Pros and cons of using secure containers for mobile device security
With BYOD on the rise, IT needs to keep sensitive corporate information safe. Secure containers are one way to do that, but when’s best to use them?
As employees bring consumer devices into the enterprise with increasing frequency, it's becoming more important for IT to be able to separate work from play.
One way to do that is with a secure container: an authenticated, encrypted of a user's mobile device that can be used to insulate sensitive corporate information from the personal side. With these frequently asked questions, learn more about what secure containers are, why you should use them and the potential tradeoffs for users and administrators.
What is a secure container?
A secure data container is a third-party mobile application that is used to separate and secure a portion of a device's storage from the rest of the device. The goal of containerization is to isolate an application to prevent malware, intruders, system resources or other applications from interacting with the application – and any of its sensitive information -- secured by the container. Using a secure container is also sometimes referred to as sandboxing.
Containerization provides a balance of security and enhanced productivity to employees.
Some devices offer native device security, but their effectiveness varies. Container applications are available on Android, iOS, BlackBerry and Windows Phone operating systems, with vendors like BlackBerry offering an application called Secure Work Space for both iOS and Android and BlackBerry Balance for its own BlackBerry devices. In the same vein, Samsung offers Knox, AT&T offers Toggle, and VMware offers containerization for Android from the Horizon Mobile technology in Horizon Suite.
Secure containers are an important part of mobile application management (MAM), along with security policies such as requiring PIN locks and whitelisting specific applications. Containerization provides a balance of security and enhanced productivity to employees, so it’s important that the secure container experience is good enough for employees to keep using it.
When should I use a secure container?
You should use a secure container when mobile devices and applications pose a risk to sensitive corporate information. As consumerization of the enterprise increases, so does the malware and data security risks that come with it. A secure container allows IT to isolate applications, disable certain functions of apps within the container and wipe information within the container without affecting user data, as well as remotely wipe devices in case of loss or theft. One of the biggest benefits from a management perspective is that this technology allows IT to take a unified security approach and apply policies or actions across multiple devices.
On top of the security benefits, secure containers allow employers to push documents, media and other resources to employees' devices, which is much more efficient than email-based file distribution or cloud storage distribution.
What are the limitations of a secure container?
Secure containers may not be the solution for every enterprise security problem. Those third-party applications can make it easy to manage an office full of consumer devices, but they cost money to purchase, deploy and maintain. Plus, organizations without MAM or mobile device management (MDM) systems in place may not have the infrastructure required to make this approach effective. Secure containers can cause compatibility problems and break functionality as well -- preventing access to a device’s contact list, for example.
Also remember that secure containers cannot protect everything. IT may or may not be able to place certain apps in a container; some containers can only house media pushed by IT onto the devices but not files users create on their own devices, and others can protect email and attachments but not other files.
It's worth noting that apps in secure containers force users to alter their mobile device use, particularly if they have to use non-native email clients that provide advanced security and administration features for IT. Users who are required to learn a new interface may not be happy with the change.