The secure container approach to enterprise mobility is becoming increasingly common. With each passing month, the number of companies claiming to offer some form of secure container is expanding. The approach remains new however, and there are critical attributes of a truly secure container that must be present for this powerful approach is to deliver all of its benefits. How secure is your container? Are all secure containers created equal?
To recap briefly, the goal of a secure container is unimpeded enterprise productivity on personally owned mobile devices, all without security compromises. The container creates a separate secure environment that protects sensitive corporate data and applications under all circumstances. IT keeps full control of corporate data – who can access it, where it can go, what can be done with it. IT has an accurate trace and an audit available so that corporate data can be tracked and IT knows where corporate information has gone. Yet the device remains personal. The user is free to use the rest of their device as they wish when they aren’t working.
Container security starts with robust encryption. This creates an impermeable barrier that separates sensitive corporate data and applications from everything else. To achieve this, the encryption must be strong and must be fully device independent. It must not rely on device security capabilities like the native encryption, key generation and credentials (eg. pincode) or any other device attribute in any way. Otherwise, should a device be jailbroken, rooted or otherwise compromised, the native encryption is immediately worthless. In addition, it is critical that security and security processes remain in the control of IT and not be outsourced to third parties – like mobile operating system developers. This is important, and it is not true in most cases.
The container must be provisioned and managed seamlessly by IT and it must also be available for all of the device operating systems in use by employees. It must be simple, quick and easy to download, install and provision making it completely self-service to users. The reality for any busy person is that they desire to access the information they need to be productive on whatever device they have nearby that is most convenient for them. This is only possible with the most secure of containers installed or readily available.
Despite the flexibility for the user, IT must have full control of the corporate data and corporate apps on the device. This includes who can access what and on what devices, and ensuring that corporate data can be selectively deleted immediately should a device be lost or stolen or when an employee decides to leave the company. Otherwise, sensitive data can walk out the door without restrictions or an audit trail.
The container must be the single point of access for all productivity tools and actions on the mobile devices. This ensures a full audit trail is available of all interactions between the container and the corporate data.
If done right, the secure container approach delivers unimpeded mobile productivity. It ensures that sensitive corporate data is easily accessible to those who are authorized to access it, though the data remains fully protected and under IT’s control on any device irrespective of the device, its condition, and what else is installed.
Clearly, containers are not created equal. Features and architectures vary. Link’s foundation is unsurpassed security. The encryption code for our secure container is written in native code. It does not use the native OS security API. Our container remains secure even on a rooted or jail-broken device. There is more to our secure container offering, including full endpoint administration, role-based access and analytics.