Best BYOD management: Work zones for smartphones

Computerworld - Anthony Perkins wants employees at BNY Mellon to bring their personal smartphones to work and use those instead of company-issued BlackBerries to access business email, applications and data.

But there's a catch: Not all employees are comfortable with the prospect of having their personal phones locked down and controlled as tightly as the BlackBerries that Perkins would like to phase out. That's where the notion of containerization comes in.

A bring-your-own-device (BYOD) strategy is good business, says Perkins, CIO for BNY Mellon's Wealth Management business. It reduces the time and expense involved with maintaining and managing company-owned BlackBerries. "We'd like to be in the business of managing software, not hardware. In the RIM world, you manage hardware," he says, referring to BlackBerry maker Research In Motion.

On the downside, today's popular mobile devices were developed for the consumer market, and third-party management tools don't offer the same degree of control over user devices that RIM systems have over BlackBerries. RIM designed and controls the BlackBerry client architecture and has been especially responsive to the needs of corporate customers.

Because corporate apps and data are often mixed in with the user's personal content, mobile device management (MDM) tools tend to be very strict when it comes to managing corporate resources on users' phones. Usage policies often apply to the entire device, covering both personal and professional apps and data. Users may not be willing to give up control of their personal phones in exchange for the privilege of using them for business.

To get around such user resistance, Perkins is turning to containerization, an emerging class of management technology that carves out a separate, encrypted zone on the user's smartphone within which some corporate apps and data can reside. Under such an arrangement, policy controls apply only to what's in the container, rather than to the entire device.

Containerization tools are typically complementary to MDM software, and an increasing number of MDM vendors are incorporating containerization functionality.

But as great as containment is for safeguarding corporate data, it doesn't necessarily prevent personal data from being lost in a wipe by the IT department if a phone is lost or stolen. Some IT shops recognize that some users may not know how to properly back up their personal data and apps and are helping them set up backup systems.

Ryan Terry, division CIO and chief security officer at University Hospitals Health System in Shaker Heights, Ohio, turned to containerization because he sees the use of traditional MDM tools to control the entire device as a liability issue. The hospital needs to have apps or data delivered securely to clinicians without interfering with the users' ability to access their personal apps and data. "We can't afford to delete things of a personal nature or impede their ability to use their personal asset," he says.

Alex Yohn, assistant director of technology at West Virginia University, is also wary. "I don't want my guys doing settings on the personal side that could come back to haunt us," such as accidentally deleting data or making configuration changes that affect how the users' personal apps run, he says.

For companies in highly regulated industries that need strong security policies and face strict compliance mandates, containerization can be especially helpful in making the BYOD experience more palatable for users, IT leaders say.