange server instead of using the stock apps included with iOS or Android. That approach works well in some respects, but it prevents users from interacting with enterprise data using the hundreds of thousands of apps available to them.
There are two solutions to that challenge.
The first is to develop a security framework that business and enterprise developers can integrate into their apps using a published SDK.
That allows developers to write apps that can securely access and store data in an encrypted container offered by a mobile management vendor. Good launched a program earlier this year known as Good Dynamics that takes this approach and other companies have followed suit, including Centrify, which recently launched its own enterprise authentication system for mobile devices, and MobileIron, which announced a pair of new solutions called AppConnect and AppTunnel earlier this week.
Although this approach is effective, it requires developers to build apps in partnership with one or more vendors. That can present challenges. The most obvious is that an organization will need to integrate mobile management tools from a specific vendor into their mobile strategy in order to take full advantage of container-based security.
Another key challenge is that existing apps may have already been built and deployed throughout an organization. To build in container security, these would need to be updated or rewritten to take advantage of a vendor's container SDK. That can be challenging if enterprise apps were created by a contractor or employee that is no longer working with/for a company. For publicly available apps, there's also the challenge of getting a secure version of an app through the review process of Apple's App Store in addition to an existing version that doesn't use any third-party functionality like that offered by an enterprise vendor's SDK.
The second approach, which addresses some of these issues, is app wrapping.
App wrapping does exactly what its name implies: it adds an enterprise wrapper to an app that creates a secure container for it. Ideally, that wrapper can be centrally managed to secure the data, require authentication for access, and offer protection against data leaks by disabling copy/paste, printing, and the ability to open files in unapproved apps -- essentially it extends all the container advantages to almost any app including private enterprise apps and apps publicly distributed through Google Play.
Beyond building the secure container, a goal for many organizations is to have secured business apps be able to share information between them. After all, if you have an app for mobile ordering/billing as well as CRM, it makes sense that you'd want them to be able to share contacts and other key customer data.
Google's plan to bring Chrome packaged apps to Android and iOS is part of its strategy to make the web the primary platform for users. Converting Apple device owners will be a challenge.
Most companies understand that they need a social media presence, but many are flying by the seat of their pants instead of crafting a social media plan that aligns closely with business goals.