Mobile containers only good for medium-risk data: Gartner

For the past year many mobile device management software companies and some handset/tablet makers have been touting their ability to segment and encrypt business data from personal data on smart phones for protecting corporate information if the device is lost or stolen.

But a new report from Gartner says the effectiveness of these so-called container solutions depends on how they’re used. In particular, author and analyst Eric Maiwald says when managed properly containers provide a good level of control “if the risk to the enterprise of unauthorized disclose is low to medium.”

In particular, the strength of the protection depends on the operating system, he says.

In a blow to BYOD policies, he says if there is high risk to the enterprise if the mobile device is lost or stolen then employee-owned devices can’t be used.

For the best mobile protection, enterprise-owned devices that are heavily managed – meaning limited applications allowed, limited browsing and tight policy controls including strong authentication for accessing corporate data – has to be the rule.

“While containers provide security, they often do so at the cost of user experience and, therefore, are not appropriate for all users, use cases and devices,” he adds. Application user interfaces are often different for the protected workspace than the native app, which doesn’t appeal to employees.

As a result, enterprises should consider present container solutions as stop-gap or tactical rather than long-term solutions.

Arguably the best known of what he calls managed information container solutions is one of the first ones to market, BlackBerry Balance for BlackBerry devices (which needs BES 10. A similar BES 10 capability for Android and iOS devices is called Secure Workspace), but the report says Apple’s iOS and Android devices have now have base functionality at least.

In addition to BlackBerry Balance, Samsung has begun adding container capability to some of its Android-powered Galaxy devices that use a technology it calls Knox. Third party MDM providers like AirWatch (just bought by VMware), MobileIron, Fiberlink (about to be bought by IBM), Good Technology, as do vendors such as SAP (through its Afaria MDM solution), Citrix (through XenMobile), Oracle (by buying Bitzer Mobile), Symantec through its Mobile Management Suite, and VMware. The recently-released iOS 7 includes policies allowing IT greater control over managed applications. However, Mailwald says iOS7 is not a replacement for managed information containers if the enterprise needs to manage medium risks.

Containers create a space on the mobile device that is controlled by the enterprise. Base protection covers email, calendar, contacts, as well as a secure browser. For control IT administrators have the power to force users to authenticate before accessing the container, to encrypt data in the container, and to control copy and paste functions on the device, and to remotely wipe the device.

However, Maiwald notes that if the enterprise allows weak passwords or PIN numbers the power encryption is defeated. Look for MDM software that forces users to create strong passwords.

The ability to remotely wipe the device is good, but it can be defeated if the SIM card is removed of the device is in airplane mode. Another concern is the user jailbreaking or rooting the device’s operating system. While all container products attempt to check the integrity of the OS, some don’t divulge exactly how they do it, which Mailwald says “doesn’t improve confidence.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now