A More Flexible Approach to App Containerization

Proprietary app containerization technologies were once the preferred route for protecting enterprise data on mobile devices. But better options exist.

istock 48452156 small

Mobile management has undergone a significant evolution from the era of strict enterprise-owned devices to the world of BYOD and beyond. The transition hasn’t always been smooth for enterprise IT, but the bright side is that organizations now have significantly better options for both empowering the user base with mobile access while maintaining high levels of security needed to protect sensitive data.

The most significant advancement may be the introduction of flexible approaches to containerization. Containers are used to create an authenticated and encrypted area of an employee's device that separates sensitive corporate information from the owner's personal data and apps. Containerization helps enterprises prevent malware, intruders, system resources or other applications from interacting with the application – and any of its sensitive information.

First-generation containerization technology was proprietary, which was effective in segmenting personal and corporate data but it limited employees’ options for using their preferred productivity apps and IT’s options in rolling out off-the-shelf and custom mobile apps that were not protected by it. Now, containers that integrate natively with popular app stores from Apple and Google give employees significantly more freedom to use the apps they prefer, without compromising security.

With this approach to containerization, organizations have the flexibility to use any app, not just the limited ecosystem of apps on proprietary container platforms. For example, most CRM apps are not available on proprietary container platforms. Proprietary containers also do not work with native mail apps, on which many organizations are choosing to standardize.

The most notable advantage of taking the flexible container approach: Enterprises benefit from solid security without alienating the user base. The need to utilize proprietary applications no longer stands in the way – meaning IT can protect the browser, CRM, email, and other applications that users prefer. Flexible containers also mean organizations can offer the user base a significantly larger app store experience to in many cases customize the mobile experience by user group.

Additionally, today’s flexible containers are commonly OS-native, which presents significant advantages as mobile device manufacturers and service providers roll out over-the-air updates to the array of devices. Specifically, because native containerization is built into the OS, the devices continue to operate securely and effectively after updates because the protection system coincides with the native operating system.

Proprietary containers, by comparison, require developers to update their applications with new SDKs when there is an OS update to ensure compatibility. Sometimes the updated apps lag the release of the new OS, requiring IT to ask users not to update to a new OS or risk losing access to a critical application. These events often result in a surge of help desk calls when the app does not function after the update.

One of the positive attributes of proprietary containers is that they do not require a mobile device management (MDM) profile on a BYO device. Many organizations deploy a “MAM-only” mode to respect user privacy. With past OS capabilities, using native mobile application management without taking control of the device was not possible. Today, it is possible to deploy new native containers with a lightweight MDM profile to enable the OS containerization without restricting device capabilities, monitoring user behaviors, or requiring other actions that may infringe on user privacy.

Such “workspace profiles” preserve user privacy but provide flexibility for IT to leverage the entire app store ecosystem and eliminate the need for developers to update code when new OS versions come to market. With the flexibility that OS containers and MAM offer, users and IT both win.

Copyright © 2016 IDG Communications, Inc.