Page 5 - index
P. 5
Separate: Protect and control enterprise data on devices— without interfering with
personal information and applications.
Secure: Ensure security at each level of data delivery— internal, perimeter, transport
(client/server & app-to-app), and at the handheld device.
Manage: Manage the whole device or just the business applications and data
consistently and in accordance with your policies
Enforce: Enforce compliance and access controls at platform, network, and application
level
Containerization is way to fill those gaps that simply didn‘t exist in the desktop/laptop
environment.
As MDM has transformed in to Enterprise Mobility Management (EMM), many of the companies
in this EMM category claim to offer containerization technology to help security conscious
enterprise secure and isolate their enterprise data on these consumer smartphones and tablets.
However, are all containers really created equal? That depends on the three C‘s—content,
credentials and configuration data—which serve as a benchmark when evaluating
containerization technology.
Content is information you sync to and from the device, and even from app to app. Typically
you‘re looking for solutions that provide data-at-rest encryption as well as data-in-transit. The
problem with some container solutions is that they will rely purely on the operating system. Here
are some of the critical requirements you should look for:
Incorporates OS independent cryptography to secure data at rest and in transit
Maintains encryption in file system even when documents are in use (e.g., viewed)
Restricts Open In and Copy/Paste by policy
Prevents automated OS ―App Snapshots‖
Does not create unencrypted copies during Open In
Does not allow file sharing to Facebook and Twitter
Does not allow AirDrop sharing of files
Does not purely rely on native transport (HTTPS)
Does not require additional VPN investment
Credentials are what you use to secure the data in your applications, or authentication to a
backend system where the data is synchronized. This includes usernames and passwords,
authentication tokens, or certificates. When it comes to credentials, you should look for:
Does not store Active Directory credentials on device
Does not require credentials to be entered on the device for access to enterprise
applications (SSO)
Does not store tokens, keys, or cookies in a forensically recoverable manner
Configuration Data is the information around the configuration of the application and how it
communicates with the backend system. This data is typically stored in the device keychain,
some sort of configuration file (i.e. plist), log file, or database. Examples include:
Cyber Warnings E-Magazine – CTIA Special Edition, September 2014
5
Copyright © Cyber Defense Magazine, All rights reserved worldwide
