Microsoft also implied a new approach to securing apps. Andrew Conway, senior director of product marketing at Microsoft's Windows Server & Management team, said that a release later this year would include the "ability to wrap policy around applications, giving administrators the ability to define how an application interacts with data and block undesirable functions such as cut and paste to other apps."
Wrapping instead of creating a container to isolate enterprise apps from personal apps is an intriguing technical decision. Wrappers are scripts that enforce security policies on apps without recompiling them. Mobile app developers have been slow to shroud their mobile apps in each MDM vendor's proprietary wrapper because enterprises represent a small audience, and a different wrapper for each MDM vendor fragments their efforts to reach millions. MDM leaders list only about two dozen apps, each of which app developers have wrapped, limiting enterprise app choice. If Microsoft can deliver a wrapping technology that takes the app developer out of the critical path and enables administrators to implement wrappers, every app, proprietary or available from the App Store of Google Play, could be an enterprise app.
Startup cloud MDM service Mobilespaces has a different app philosophy. It has built a container for BYOD enterprise apps called workspaces that is managed by a cloud administrative service. The workspace separates enterprise apps and data from personal apps and encrypts enterprise data. The choice of apps and many security decisions are left to the enterprise. Mobilespaces recently announced that it secured mobile apps for Google's Gmail, Apps, Drive and Hangouts apps in its workspaces.
Mobilespaces's offering leaves the enterprise to choose its apps. Using a cleanly designed admin console, policies can be applied to allow or restrict app installations from the App Store, Play or manually by group policy. Group or individual policies can be set to lock a device based on conditions or specific events, such as the detection of a jailbroken or rooted device or if the USB port is turned to side load applications.
Depending on how you look at this, Mobilespaces either gives the administrator more flexibility in choosing apps or more responsibility in choosing apps that meet the enterprise's security criteria. For instance, Google's suite of apps is secure, but Google doesn't provide policies to restrict their use to a specific device. So, although Mobilespaces can restrict copying and pasting data from Google Apps to the employees' personal app space, it can't restrict using Google's app suite to only its enterprise workspace. This is Google's design choice and it works for its Google Apps customers.
But an enterprise can choose other apps if this were perceived a risk. For example, an enterprise could deploy an email app using Microsoft Active Synch to Exchange to restrict email to a workspace. Or a company could deploy apps like Office 365 or Salesforce in a workspace configured to use a VPN. That way, the cloud service connecting to the app could be configured to restrict access to just the VPN.
Sign up for CIO Asia eNewsletters.