MobileIron announced two new additions to its suite of mobile device management (MDM) and mobile application management (MAM) products on Tuesday: AppConnect and AppTunnel.

The offerings reflect the manner in which IT priorities have evolved as the BYOD phenomenon has accelerated and matured. Early MDM trends focused on securing the device itself, but because a single phone or tablet is of relatively little value from an enterprise perspective, the emphasis has shifted to securing the data. This goal can be a delicate balance, however. Because so many workplace devices are owned by employees, IT needs to be wary of the way corporate content is accessed and handled. Then again, because the devices are not owned by the business, IT also needs to be mindful of privacy.

MobileIron's new products attempt to navigate this difficulty by separating business apps from personal content, an approach that bars company information from being moved into an unauthorized app while also giving IT control over the sanctioned ones. Savid Technologies CEO Mike Davis has previously told InformationWeek that such a separation represents the "holy grail" of mobile device security, so if businesses take to MobileIron's approach, the company could have a hit.

[ Carriers hope tracking and blocking missing mobile phones will deter thieves. Smartphone Anti-Theft Database: What's Enterprise Impact? ]

AppConnect turns each app into a secure, encrypted container. This capability is fairly run-of-the-mill, but MobileIron takes the concept a step further by allowing individual containers to communicate with one another. This effectively creates a larger wrapper around the individual containerized apps, allowing data to be shared among them according to permissions defined by an administrator. Functions such as cut-and-paste, for example, can be turned on or off depending on the user's level of access. AppConnect also allows single sign-on, eliminating the need to authenticate identity for each individual app.

MobileIron allows its wrapper to be implemented after an app has been completed or, for more precise control, via an SDK that allows the technology to be applied during the development process. With custom apps on the rise, many developers are likely to appreciate this flexibility.

AppTunnel, meanwhile, links each container to the corporate network through a secure tunnel. This pathway offers VPN-like protection without actually establishing a VPN or otherwise altering network security settings. Combined with AppConnect, AppTunnel is intended to protect sensitive content in all its states, whether in transit between the network and the device, in motion among individual apps or at rest on the smartphone or tablet.

Parity is fairly high among MDM and MAM products, but 451 Research analyst Chris Morales said in an email that the technology driving AppConnect and AppTunnel is fairly unique. He wrote that other competitors offer services that partially overlap with MobileIron's new products but cited none that offer the same full set of capabilities. He said, for example, that Zenprise offers VPN-like app tunnels but countered that, "[It] is not app-centric really. It tunnels the apps only but terminates to their client." He called Mocana the "closest competitor," noting that it includes app wrapping, data controls and app-centric VPN tunnels. "They don't have content management though," he stated.

Morales also offered that a mix of IT controls, separation of personal and business apps and secure tunneling "is the direction I prefer and would like to see the market go." He predicted that this sort of technology will become more ubiquitous.

Time to patch your security policy to address people bringing their own mobile devices to work. Also in the new Holes In BYOD issue of Dark Reading: Metasploit creator HD Moore has five practical security tips for business travelers. (Free registration required.)