by Omer Eiferman, CEO with Cellrox
Gartner here predicts that within the next few years, half of employers will require employees to use their own device for work and 90 per cent of organisations will have data on external IT systems. Alongside MDM [Mobile Device Management], many enterprises are using or considering containers and application wrappers on users’ smartphones to separate and secure work and private data.
The difficulty with these makeshift solutions, containers and wrappers, is that they are simply band aids for a larger and more complicated problem.
These are flawed solutions that run the risk of compromising security and the very relevant BYOD user experience.
Furthermore, like any bandage, they do very little to solve the actual problem.
The use of containers requires a company to recompile apps with the container SDK.
This presents a nearly impossible task for enterprise IT departments, who often do not have the necessary means to do so.
Sourcing the application code for recompiling is problematic as it would require deal-making with every application provider.
Even in a perfect world where code is sourced and an app recompiled, mobile apps are frequently updated and any enterprise IT department must be able to support these updates.
Wrappers use different techniques to contain an application by manually or automatically adding code.
Unfortunately, this typically breaches the application EULA, raising questions of who is to be held responsible when something goes wrong. (Hint: the Enterprise!)
For example, think about the following scenario: -
Company X decides to use a cloud-based file sharing service in their enterprise.
They use a wrapper from Company Y to secure the file sharing tool.
Whilst this results in a modified file sharing tool that may have better security, it also results in new security exploits added by the wrapper, which a hacker then uses to penetrate into the file sharing service.
In this situation, with whom does the responsibility lie? Technically, the hacker.
But who is responsible for the vulnerability existing in the first place?
Enterprises need to be aware that adding another layer of indirection may result in degraded performance and need to consider the potential issues of using such wrappers.
As you can see, each bandage has its own individual issues, but they also share several that are little known. So what are containers and wrappers not telling you?
They’re not telling you that you are unable to use native OS applications such as calendar, contacts, and email clients.
This is why enterprises are forced to purchase third party alternatives for PIM, and as a result, need to convince their employees to work with apps with which they are not familiar.
Such a limitation translates in to a longer provisioning time, and consequently, a loss of productivity
You cannot secure applications and services that require direct access to hardware, such as the phone dialer, VOIP clients, and video players.
Phone diallers, for example, need to be secure because if an employee installs a simple call recorder (many of which are available for free) in the private zone, it will intercept and record all business calls.
If an employer forbids the employee from installing such an app then it is subsequently no longer a BYOD.
Lastly, containers and wrappers are not secure. Bad apps such as malware are running in the same environment as corporate apps.
In a recent CEO conference held by USVP, the product vps of three leading security companies admitted that containers and wrappers cannot provide security for the enterprise unless they are well integrated into the OS, which is currently not the case.
This is why containers and wrappers are simply bandages for a problem and are not real, long term, and salient solutions.
Only a persona based separation between work and private use, which supports any unmodified app, whether native, third party or home-grown, and which doesn’t degrade performance or UX, will build the foundations for a real solution, one that employees want and need.
Omer Eiferman is CEO of Cellrox, – a startup that provides a solution that makes it easy for corporate IT departments to adopt mobile devices. Cellrox’s claims that its multi-persona platform mitigates security risks by allowing users of mobile phones and tablets to carry a single smart device partitioned into personas running side by side. Prior to joining Cellrox Omer was the CEO of Salio, a Nano technology company, for six years. He worked as a partner at Heinemann & Co; a NYC, USA based M&A investment bank where he focused on identifying strategic partnering options for early stage technology companies, including merger and acquisition opportunities as well as OEM and distribution partnerships.