Containerization
Our glossary explains basic terms and abbreviations relating to mobile working, the use of smartphones and tablets in the corporate environment (Enterprise Mobility) and security aspects in the use of mobile devices.
Containerization
Separation of an encrypted area on a smart device.
In enterprise mobility management, containerization is the approach of achieving IT compliance of mobile devices used in the enterprise by separating professional user data from private user data.
This is necessary in the case of mixed private and professional use, i.e., when …
- … not exclusively business data is processed (stored) on the company device, i.e., the device was not rolled out in a COBO (corporate-owned, business only) or COSU (corporate-owned, single use) scenario.
- … private devices are also used for business purposes (BYOD = bring your own device).
Data separation and GDPR
The separation of business data from private data in the case of mixed use is necessary, among other things, for compliance with the European GDPR (general data protection regulation).
This is governed by Article 5 of the GDPR, which specifies data integrity, data minimization and storage limits, among other things. Newly added by the GDPR is the so-called accountability obligation, in the context of which the company must be able to provide evidence that it has taken all technical-organizational measures (TOM) for data protection.
“The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”
GDPR Art. 5 (2)
Containerization by means of a dedicated app
One technical option for containerization is the use of a so-called container app. This is software that separates a protected area (container) on the mobile device. As a rule, the container app is administered by IT. One container app that is widely used in German-speaking countries is the SecurePIM software from the Munich-based software company Virtual Solution.
Another option is the use of an MDM solution, which offers significantly more advantages and possibilities compared to dedicated apps at similar costs.
Containerization through an MDM
With most MDM (mobile device management) software, setting up a container is one of the standard features. The following is an example of a container on Android. The protected area is called “Workspace” on Android.
The workspace is more or less a smartphone within a smartphone and has its own screens.
Users can switch between the private area (on the left in the screenshot) and the work area (on the right) by swiping upwards. This is indicated by the two tabs “Personal” and “Work” in the lower screen area.
In addition, applications (apps) that belong to the Workspace are marked by small blue lock icons that symbolize the encryption of these apps (also on the right in the screenshot).
In addition to separating the data streams, an MDM offers far-reaching other functions for managing and configuring mobile devices, such as remote wiping or enforcing password defaults, operating system updates and other security features.