Page 4 - index
P. 4
Not All Containers Are Created Equal - Look For The 3 C’s Of
Secure Mobility
By Eugene Liderman, Director of Public Sector at Good Technology
It‘s amazing how much IT and security has transformed over the last fifteen or so years. In the
laptop/desktop world you had your personal desktop at home and a company issued laptop you
used for work. You were accustomed to certain sets of security and information management
tools on that laptop; things like full disk encryption, firewalls, virtual private networks, intrusion
detection or protection software, and of course anti-virus.
We‘re now at the point where the operating system has a lot of these things built-in. Mobile
devices such as smartphones and tablets are becoming more prevalent as ways to capture and
consume data in real time. Unlike the desktop operating systems of the past, these new mobile
operating systems are built to target consumers and have slick social sharing features that
make it easy for a user to inter-mix personal data with their corporate data.
With mobile security you really have a paradigm shift in the way the data on the device ends up
getting secured. Security, features like full disk encryption and VPN are not as useful but other
more traditional security features aren‘t possible because of the way mobile operating systems
are designed. While consumer operating systems do provide very good mechanisms to secure
the data on them, it‘s important to ask if this is good enough for security conscious enterprises?
Initially enterprises looked at Mobile Device Management (MDM) to solve some of these gaps.
MDM is essentially analogous to configuration management. You can use it to tag your assets
and remotely configure them. While some may argue that by locking the device down fully using
these configuration tools you provide some level of overall security, but it‘s important to consider
that the more you lock down a particular device, the more you motivate the end user to find a
different way to accomplish their tasks. This oftentimes can create additional risk to the
enterprise, especially when Bring Your Own Device (BYOD) is added to the mix. Are you really
going to force the end user to set a complex device password for every time they want to go to
Facebook on their own device?
This brings us to the concept of containerization, which has been a popular buzzword in the
mobile security world over the last couple of years. The concept of containers or as some call it
"containerization" stems from sandboxing, which is something that has become very popular
since the introduction of iOS and Android but has actually been around for quite a long time. It‘s
essentially the separation and isolation of services, applets, data sets, etc. so that one cannot
see the other. For example, two apps downloaded from the iTunes App store onto an iPhone
are unable to be able to access each other‘s data and are completely isolated from one another.
Only later in the evolution of iOS did Apple introduce a feature called Open-In where a user
could take a file type (i.e. document, PowerPoint, PDF) and open it using a third party
application on the iOS device. The primary differences between sandboxing, which is a function
built-in to the OS, and containerization are as follows:
Cyber Warnings E-Magazine – CTIA Special Edition, September 2014
4
Copyright © Cyber Defense Magazine, All rights reserved worldwide
