A few years ago, companies provided employees with mobile devices for official use so that they could monitor and control any sensitive company information or data that might have been stored on these devices. The company managed every aspect of the mobile device and the information stored on it. Times have changed. Not only have employees moved towards an all-purpose device approach, but even IT departments have recognised the need for managing strategic currency (data) over strategic resources (mobile phones).
Today’s business advantage lies in leveraging mobility as a competitive advantage. Even if companies don’t adopt mobility practices, employees still tend to use their devices on company premises and this creates a security risk that might hamper business data. The Bring Your Own Device (BYOD) approach helps organisations not only save time and overhead costs on managing company-owned devices but also boosts employee morale as they can work from anywhere thereby increasing their productivity and response times.
However, along with these benefits comes organisational challenges and threats such as loss of devices, scalability and security vulnerabilities. To secure corporate data on employee devices, organisations need to provide an abstraction layer over the raw data, which also enables resources such as documents and applications to access the data easily. However, this practice is more disadvantageous than older approaches. With BYOD, the lines are blurred between professional and personal, where employees are concerned about their privacy and personal data. In this scenario, containerisation is the only way forward.
Containerisation, is like putting a brick wall between corporate data or apps and personal data or apps used by the employees. It is simply installing apps to create isolated compartments or containers on employees’ personal devices, where the organisation can provide a secure environment, which can be controlled by them. As a risk mitigation strategy, organisations need to partition the personal and corporate data on the employee device into containers, where the flow of information between each container is restricted.
Containerisation gives IT admins the tools needed to establish separate, encrypted, policy-enforced containers within personal devices, and to deliver email, browser apps, and data specifically to those containers. IT policy and management extend only to the container’s contents, which reside in complete isolation from the rest of the device. If a device is lost or stolen, IT can wipe the containers without disturbing personal assets. This provides robust information integrity, prevents data leakage, and blocks unauthorised devices from the network. This may help reduce potential privacy and security risks but it does not eliminate them.
There is no container-wide security for every app. In fact, many mobile management vendors have taken this concept a step further by expanding their dominion over resources without disturbing the end users. This way, they can appease not only the companies that desire complete control over everything inside the container, but also the employees who want to have a greater say in the privileges available to them, on their own devices.
However, the main issue with BYOD is providing employees with the freedom to install new and relevant apps, while monitoring their activity. For instance, a video editor might want to try a new editing app on their mobile phone. But, containerisation might make this simple installation cumbersome. The issue therefore raises more ethical than strategic concerns, because while the sensitivity of corporate data has strategic implications, the privacy and freedom of employees that is ultimately curtailed, is purely ethical.
Containerisation is a big decision that companies are forced to make. As the need to embrace BYOD grows, so does the need to recognise the diversity of concerns stemming from the plethora of mobile phones inundating companies. Additionally, there is no single approach to tackle this, for there simply is no best solution on the market. There is only what’s best for your specific requirements.
BYOD is all about the user’s phone, the user’s tablet, the user’s pictures — it’s all about the user. Containerisation is about establishing a democratic governance between the user and the company.
About the author:
This article has been written by Vijay Saradhi, Manager at ManageEngine, a company specialising in IT management.