Professional Documents
Culture Documents
Mobile App Security Through Containerization: 10 Essential Questions
Mobile App Security Through Containerization: 10 Essential Questions
Mobile App Security Through Containerization: 10 Essential Questions
1. Can enterprise apps and data be segregated from personal apps and data?
Given the prevalence of BYOD, there must be a way to securely separate corporate data on any device whether its user owned
or corporate liable. One approach that has become the prevailing approach, recommended by industry analysts and gaining
acceptance at many companies is to use app containerization technology that provides each managed app, and its data, with its
own secure runtime container. To be effective, app containerization must use a strong encryption algorithm that is separate from
native device encryption, with the containerized apps secured by a strong password policy. The isolation provided by containerization
reduces the chance of malware infection or privilege escalation from a malicious app on the device.
Containerization, typically delivered via a mobile app security platform, causes an app to transform in multiple ways: the app data
is encrypted and segregated from all other apps; native OS runtime system calls are replaced with equivalent secure versions; and
unique security functionalities such as secure shared services and app-to-app secure workflows become possible. Because of
the containerization delivered by the mobile app security platform, an enterprise suddenly has all kinds of security controls over the
app, and how it can or cannot interact with other apps in a combined workflow.
Containerized apps can coexist right alongside personal apps on the mobile device, but each containerized apps data stays in its own
container, and any connection to another containerized app or a corporate server is secured. True containerization is on an app-by-app
basis, and shouldnt be confused with virtualization, a less effective technique that creates a single shared environment for managed
applications, and may not be supported by popular mobile devices or operating systems.
App wrapping. For rapid time-to-value, organizations can choose to simply wrap their applications with the platform-provided
Code integration. For advanced functionality that is not possible via app wrapping (e.g., secure inter-application
communication, etc.), developers can use the API calls and software libraries in a Software Development Kit (SDK) to
incorporate capabilities of the mobile app security platform into their apps.
6. Will IT be able to centrally manage security policies for all containerized apps?
A very basic requirement is that enterprise IT administrators should have a single user interface for managing policies and security
for all mobile apps. While there will be general security policies that can be implemented for all apps such as data loss prevention,
ensuring password strength, frequency of password updates,etc. there will also be cases where app developers will create policy
controls that are unique to their apps. For example, your organization might outsource the development of a mobile HR app that
provides more functionality to a manager-level employee user than to an individual contributor-level employee user. App developers
should be able to take advantage of the centralized policy control user interface to enable, customize or lock down app functionality
for specific groups and individuals.
As you build out the mobile app security strategy, consider solutions that provide the flexibility of managing these app-specific policies
from the same interface that is used for all the other security policies. If each mobile application has its own control interface, this
will increase administration complexity exponentially, making it more likely that IT admins will make mistakes. Separate control
interfaces will also increase management costs and compliance burdents.
CONCLUSION
Enterprises must secure mobile apps and the data they use. Device-level security isnt enough, especially with BYOD. The approach
to security must be comprehensive, and it should be based on an end-to-end strategy that has accounted for the above requirements.
By doing so, the enterprise will have a comprehensive mobile app security experience that can keep corporate data secure and prevent
data loss. Accounting for the user experience, which permits the users device to operate just as it always did, along with advanced
features such as single sign-on across apps and secure app-to-app workflows, allows the organization to accelerate the business
transformation possible with mobility.
Global Headquarters
+1 408 212 7500 (main)
+1 866 7 BE GOOD (sales)
EMEA Headquarters
+44 (0) 20 7845 5300
2014 Good Technology Corporation and its related entities. All use is subject to license terms posted at www.good.com/legal. All rights reserved. GOOD, GOOD TECHNOLOGY, the GOOD logo, GOOD FOR
ENTERPRISE, GOOD FOR GOVERNMENT, GOOD FOR YOU, GOOD DYNAMICS, SECURED BY GOOD, GOOD MOBILE MANAGER, GOOD CONNECT, GOOD SHARE, GOOD VAULT and GOOD DYNAMICS
APPKINETICS are trademarks of Good Technology Corporation and its related entities. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners.
Goods technology and products are protected by issued and pending U.S. and foreign patents. 07/14 Rev. 07022014