Containerization, the technology which creates a separate encrypted zone or ‘container’ on a privately-owned mobile device – smartphone, tablet or laptop – designed as a repository for the users’ corporate applications and data, is rapidly gaining ground in the marketplace.
This is because it addresses most organizations’ top concern; security. Containerization permits the sharing of often-confidential corporate data on employees’ portable devices by essentially separating personal ‘apps’ and data from business apps and data to obviate the possibility of sensitive data leaking from one to the other.
As such, it’s a technology that ideally complements the popular bring your own device (BYOD) initiatives being adopted by many companies and is driving the creation of an increasing number of apps appearing in the workplace.
Container apps today replicate and replace a number of native operating system capabilities, the most common being email, calendar, contacts and browsers to more tightly control access to enterprise data without the need to interfere with personal content.
Containerization is also geared to accommodate strict corporate governance policies and enforce authentication, encryption, cut-and-paste restrictions and selective content wiping on mobile devices.
Often confused with mobile app management (MAM), containerization differs from this technology in one key respect. Containerization creates a separate, encrypted environment for custom, in-house and third-party apps, while MAM addresses security and management issues at the app level – not inside a separate box.
Nevertheless, some industry watchers believe that containerization and MAM technologies can be complementary in terms of helping to cultivate secure and productive BYOD environments going forward.
For instance, MDM’s ability to permit self-enrollment of mobile devices for use within the enterprise reduces setup time and increases productivity. And its automated device configuration and auto-wipe of data based on users’ status in corporate directory systems, enables easier, safer device management.
Because security and other requirements vary from company to company, it is important to make the correct choice when it comes to containerization options. There are three basic types to choose from.
The first and the most common is dubbed ‘encrypted folder’ containerization. It simply creates an encrypted space or folder on the BYOD into which applications and data are held.
The second is ‘app wrapping’ in which a protective wrap is created to form a secure bubble around each corporate application and any associated data. Sometimes positioned as a separate technology by pundits, it nevertheless is gaining in popularity in the containerization space as it is able to help secure any application without the need for labor-intensive encoding around a specific application programming interface (API).
Its most celebrated benefit is its ability to prevent cut/copy/paste activity across personal and corporate boundaries.
The third option is ‘dual persona’ containerization. This allows one operating system to be ported on top of another through the use of a hypervisor to create a dual persona within a mobile device.
Practically, this allows users to open a virtual desktop infrastructure (VDI) session on a tablet and seamlessly continue working on a task that was initiated – and still resides – on an office desktop computer.
There is one proviso: To access VDI on a mobile, VDI must first be deployed at the network back end, and the user’s profile should be present or migrated to VDI space.
While containerization has, in a short time, evolved from a single encrypted ‘sandboxed’ folder to sophisticated application wrapping, it is yet to be perfected.
There are some thorny issues that must be addressed in future. For example there is the question of multi-tenanting on a single device which has to be overcome if security is to become one hundred percent watertight in a containerized environment.
To obviate the possibility of a secure desktop environment being available to anyone with access to a linked mobile device, some form of role-based interaction will be necessary. Unquestionably, the containerization model is a good fit for this as it isolates functionality and data to appropriate levels.
Another challenge associated with role-based management is limiting the number of roles to minimize administrative overload. However, it is possible that a shared scenario would not necessarily involve the comprehensive role structure associated with an entire organization.
To conclude on a positive note, containerization is set to provide the equivalent of a fast access tunnel to the enterprise, much like a virtual private network (VPN). The benefits include an enriching of the way organizations optimize BYOD-related opportunities in the future, by gaining access to many additional, accurate internal and external data points.