The flood of personal devices entering organizations through both formal bring your own device programs and informal use of personal technology poses a significant risk to enterprise security. While organizations traditionally relied upon mobile device management (MDM) technology to control both the apps installed on mobile devices and the security configurations of the device operating system, this approach does not offer the flexibility necessary for bring your own device (BYOD) models. Users do not want clunky corporate software that intrudes into their personal use of technology, and enterprise IT departments don't want the support burden the comes along with such heavy-handed management. An app container and application wrapping are emerging as more BYOD-friendly solutions to the mobile security challenge.
App container isolates corporate data
Application containerization seeks to build a secure enclave on a mobile device that serves as a safe location for sensitive enterprise information. This approach offers users an isolated workspace containing applications provided through the IT department for use with corporate data. The containerization software may be a native part of the mobile OS that allows users to "switch personas" between personal and work environments while isolating the data in each environment from the other. Other containerization approaches run as applications on top of the mobile OS, providing an isolated, encrypted work experience within a single application environment.
While containerization offers wonderful security benefits, it also comes with significant drawbacks in terms of usability. End users find the concept of an app container clunky and difficult to use. Often, the productivity apps available within the container lack the bells and whistles of native mobile apps and force users to learn a separate interface for their "work life." These drawbacks have slowed adoption of containerization approaches and driven organizations to seek alternative technologies.
App wrapping flexibility
Application wrapping provides enterprises with a more flexible approach to enterprise mobility management (EMM). Instead of using a monolithic container that provides users with access to a separate environment for handling enterprise data, application wrapping takes the mobile apps already familiar to users and wraps them in a layer of security. This approach provides users with the mobile experience that they've come to expect from their devices and, in many cases, adds security in a manner that is almost completely transparent. From an administrator's perspective, application wrapping allows a wide range of security controls, including the immediate revocation of access when necessary, forcing the use of VPN connections, adding strong encryption to otherwise insecure storage environments, and other controls.
Wrapping is not without its own challenges, however. In order for an application to fully support wrapping, the application developer must provide the necessary integrations. While technology exists to add wrapping on top of a third-party application, this approach presents both legal and technical challenges. From a legal perspective, copyright restrictions may prohibit the modification of an app to support wrapping. From a technical perspective, in many cases the Apple App Store model outright prevents the modification of apps, for example.
Enterprise mobility management remains an evolving landscape for IT professionals seeking to balance the competing concerns of providing a world-class user experience and protecting the security of enterprise information. Methods like an app container and application wrapping may offer ways to mitigate security risks for BYOD users in the short term, but security professionals should continue to monitor this landscape closely as EMM technology matures.
Learn why this expert says app wrapping is here to stay
Read more on how app wrappers are good for mobile security.
Mobile security: What about wearables?