Tactical Advice

How Security Containers Protect Mobile Data

Containerization separates the business and personal use of smartphones and tablets.
This story appears in the Spring 2013 issue of BizTech Magazine.
How Security Containers Protect Mobile Data
Credit: Wavebreak Media/ThinkStockPhotos

Smartphones and tablets go missing all the time. More often than not, those devices contain a treasure trove of sensitive corporate information.

When workers lose devices, can the IT department be confident that organizational data will remain safe? And when people leave the company, can IT administrators successfully remove enterprise data from personally owned devices?

Security containers promise to provide businesses with this peace of mind. Containerization isolates corporate data from other components of a mobile device, effectively putting a bubble around it. The system strictly controls the use and dissemination of sensitive data and enforces strong ­security measures to protect it. Container systems typically support the major mobile ­operating systems and can be deployed on both enterprise and personal devices.

How Containers Work

Most secure container systems are simply mobile apps that can be added through the standard OS-based app installation processes. Opening the container launches a virtual environment from which users can access corporate email, calendaring and other business applications. Administrators control the applications that appear within the container and typically configure the container’s appearance through an administrative console.

All of the interaction between users and corporate applications takes place within the container and its encrypted data store. Mobile apps that reside outside the container cannot access the data store. For ­example, a user wouldn’t be able to cut and paste information from an email received in the container to an email being composed through the device’s native email client.

In this way, container products provide businesses with a secure way to enable remote access to enterprise data without putting the data at risk.

The Benefits of Containing with Containers

The primary benefit of container products is that they enable the separation of business and personal use of smartphones and tablets in a secure fashion, particularly for bring-your-own-device (BYOD) initiatives.

Security administrators can prevent personal applications from accessing corporate data, and users can be confident that the organization won’t access the personal information that they store on the device outside of the container.

Container products provide this separation and protection using four critical security controls:

  • Two-factor authentication: When a user attempts to access a container, the container software may require that he or she authenticate in some manner. This is completely independent of the device’s authentication settings. In the simplest case, the process requires the user to provide a passcode or authenticate with a corporate account password.

    Some systems provide more complex authentication capabilities, including integration with an organization’s multifactor authentication system. Two-factor authentication guards against unauthorized users who might find or steal the device. It also prevents employees who leave the organization from accessing the data. Once their enterprise accounts are terminated, they can no longer access the container.

  • Encryption: The use of encryption to build the secure container ensures the data can’t be accessed from outside the container. Most container products use the Advanced Encryption Standard, which is mandated for use in federal government applications.

  • Remote wipe: While many mobile device management products offer remote wipe capability, container-based products allow this remote wipe to be highly targeted. Individuals who have left a company would certainly object if IT managers attempted to remote wipe all content on their personal devices.

    Container solutions allow administrators to remove only that information stored within the container itself, leaving personal data and applications untouched. Remote wiping may also be triggered by policy-based conditions, such as exceeding a specified number of unsuccessful login attempts.

  • Data leakage protection: Containerization allows organizations to retain control over their data by strictly limiting the flow of information into and out of the container. Administrators may create policies that limit the use of cut-and-paste functionality as well as the use of external applications to view and edit enterprise data.

The Impact of Containers on Native Apps

A primary drawback to container products is that they often prohibit or restrict the use of the native applications included with the mobile OS. In many cases, users choose their mobile device based upon their comfort level with those applications, and they may be reluctant to use the container-based alternatives. Users often perceive these non-native apps to be clunky or out of date, lacking the familiar features to which they’ve grown accustomed.

For this reason, the IT department must gain user acceptance for a container solution before rolling it out.

One way to achieve this is to involve users in the product selection process. There are a wide variety of container products on the market. Test several using different cross-sections of the user community. Allow users to try the applications and provide feedback. Explain to users the security benefits of containerization and how the container provides personal privacy benefits as well.

The mobile container market is fairly new, but growing rapidly. Products available from cellular carriers and third-party makers offer a wide range of capabilities. This is a good time for IT managers to evaluate the marketplace and determine whether container technology has a role in their enterprise security toolkit.

Sign up for our e-newsletter

About the Author

Mike Chapple

Mike Chapple is an IT professional and assistant professor of computer applications at the University of Notre Dame. He is a frequent contributor to BizTech magazine, SearchSecurity and About.com as well as the author of over a dozen books including the CISSP Study Guide, Information Security Illuminated and SQL Server 2008 for Dummies.

Security

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...
Edward Snowden Personifies t... |
The NSA leak shows critical areas where organizations can better protect their data.

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...
Curse Builds a Private Cloud... |
One of the top resources in online gaming builds out a robust infrastructure that can...
SDN at the Forefront of HP’s... |
Computing giant kicks off Interop 2014 with a series of announcements aimed at turning...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...