Best BYOD management: Work zones for smartphones

Emerging containerization technologies create a separate, protected workspace on employees' personal smartphones.

1 2 3 4 5 Page 2
Page 2 of 5

Choose Your Container

Vendors offer, in essence, three different approaches to containerization: creating an encrypted space, or folder, into which applications and data may be poured; creating a protective "app wrapper" that creates a secure bubble around each corporate application and its associated data; and using mobile hypervisors, which create an entire virtual mobile phone on the user's device that's strictly for business use.

All of these approaches offer more granular control over corporate applications and data on users' devices than whatever security comes standard with smartphones currently. And with containerization, users aren't limited to using devices on an approved list of smartphones that have been certified and tested by IT, because corporate apps and data reside inside a secure, encrypted shell.

However, the need to switch back and forth between the business and personal environments may be perceived as inconvenient and affect overall user satisfaction, says Phillip Redman, an analyst at Gartner.

Neither Apple nor Google offer containerization technology, and neither would comment for this story, but each company did point out some resources that might be helpful (see sidebar, below).

Encrypted Folders

The most mature containerization approach is the use of an encrypted, folder-based container, Redman explains. AirWatch has such an offering, and Good Technology is an early market in sales to organizations that have adopted containerization enterprisewide, particularly within regulated industries.

For basic mobile access, BNY Mellon uses Good for Enterprise to create an encrypted space on smartphones within which users can run Good's email and calendar client and use a secured browser. "It's a secure container with an app that can send and receive corporate email that's encrypted," says Perkins. All communications are routed through Good's network operations center, which authenticates mobile users.

Good has been offering its basic email and calendaring tools for several years. Late last year, it added the capability for other apps to run within its protected space using the Good Dynamics Platform, but each app must be modified to run in Good's proprietary environment. So far, about a dozen commercial apps are available, including QuickOffice, which is typically used for reading and editing downloaded Microsoft Office file attachments.

Perkins is using Good only for email and calendar -- the "killer apps" for most employees, he says -- and accessing internal, browser-based apps using Good's browser.

For users who need complete access to the corporate network, SharePoint and other services, BNY Mellon uses Fiberlink's MaaS360, a cloud-based MDM system that can take complete control of a user's device. MaaS360 monitors what gets written to and from the operating system, and it blocks access to some personal apps, such as Yahoo Mail and Gmail, when the device is accessing corporate resources.

"When it's on our network, we own it and control it," says Perkins. When used in personal mode, individuals have control over which apps they can use.

1 2 3 4 5 Page 2
Page 2 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon