Creating a Secure ‘Sandbox’ on Employee Devices

Just two years ago, containerization was in its infancy, Suby says. But today, 20 percent of companies use some form of containerization on their mobile devices, according to a 2012 survey conducted by Frost and the International Information Systems Security Certification Consortium, a professional group. And that number of organizations tapping container technology is expected to rise as more companies adopt BYOD policies.

“Companies needed to find a way to exert control over their data,” Suby says. “Creating pockets of control on end-user devices is one way to achieve that.”

Sarah Fister Gale is a freelance writer based in the Chicago area. To comment, email editors@workforce.com. Follow Workforce on Twitter at @workforcenews.

Instead of banning risky apps, many companies create password-encrypted environments on users’ mobile devices. These isolated virtual workspaces, sometimes called “containers” or “sandboxes,” allow users to manage corporate data and run business apps including their corporate email and meeting software, without having them intermingle with personal data.

The technique lets users have dual personas on their devices, explains Michael Suby, vice president of research for Stratecast, a division of consulting firm Frost & Sullivan.

The business apps in the container can communicate with each other, but cannot exchange data with external apps. The information technology team is also able to monitor and control all the data that goes in and out of the container, and can remote-wipe that section of the device, while leaving the rest of it intact.

“It’s an evolution in mobile device management,” Suby says. And adoption of so-called “containerization” is on the rise.