The sheer impossibility of stopping the use of personally owned smartphones and tablets in business settings has led management and IT professionals to the rational conclusion that implementing a plan for application and data segregation is essential. To do that, there are a number of solutions that make sense and can help provide some solution to the problem. Current Analysis (PDF) has a more detailed study that is useful as well.
Mobile Device Management (MDM)
The use of MDM solutions is not new for most organizations, and for those that have already invested in MDM, this technology offers a number of benefits. It offers the ability to manage a broad range of mobile devices on a single console, which is very attractive, and MDM solutions can tag applications to determine if they are business or personal apps. There is a strong level of security including cut and paste restrictions. There are some details in MDM solutions that do need attention, including; support for BYOD device data encryption, remote wipe features, and lockdown of device features. One key consideration is if you can separate business and personal applications and data as some MDM systems have limitations in this capability
Containerization is effectively creating a secure “container” on the tablet that holds business applications and data. This does a nice job of separating the business and personal data, and can provide enhanced security in BYOD as only business apps that are in the container can be used there. From a functional perspective, there are many similarities to MDM. Where the differences start to become visible is when you look at how much “behind the firewall” access a tablet needs to line of business or corporate applications. Using secure container technology provides a more robust solution for this use case.
This is the newest approach to BYOD and tablets for separating personal and business applications. It is important to note that dual personality is not necessarily a replacement for MDM or containerization, and many use cases are an augmentation of those solutions. The key drivers for this approach are where restrictions on the personal side of the device are not welcome and end users are not comfortable that IT has visibility to their personal “side” of the tablets. Most of the dual personality solutions exist as an application on top of the OS, but are not hypervisors that require much more test and integration by the tablet manufacturers. Dual personality is also very useful where personally owned devices are making their way into the organization, and IT needs a secure “business” side of the device to work with.
Clearly, the need to segregate “personalities” on these tablets and other BYOD devices is essential if they are going to be allowed as platforms for any business applications. There are different and actually complimentary solutions that we’ve listed here. The good news is that all three approaches provide a good starting point and solutions to get the basics in place. That needs to be the focus for those organizations that haven’t put a process in place for apps and data segregation. As we look to the future, more functionality and the support for a more transparent consumer experience will lead to more capable solutions.