Containerization and mobile threats
Is it simple? No. But containerization is a critical approach to BYOD security.
By Derek Slater
December 20, 2012 — CSO —
For a short and very enjoyable history lesson, watch this Youtube video.
It's the story to a 1930s-era truck driver named Malcom McLean, who tired of sitting in the shipping port for days, waiting for dock workers to unload bales of cotton from his truck. This delay cost him money. McLean had the idea of simply hoisting the entire truckload onto the ship in one fell swoop. This insight ultimately lead to the modern "containerized" approach to shipping.
Pick up the whole container and plop it on the ship! Simple, yes?
Well, no. It took another couple of decades before McLean actually implemented his idea. He had to design the container itself, which was different from a conventional truck trailer of the day. And he had to build an entire ship with a stronger deck to bear the load of stacked metal containers. Because of difficulties of this sort, a lot of people thought McLean's idea was crazy.
As part of our CSO Perspectives series of one-day events, we recently convened a panel of CISOs in Boston to talk about securing mobile computing. One of our esteemed panelists said his company, to deal with the demands of bring-your-own-device (BYOD) movement, is taking the containerization approach. The smartphone or tablet is regarded, for security purposes, as untrusted.
Users can do more or less as they like—they own the devices, after all—but corporate apps and data and network access are isolated from whatever else is on the phone or tablet. Containerized.
I asked the panelist about how off-the-shelf his containerization strategy was. "Not very," was the reply. And indeed, as in McLean's day, the simplicity of the idea conceals a lot of technical concerns. Controls can be implemented at the OS level, the hypervisor level, the application level&
(For more about different approaches to containerization—without too much head-spinning technical detail—check out this useful blog post from Fixmo: http://fixmo.com/blog/2012/05/11/mobile-device-sandboxing-101.)
For all the challenges and decisions, though, containerization still looks like a mission-critical concept for the mobile and BYOD era.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.
Other stories by Derek Slater