Thursday, November 10, 2016

Containerization on Android devices with WSO2 Enterprise Mobility Manager (EMM)

Data security is one of the main concerns of organizations today. With the increasing use of mobile devices for work organizations are faced with the challenge of protecting confidential corporate data that is accessible through mobile devices.

If the organization allows corporate data access only via COPE devices, then they would have control over the device as well as the ability to perform security measures such as device wipes if the device is lost. However, in most organizations employees are allowed to access company data (e.g: email, shared drives etc.) on their personal devices. This is more cost effective for the company as well as helps improve the productivity as well.

However, allowing data access on BYOD raises concerns on both sides. From the organization point of view they are concerned about data security and need to implement measures such as limiting certain apps and enabling features such as remote device wipe. On the employees point of view they are reluctant to allow the organization gain total control of their device and allow app restrictions and remote wipe.

With version 2.2.0 WSO2 EMM will provide a solution to this problem using containerization using 'Android for Work'. With Containerization you can maintain a separate space within the device for corporate apps/data. This container provides total data isolation and can be managed separately by the organization. With this approach the company will not be able to access the personal space of the user's device, but would be able to manage the work profile. For example the company may decide to disable some apps on the work profile, but that would not prevent the user from using those apps in his/her personal space. There will be no data or context sharing between the apps run within and outside of the work profile. The work profile will be saved as encrypted files on the device. Therefore, the corporate data cannot be accessed outside of the container. If the organization wishes they can remote-wipe the corporate data on the device; this would not however effect the users personal data outside of the container.