In many companies, it is permissible to use your own smartphone or personal tablet for business purposes. Then private and company-owned data must be strictly separated from each other. Using application and data containers, this can be solved satisfactorily for both parties in compliance with data protection regulations.
Basic Functionality
In practice, a container initially behaves like an app that can
only be accessed with its own password. Depending on the characteristics,
it represents certain functions itself, or it presents itself as a separate
user interface that enables access to other - secure - company
apps. An EMM (Enterprise Mobility Management) solution is required
to enable safe installation and continuous maintenance of the containers. This
is the only way to ensure that, on the one hand, the privacy of the user is
protected and, on the other hand, the integrity of the company environment is
secured.
Conceptual Differences Between Corporate Device
and Bring Your Own Device
The reason for using container solutions is the difficult balance not only on the part of mobile security but also on the part of data protection for private devices. With a COPE device (Corporate Owned, Personally Enabled) or COBO device (Corporate Owned, Business Only), i.e. company-owned smartphones or tablets, the administrator has extensive access rights and can specify how the device can be used.
This
is not the case with the BYOD concept
(bring your own device). It cannot be prevented that the user installs
potentially unsafe apps that, for example, sniff out keyboard entries or
address books. The administrator's access rights are also severely
restricted because the user's personal rights must be observed with a private
device. There may be no access to his private data, no recording of
locations, movement or usage profiles.
The solution is therefore to create a separate environment for
all company applications and data that is strictly shielded from the private
environment. This also prevents company data from ending up unencrypted on
the private hard drive when the user is backed up.
Samsung Knox
Samsung Knox provides a very extensive technology platform on Android devices that are based on a multi-layered concept. Part of the solution is special hardware components so that they can only be used on Knox-compatible devices. The Knox Workspace container solution ensures a clean separation of private and business applications and data. It also enables IT administrators to have extended access to certain device functions. Numerous stored IT guidelines and installed MDM guidelines make it easier to manage the devices. The integration into the mobile device management of a company is also part of the solution. It is offered under the name Knox Mobile Enrollment.
Android in The Company
With Android in the company, former name Android for Work,
Google offers at least basic functions for the secure use of Android-based
devices in the company. The central building block is “managed profiles”,
similar to the user profiles on a Windows PC, with separate work environments
and memory areas. Pre-installed applications and a dedicated business
premium area for downloading additional applications from the Play Store
complete the concept. Samsung Knox can be built on this basis.
Blackberry Unified Endpoint Manager (UEM)
The EMM from Blackberry, which was previously sold under the
name Blackberry Enterprise Service 12 (BES12), uses the security measures
specific to a mobile endpoint, such as encryption, certificates, and the use of
containers. In addition to your own solution, devices, and container
solutions from other manufacturers can also be managed with Blackberry UEM, for
example native container solutions such as Android in the company and Samsung
Knox Workspace or alternative protection concepts such as Windows Information
Protection or Apple's iOS-managed apps.
Further Solutions: Secure Container for
Sharepoint, Secure Browser, VPN, and More
The solutions presented are good basic equipment, but not
sufficient for every case. Some of them can be expanded with additional
apps. In some cases, however, it is also appropriate to add your own
containers to applications. This also isolates the corporate applications
from one another. Or they provide basic functions for other containers,
such as a VPN that guarantees secure access to company data. It is also
possible to relocate Internet access to the company network. The
protective mechanisms and access restrictions implemented there then also apply
to the mobile device.
Conclusion Secure Container
In a potentially insecure environment - the private mobile device - containers offer a protected area for company applications and data. The containers ensure that the applications run in a protected environment, and they also prevent company data from leaving this environment or being manipulated from outside. Copying from the company app that runs in the container to a Facebook group that was accessed via the private app is not possible, for example.
Online threats may come in various ways. So this is needful to updated with Antivirus security software.
Comments
Post a Comment