Full Unified Endpoint Management (UEM) is always best for your business, but depending on device ownership other management methodologies may be more suitable. Take BYOD for example, in some deployments, companies use containers to manage business applications for their end users. Containers can be attractive to both the end user and admin because it respects that the device is employee owned while providing all of the features (app and content management) needed to enable mobile working.
Containers – like Android Work Profile, iOS 13 User Enrollments, or 3rd party Mobile Application Management (MAM) offerings – effectively partition off part of the device, allowing IT admin to manage the apps and content in the container without visibility or interference with the personal part of a device. Similarly, the employee’s personal apps can’t see into container keeping business data out of reach. Some containers can also create VPNs for data in transit, helping secure network traffic too.
However, much like UEM, containers aren’t robust security solutions and it is possible to compromise them:
- Malware can enter the container via a compromised app or framework
- Browser based attacks can occur through a containerized mobile browser
- Compromised container security. For example, iMessage operates in a sandbox, similar to containers, yet vulnerability discovered in July 2019 allowed data on the device to compromised
A key issue with containers is that there are no tools to determine whether a container has been breached and if the apps and data it contains are at risk. Wandera’s MTD enables businesses to determine whether the container or device as a whole has been compromised. Knowing that corporate information is at risk, the business can then limit what is available within the container to prevent a breach before it occurs.
Questions to consider if you are considering containers:
- Do you trust that a container will not be breached when they are now the new target for malicious parties?
- Do you trust that your container will remain clean and that malware won’t enter and have access to all corporate information?
- Do you trust that containerised apps will send information to the correct place and won’t be diverted or subverted?
Mobile Threat Defense
Multi-level protection for mobile users, endpoints and corporate applications. Security teams worldwide rely on us to eliminate threats, control unwanted access and prevent data breaches.