Little did we know when we began experimenting with the novelty of cell phones and wireless networks that workplace mobility would morph into a primary enterprise computing model. And yet, here we are.
Devices got very smart. Wireless networks grew very fast. Now we’re developing mobility centers of excellence to strategize about the whole mobility enchilada from the top down. And much of that discussion revolves around mobile apps – creating them, distributing them, and managing them.
Thanks to mobility, employees have become free to do their jobs “on location.” They are closer to customers and situations and able to resolve business issues faster. However, their apps are no longer snugly hosted behind the safe, static corporate firewall. So managing and securing them – and the data that resides in them – has become a top priority.
The mobile industry has come to the realization that even more important than managing a mobile device is controlling who accesses the corporate apps and data on it. Taking that a step further, ensuring controls are in place for the apps that to are designed to automatically share data with other apps and even social networks, which could pose a security risk. And finally, when supporting BYOD, personal and business data comingle on a single device, introducing the potential for inappropriate data sharing among apps and compounding your risk of data leakage.
So now we have a discipline we often call mobile application management (MAM). Specific methods within MAM help protect enterprise apps and data while leaving the rest of the user’s device untouched. The features between the methods are similar in spirit, in that they all involve partitioning business from personal data. They just do so in slightly different ways:
- Sandboxing. Partitioning all business apps from consumer apps by putting all business apps in one big encrypted “sandbox.” Usually apps within the sandbox can share data among themselves, but not with apps outside the sandbox. One password generally gets a user access to all sandboxed apps.
- Containerization. Isolating individual business applications from one another; each app is inside its own encrypted container and requires a separate password for access.
- App wrapping. Considered by some a form of containerization, IT sets policies on how apps can be used, which apps can share data and with what. The difference is it doesn’t require changes to the underlying application.
You might end up using any mix of the above capabilities, and they’ll likely be embedded in a comprehensive enterprise mobility management suite. Each has its pros and cons, but it’s helpful to know the nuances among them as you build your mobile protection strategy.
To learn about how you can secure your mobile workspace, view the whitepaper, Secure Application Delivery for a Mobile Workforce.