Isolating Corporate Data on Consumer Devices

Consumer devices have become standard in the enterprise, regardless of how they are provided – by the organization or the employee themselves. This change requires new ways to isolate, manage and secure corporate information and data. One approach is ‘containerization’, in which you place a virtual container on the device separating the organizational data from the employee’s personal information.

 

Consumer devices have become standard in the enterprise, regardless of how they are provided – by the organization or the employee themselves. This change requires new ways to isolate, manage and secure corporate information and data. One approach is ‘containerization’, in which you place a virtual container on the device separating the organizational data from the employee’s personal information. Although sound from an IT standpoint, there’s been push-back from end-users when it comes to mobile devices, and phones in particular. If users have to perform too many clicks to get to the data they want or if they have to use the phone in a way that’s alien to them, they’ll simply stop using it.

Worse than that, they’ll deploy some workaround and expose the organization to potential risks of malware and data loss. So what’s the best approach to manage an ‘unmanaged’ device? The most important aspects are the apps themselves, the data that resides within apps and the control and management of those apps. Today, a user can go to an app store and download one of many Salesforce apps available. They can log on and start using it, but in doing so they introduce risk as data could be flowing over the internet unsecured. However, if IT has pushed a company-approved Salesforce app to the user through an enterprise mobility management solution such as Snow Device Manager, it becomes a ‘managed’ app.

Now, when users open Salesforce on their device, a VPN tunnel is established,  so rather than the data going through the public internet, it flows through the organization’s network. All this happens without any degradation in user experience. The VPN does not alter how a user interacts with the app, but in the background IT is able to monitor usage of it, in the knowledge that all data is encrypted and secure.

Also, the IT team is able to wipe the device remotely without any interaction from the user (in case the device is lost or the individual is no longer an employee). The biggest difference between a company-approved app and an app ‘out there’ on the internet lies in the way users initially get the app. 

The managed app would be pushed to their device, rather than be downloaded from an app store by the users. They could also get the secured apps from a self-service browser-based portal managed by the organization.

Here, the only ‘intrusive’ part in the process is the need to create a profile – user name and password – to verify that the user has the right permissions to download the apps. Once that’s done the user can download any number of apps from the portal without introducing any risk to the organization. In essence, each secured app becomes an individually containerized solution, giving the organization all the controls it needs over the app while empowering the individual to access the data and information he needs to be productive.

To learn more about containerization and what an Enterprise Mobility Management solution can do for your organization contact a Snow SAM specialist today.