Samsung? BlackBerry? Who Will Win the Containerization Wars? - InformationWeek
IoT
IoT
Cloud // Cloud Storage
Commentary
3/19/2013
07:03 AM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%
RELATED EVENTS
Full Security Visibility: An Introduction to SysSecOps
Jun 06, 2017
Systems and security operations - SysSecOps - is a growing approach that integrates endpoint monit ...Read More>>

Samsung? BlackBerry? Who Will Win the Containerization Wars?

Mobile Application Management vendors all perform containerization, wrapping apps in a security management layer of code. 3rd parties like Box that distribute lots of apps would want to be able to distribute a wrapped version in the app stores, but every MAM vendor uses a different wrapper. Will one win out? Is there a role for standards?

MDM (mobile device management) has become a commodity technology over the years. It is also embarrassingly limited in its ability to secure devices and data on those devices. But it is, ironically, standardized by the rigid definition of what Apple will support.

So when security companies like Apperian develop their MAM (mobile application management) solutions to advance security beyond what Apple does, things can get messy.

The main technique in MAM is containerization or wrapping: The management system takes an app and "wraps" it inside a shell of code through which all access to the app must pass. This container (or "wrapper") is a management point: It implements policy as set by the MAM system. Examples of policies that Apperian's EASE can impose as policies on an app include:

  • A per-app passphrase
  • Strong encryption of all data stored
  • Secure copy/paste
  • A per-app VPN tunnel to the enterprise

Many other companies implement similar sets of features in their MAM products. Some big names are getting into this business, including BlackBerry with BES 10 and Samsung with Knox. But there is no standard for the feature set and there is no binary standard for the container code, so there is no interoperability.


Join us at Interop Las Vegas where the mobility track will explore best practices for management of mobile computing today and what's coming in the future. Register today!

Of course, the MAM companies don't necessarily want interoperability, but if there was, then the development tools for secured apps and the management systems for them could be separate. More importantly, secured versions of apps could be deployed through the app stores. For now they must be deployed through an enterprise app store -- a feature often sold separately.

At one point an MAM vendor suggested to me that certain large volume apps, Box for instance, would start to distribute versions of their apps wrapped with that MAM vendor's container in the app store. This would greatly ease the deployment of these apps and be a good deal for the MAM vendor as well. But what about all the other container systems? If there are 20 of them (I don't know about that number but it's possible) are app vendors supposed to maintain 20 versions in the app store?

[Update: I've just been reminded of the Symantec Sealed program which is a program to do pretty much what I propose in this column, albeit with Symantec's MAM implementation (Symantec App Center). In fact, I believe it was Symantec who was the vendor I mentioned in the article as suggesting to me that they would do this.]

So where this idea is going is that it would be good for there to be a containerization standard. A manifest could define which APIs are supported, the secured version could be distributed through the app store — perhaps it would be the only version distributed — and dev tools, management systems and enterprise app stores could compete based on their own merits.

Of course, for the most part the same companies sell these tools together so they don't have much of an interest in dividing them up. But Samsung and BlackBerry — and maybe even Apple — could change this. BlackBerry does sell BES, but it has shown an interest in opening its APIs before and currently its interest lies in spreading the use of its technology by any means necessary. Samsung is already working with third-party MAM companies to support Knox. Apple is nowhere in all this, but could help itself a lot by advancing the standard for security of app management.

Mobile security is a messy phenomenon evolving as you read this through the market. The market is still structured not necessarily to the advantage of the customer, but it's inevitable that it will end up that way, because in the end customers will demand it. That's why I don't think the chaos of multiple container formats will last.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll