As the use of smartphones and tablets becomes mainstream in enterprises, organizations need to address some fundamental security concerns. While we have yet to see these devices succumb to malware threats in the way that previous endpoints have, there are legitimate data protection issues associated with their use. Between June 2012 and June 2013, travelers lost more than 10,000 electronic devices, including laptops, mobile phones, and tablets, in just the world’s seven largest airports, according to Airport Lost and Found, a global database.
Mobile Device Management (MDM) products gained early traction in the enterprise as a means to address some of the security and management issues associated with the use of consumer mobile devices on corporate networks. While MDM can solve some problems, in spite of being a fairly heavy-handed approach, it does not allow for the fine-grained security controls that many enterprises require.
Enterprises are beginning to look to application level controls to handle the most pressing security problems associated with mobile devices, namely data isolation and protection. Secure workspaces are an emerging option for addressing these needs, but a good level of market confusion exists. This is due to several factors, including the use of very different technical approaches, a lack of agreed on product segment naming conventions (e.g., secure workspace, dual persona, containerization), and more recently the introduction of data isolation features within off-the-shelf mobile devices.
At a minimum, secure workspaces must support the following features: authentication and access control; a workspace level (as opposed to a device level); VPN connection; encryption of data at rest; and policy controls that can enforce data protections, such as restricting the applications in which a document may open, or from which applications text may be copied and pasted.
Vendors are approaching the secure workspace market with a wide range of technical approaches that can have very different device and infrastructure requirements. When considering secure workspace solutions, enterprises should use the following set of questions as a starting point:
- Application choice: are third party and custom apps supported?
- Device agnostic: does the product work only on specific devices?
- OS Build agnostic: can the product work on off-the-shelf versions of Android and iOS?
- Security features: what level of security and data isolation does the product support?
- Device performance: Does the product impact battery life, performance, or product feature usability?
- Installation requirements: What are the components of the solution beyond client software, and where do these components reside?
- Leverage existing infrastructure: Can the product leverage existing corporate infrastructure investments, such as Microsoft Active Directory and Microsoft Exchange ActiveSync (EAS)?
For a more detailed overview of the secure workspace market, take a look at the recent analyst brief "Need for Data Isolation Drives Market Innovation".
Image Credit: nenetus/Shutterstock
For the last 18 years, NSS Labs’ Research Director Andrew Braunberg has focused on the market landscape, trends and innovations in technology, initially as a technology journalist and then as Research Director at Current Analysis for the Business Technology and Software group. His core areas of focus include Enterprise Mobility and Network Security. Andrew holds a BS from Rensselaer Polytechnic Institute in Engineering Physics, and a MA from George Washington University in Science, Technology, and Public Policy.