Could containerization help enterprises embrace BYOD?
Containerization is big news in enterprise mobility. It could be the key to unleashing BYOD schemes in even the most conservative companies.
Containerization creates a secure partition on a smartphone where approved enterprise applications and data can be downloaded and used in isolation, away from the prying hooks of Facebook and other personal apps. No data can be passed from one part of the phone to the other.
At Mobile World Congress, the big news in enterprise mobility was the launch of Samsung’s Knox, a container for its Galaxy-class smartphones which would allow personal and business lives to sit happily on a single device. It was a direct riposte to the Balance feature in the new Blackberry 10 OS which also gives a secure enterprise partition on consumer-owned devices.
Knox is a platform will be baked into the hardware and operating system of selected Galaxy devices, and Samsung claims it will not diminish the compatibility with the Google ecosystem. KNOX incorporates security enhanced (SE) Android with 256-bit encryption. The container and security support third-party mobile device management (MDN) software, directory services and VPNs.
What would it look like to a user? A click on the Knox icon on the home screen would open a new environment where their corporate email, calendar, contacts, CRM, expenses, presentations and so on would be stored. Existing Android apps can be installed inside the container. And once in the container you could use single sign-on for multiple apps or set up a single VPN tunnel for the entire session not for individual apps (which is quite a hassle).
Knox will set Samsung apart from Android rivals, but its capabilities are arguably matched by Blackberry 10 OS and Apple’s inherent sandboxing capabilities, which let you govern how an individual app interacts with others. (An explanation of sandboxing can be found here). Apple has had some form of MDM since iOS 2.0 and was greatly enhanced in iOS 4.0, however sandboxing individual apps is not as coherent an approach as an entire secure environment.
It should be noted that Knox is not a mobile device or application management suite but does provide 700 MDM application programing interfaces (APIs) meaning that software from major vendors such as MobileIron, AirWatch, Red Bend, SOTI and Afaria can manage what is inside the partition/container.
The appeal of containerization is two-fold: it allows organizations to support BYOD policies secure in the knowledge that it can remotely control sensitive corporate information which resides on employees’ own devices (via additional MDM software) and secondly, if the enterprise is to supply devices to staff, then the user can still download games and Foursquare and whatever consumer apps they want to use but could potentially be open to a security breach.
Even without partitioning, the actual risk of downloading infected malware to an Android device is fairly low (despite Trend Micro estimating that there will be 1 million items of Android malware by end of 2013). If users stick to the Google Play store and download apps with good reviews and high download count, they are probably at no more risk than iPhone users who can only access apps from the notoriously risk-averse Apps store.
However, the idea that Android presents “security risks” and “fragmentation” has permeated IT departmental thinking, preventing many companies from adopting Android devices as their corporate work horses. Samsung hopes KNOX will counter these misconceptions (fragmentation isn’t much a problem these days). A completely secure environment – which is also usable – could prove compelling in highly-regulated industries like insurance, banking and central government.