BYOD, Mobile Device Management and Containerization

BYOD, Mobile Device Management and Containerization

Mobile apps are going beyond the usual mail, calendar and contacts. Businesses are actively investing in the development of Mobile apps and at a very rapid pace. Also, the enterprises are embracing the BYOD (Bring your own device) paradigm. BYOD is a result of win-win situation that balances the corporate needs and the employee.


As devices have become smarter and cheaper, employees have got their own personal devices, which are much smarter than the devices given by their corporates. This has lead to lot of people carrying multiple devices and growing disgruntlement amongst employees in using the corporate device. From corporate perspective, it is an added cost of managing the device and hence they see a value in allowing employees to get their personal devices to access corporate data.

Now, there is a challenge. Corporate still needs to control who has access to what data and if required should be able to wipe off the data sitting on users mobile, while they provide flexibility to employee by allowing him to bring his own device. A common device used to access personal and corporate data means that they could compromise each other. So, there is a need to be a Chinese wall in protecting access on personal/professional data.

There are multiple technology approaches to solve the problems due to BYOD. MDM (again a word coined by Gartner) is one such. MDM stands for mobile device management that allows corporates to manage the mobile devices from cloud. It typically involves an agent to be installed on the device and this agent will then talk to a server hosted on cloud in read/write fashion. Security policies can be defined in the server that allows corporate to define restrictions on apps, control on features of mobile such as copy/paste etc. There are quite a few tools that provide such capability. MobileIron, Good Technologies, Airwatch, Citrix etc. are pure play players in this space. Most of these provide their own encryption APIs, SDKs as part of their platform.



Initially, MDM tools were very conservative while managing corporate data on users devices, with policies often applying to the entire device, including both personal and professional apps and data. Users may not be willing to give up control of their smartphones in exchange for receiving access to corporate apps and data. Hence, quite a few have turned to Containerization as possible solution.

Containerization is a concept where a separate, encrypted environment is provisioned on the device, where corporate apps and data can reside.

Containerization as a concept is not new. We saw containerization attempts in web browsers through ActiveX plugins, Flash plugins, even Applets for that matter. It meant that the Flash container would control and execute flash based apps thus overcoming limitations on browsers to provide a rich client app etc. The key thing here was that the containers had control. Similar thing has been attempted in mobile space.

There are many choices for Container technology. For instance, Blackberry and Samsung Knox are embedding the container in Operating System itself. Companies such as Citrix provide an API to access the container. This means that the custom applications have to use these APIs in order to access the container.

Application wrapping is another technique used to creating a secured layer, wrapping the corporate application and data. Here each application is enclosed in its own encrypted policy wrapper, or container. There are challenges with this approach as one need to have access to source code of the application, which is very difficult to access, especially for IOS Apps.

Each of the above has advantages and disadvantages and there is no clear standardized approach emerging yet.

While the above approaches helps corporate achieve separation of professional and personal data, there are still questions around the convenience that these approaches provide to the end user. The user may still have to jump from corporate workspace to personal workspace, sort of limiting the advantages of BYOD to some extent.

So, lot of vendors are getting into creating MAM (another term), Mobile Application Management space where in the security, policy control, management happens at Application level and not through a container. We will see about this more in next blog.

For now, the space is to be watched out for with solutions coming from Operating System vendors, Hardware/Device vendors, VM vendors, Pure play vendors etc. trying to evolve and create an eco system to enable BYOD a reality.

Gartner predicts even the network providers such as Verizon, AT&T also may bring in Dual Data Plan, one for personal and one for professional usage.

I would also look forward to see what Apple, Google and SAP would do to address this space.


Leave a Comment

Your email address will not be published. Required fields are marked *

= 3 + 4