The mobile industry has reached an inflection point. The value of providing employees with greater productivity must be balanced against threats such as data leakage, lost and stolen devices, and unsafe user practices. As employee-owned devices become more widespread in enterprise and businesses start moving up the mobile maturity curve, traditional mobile device management (MDM) offers insufficient security controls.
Businesses have thus started to turn elsewhere. Consumer-oriented devices have begun to ship with on-device containerization. Solutions such as Android for Work, Apple iOS Managed Apps and Samsung KNOX have grown increasingly common.
“App containers have begun to evolve as a complement or even a replacement for MDM as the foundational security layer for enterprise mobility,” reads a recent BlackBerry white paper. “Containers are a transformative technology for enabling enterprises to confidently deploy mobile apps that access corporate data and network resources with security and control, enabling users to work anywhere, anytime while still protecting corporate data and user privacy.”
Let’s talk about what’s behind this security evolution. What specific factors have driven this widespread adoption of app containerization – and why? More importantly, how can you tell the difference between an effective containerization tool and an ineffective one?
1. We Need to Address the Threat of Data Leakage and Malware
Although mobile malware still remains a threat, businesses should be more concerned with plugging data leaks. According to Appthority’s Q1 2016 Enterprise Mobile Threat Report, 48.2% of applications on iOS and 86.7% of applications on Android are prone to data leakage, while nearly the same number exhibit privacy-invasive behaviors like location tracking, accessing address book information or transmitting device ID details.
Insecure apps are not the only potential source of data leakage – in a non-containerized environment, an employee might inadvertently forward sensitive files through their personal email account or upload business data to a personal cloud storage tool.
“Data leakage and loss from negligent file sharing and information collaboration practices is becoming just as significant a risk as data theft,” notes a 2014 Ponemon Institute survey. “Consumer grade file-sharing cloud applications are popular with both employees and organizations because they make it possible for busy professionals to work efficiently together. However, [there are] holes in document and file level security in part caused by their expanded use.”
According to the survey, 61% of employees make use of personal file-sharing apps in the workplace, send unencrypted emails and forward documents to unauthorized parties. Implementing a secure container not only cuts insecure apps off from sensitive data, but also makes it less likely employees will accidentally use personal apps or accounts in the workplace – there will be a clear demarcation between private and professional.
2. Consistency Is Key
With the number of devices per person slated to hit an average of 4.3 by 2020, employees are increasingly jumping between devices and form factors in the workplace. This situation borders on nightmarish for IT, as every OEM implements device security in a different fashion. In order to adequately manage security on Android, for example, an IT department must understand the intricacies of every single permutation of the OS.
This lack of consistency not only places undue stress on IT, but also puts the entire business at risk. A system, after all, is only as strong as its weakest link. All that is necessary for a breach to occur is for one device’s security controls to be insufficient.
An external solution is necessary here. You need an app containerization platform that provides consistent security controls across devices and form factors. Currently, there exists only one solution that fits this description – but more on that in a moment.
3. Devices Get Misplaced All The Time
According to a 2014 survey by Bitglass, lost and stolen devices are the leading cause of healthcare data breaches. Not malware, not sophisticated cyberattacks, but simple theft. If the healthcare data and apps on the stolen devices were kept separate through a container, many of these breaches likely could have been prevented.
Many, but not all. Since most containerization tools rely on device-level controls, they can still be cracked by criminals quite easily. This means that if a thief is able to get into the device, they’re able to release the data.
Passwords and PINs also prove insufficient in such a situation. Most user passwords are easily cracked, and there are multiple tools designed to bypass device security. Further, the thief might not even have to resort to such measures as hacking a password, instead exploiting an OS vulnerability such as iOS 8 and 9’s screen lock bypass.
4. BYOD Is Now the Law of the Land – And User Privacy’s A Must
Last May, a California woman filed a wrongful termination suit against her employer. Myrna Arias of Bakersfield, Calif., was fired from her position at Intermex for deleting a company-mandated location-tracking app known as Xora from her smartphone. According to Arias, the application was used to illegally spy on her after hours, and her boss would often brag about knowing how she spent her weekends.
I doubt you’ll find anyone who would argue an employer has the right to track what employees do with their personal lives, but enterprise location tracking and data collection apps like Xora cannot distinguish between work and personal use. They’ll continue doing what they were designed for, regardless of whether or not an employee is on the clock. This means that without containerization, those apps could be violating the privacy of employees and running afoul of data privacy laws and the FTC.
They may also cause users to opt out of BYOD programs in the interest of protecting their own privacy, reducing adoption within the organization. This will, in turn, foster dissatisfaction among staff, and make it more difficult to implement new mobility initiatives. Separation of work and personal data on employee devices ensures that this will not happen.
How BlackBerry Does Containerization Better
The majority of containerization solutions focus on ring-fencing applications through less-than-secure device-level controls. The security scope of these solutions is also typically narrow, and focused on protecting app data or content such as corporate documents. They do not, for example, secure the interactions between different apps.
As noted in a 2014 blog post by my colleague Jeff McGrath, credentials (usernames, passwords, tokens and certificates) and configurations (information on backend systems and resources) are both equally important.
“Losing a user’s local content hurts, but losing enterprise credentials and configurations data from a mobile device can have a far more critical impact on enterprise security,” he writes.
That’s where BlackBerry comes in. We invented containerization, and with our expertise, we’re able to take it to a level that others cannot match. Our mobile app containerization solution, a fundamental component of the new BlackBerry Enterprise Mobility Suite formerly known as Good Secure EMM Suites, differs in a few ways from others on the market:
- “Three C’s” security: Our app containers not only encrypt the applications themselves, but also inter-app communication. Configuration details and user credentials are protected alongside content, and all data – whether at rest or in transit – is protected by FIPS-validated encryption against intrusion.
- Device-independent encryption: Our app containerization process and its related encryption is device-independent. This means that even if a criminal cracks a stolen device, they still can’t gain access to the content, credentials and configuration details. And it doesn’t matter what device an employee uses, either – security is consistent across all of them.
- A superior user experience: Our app containers support single-sign-on authentication, allowing users to log in once to gain access to all BlackBerry-secured apps on their device.
- A powerful product suite: BlackBerry’s app containerization is part of the most flexible, unified EMM platform on the market. Between BlackBerry Enterprise Mobility Suite and the rest of the BlackBerry portfolio, your enterprise has everything it needs to take full command of its security.
By combining our mobile app container with a device container like Secure Work Space, your business not only protects user privacy, but also safeguards its information, credentials and infrastructure data at every level.
To learn more about our app containerization solution – and about the EMM platform it’s a part of – check out the webinar “Introducing BlackBerry Enterprise Mobility Suite,” hosted by BlackBerry’s Jeff McGrath and Alex Willis.