Last week I attended a session of IT professionals which posed the question, Is MDM Enough?
The three panelists were in CIO and Managing Director roles. Each one was currently using a respected Mobile Device Management solution which he or she had licensed 2 or 3 years ago. To a person each one said, “If I were to do again now, ‘containerization’ would be the focus.”
This illustrates the state of enterprise mobile security today. BlackBerries were generally company property. It was understood that the company could wipe the BlackBerry. Then firms issued iOS and Android devices to certain employees. It was during this phase that MDM had its heyday. Securing devices became the objective. The response was a tactical one, install MDM. Companies were initially on firm ground in requiring that employees use a password on the device and in wiping the entire company-owned device should it be lost or stolen.
But the landscape changed rapidly with employees eager to work from their own personal iOS and Android smartphones or tablets. Requiring MDM to be installed on personal devices and requiring that a password be entered before an employee could use his or her own phone to make a personal call was overreaching. And wiping a personal device is a questionable practice. Not surprisingly, employees pushed back.
Leaders in the field saw that attempting to secure the device was the wrong approach and that what was needed was to secure the corporate data. A few innovative firms developed an approach which is broadly called containerization.
What is containerization? In its most advanced case, containerization is the creation of an encrypted sandbox on the mobile device for the secure access of corporate resources. In some cases, there is provision for storage of files within the secure container. The user must authenticate to access the secure container. There may also be offline access to files and email. The container itself can be remotely wiped by the company, but not the entire device. In fact, there are no restrictions on the personal usage of the device – no device password is required; there are no rules about what can be installed on the device.
Containers are not created equal. Features and architectures vary. We stake a claim on having unsurpassed security. For example, the encryption code for our Link Container is written in native code. It does not use the native OS security API. Our container remains secure even on a rooted or jail-broken device.