App Wrapping is A Form of Containerization

In the wake of the BYOD (bring your own device) movement, Gartner has had a lot to say about containerization. The research firm listed it as one of the seven key components to look for in an enterprise mobility solution, and since then we’ve been fielding a lot of questions about what it is and how it works.

What is containerization?

When employees use their personal mobile devices for business purposes, enterprise apps and data become vulnerable if the right management policies are not in place. The aim of containerization is to separate personal and corporate data through a series of technological features. This can include things such as; encryption, authentication, and other measures to protect from data leakage.

By making applications members of a container, corporate information can be protected in cases where the employee loses the device, cuts ties with the company, or in any number of other scenarios. Some argue that this makes it easier to enforce mobile application security policies.

This approach, however, is not without its pitfalls, specifically when it comes to usability. Requiring users to switch in and out of a container between work and personal use is cumbersome, frustrating and generally leads to user abandonment and work-arounds. Device-implemented containerization can adversely affect performance, battery life, and the UX. Furthermore, it offers little protection from rooted or jailbroken devices. Then there are the problems that arise from enforcing policies on a device that is owned by the user, not the organization. Apps can also require additional work from developers to prepare them to work within a device-implemented container.

Where app wrapping fits in

App wrapping is a type of containerization and can used to isolate individual enterprise apps and data at the app-level, not the device-level. The granularity of app wrapping makes it well suited to a BYOD environment. By working at an app-level to support mobile application management (MAM™) and institute security policies, employing app wrapping gives you all the benefits of containerization without the disadvantages.

From a technical standpoint, an Apperian wrapped app is “injected” with dynamic libraries, or “policies” to extend it with various security capabilities (e.g. encryption, authentication, VPN connections. etc.) or other behaviors (such as geolocation, self-updating and app-remote control).. These libraries are layered over the native binary of the application and are added after the application is compiled, meaning developers don’t need to become subject experts in FIPS-140 encryption, for example. In fact, it’s a non-technical Apperian administrator who applies these polices – no coding or SDK required. The end result is an app that is both secured and easily managed by an administrator.

Because app wrapping is not implemented on a device level, and in fact, users generally don’t know their apps have been wrapped and can still enjoy administrative control over the device they own. At the same time, organization can be rest assured that their apps and data are secure.

With BYOD more commonplace than ever, it only makes sense to move on from intrusive device-level management approaches to more contemporary application-level security strategies like app wrapping. Together with a comprehensive app lifecycle management suite, business leaders can create an environment where BYOD has the opportunity to flourish and stay safe..

Tags: , , , , ,

Stephen Skidmore
Stephen is the director of product marketing at Apperian.
  • http://ezbusy.blogspot.fr Kevin Gilles

    This post is really interesting, though I’m wondering, if your app store can deploy apps in the easiest way, how to deploy your App Store in the easiest way ? Shall it be done manually if the enterprise owns over 10k devices ?

    • apperian

      When a user is enrolled for the first time, they are sent an email
      invitation, which contains a link to download our App Store. First time
      users are asked to set a password OR if enterprise SSO is enabled, they
      enter their corporate credentials.