alex_aldo - Fotolia
- Mike Chapple, University of Notre Dame
One of the more important mobile security trends of recent years has to do with the flood of personal devices entering organizations through both formal bring-your-own-device programs and informal use of personal technology, which pose significant risks to enterprise security. While organizations traditionally relied upon mobile device management (MDM) technology to control both the apps installed on mobile devices and the security configurations of the device operating system, this approach does not offer the flexibility necessary for bring your own device (BYOD) models. Users do not want clunky corporate software that intrudes into their personal use of technology, and enterprise IT departments don't want the support burden that comes along with such heavy-handed management. App containers and application wrapping are gaining steam as more BYOD-friendly solutions for enterprises.
How app containers isolate corporate data
Application containerization seeks to build a secure enclave on a mobile device that serves as a safe location for sensitive enterprise information. This approach offers users an isolated workspace containing applications provided through the IT department for use with corporate data. The containerization software may be a native part of the mobile OS that allows users to "switch personas" between personal and work environments while isolating the data in each environment from the other. Other containerization approaches run as applications on top of the mobile OS, providing an isolated, encrypted work experience within a single application environment.
While containerization offers wonderful security benefits, it also comes with significant drawbacks in terms of usability for enterprise employees. End users find the concept of app containers clunky and difficult to use. Often, the productivity apps available within the container lack the bells and whistles of native mobile apps and force users to learn a separate interface for their "work life." These drawbacks have slowed adoption of containerization approaches and driven organizations to seek alternative technologies.
Several vendors, including MobileIron and BlackBerry, currently offer solutions that use mobile app containers. MobileIron's Secure Workspace, for example, includes a feature called AppConnect, which is designed to containerize applications and protect data at rest. BlackBerry's Dymanics, meanwhile, use containers to isolate and encrypt all enterprise app data on a device. Both products work on iOS and Android devices.
App wrapping flexibility
Application wrapping provides enterprises with a more flexible approach to enterprise mobility management (EMM). Instead of using a monolithic container that provides users with access to a separate environment for handling enterprise data, application wrapping takes the mobile apps already familiar to users and wraps them in a layer of security. This approach provides users with the mobile experience that they've come to expect from their devices and, in many cases, adds security in a manner that is almost completely transparent.
From an administrator's perspective, mobile app wrapping allows a wide range of security controls, including the immediate revocation of access when necessary, forcing the use of VPN connections, adding strong encryption to otherwise insecure storage environments, and other controls. These controls can limit the amount of damage attackers can do when exploiting vulnerabilities on mobile devices.
App wrapping is not without its own challenges, however. In order for an application to fully support wrapping, the application developer must provide the necessary integrations. While technology exists to add wrapping on top of a third-party application, this approach presents both legal and technical challenges. From a legal perspective, copyright restrictions may prohibit the modification of an app to support wrapping. From a technical perspective, in many cases the Apple App Store model outright prevents the modification of apps, for example.
Mobile security trends are constantly shifting, and the space remains an evolving landscape for IT professionals seeking to balance the competing concerns of providing a world-class user experience and protecting the security of enterprise information. Methods like app containers and app wrapping may offer ways to mitigate security risks for BYOD users in the short term, but security professionals should continue to monitor this landscape closely as EMM technology matures.
Learn why this expert says app wrapping is here to stay
Read more on how app wrappers are good for mobile security.
Mobile security: What about wearables?
- Network-Powered BYOD - A Case Study in Simplicity –SearchSecurity.com
- Software Defined Networking Goes Well Beyond the Data Center –SearchSecurity.com
- E-Guide: Wireless LAN access control: Managing users and their devices –SearchSecurity.com
- ISM Essentials Guide on Cloud and Virtualization Security –SearchSecurity.com