Data security remains top of mind for CIOs as they consider how to manage consumerization and BYOD. Earlier this week, I moderated a CIO session for the Rutberg Global Summit in Atlanta, with three CIOs–from the New York Times, UPS and McKesson. Each mentioned how security was a continual investment, even more so with the emerging mobile enterprise. We are seeing the same thing. By far, our most popular enterprise mobile management platform includes a full suite of secure mobile apps that can help enterprises contain and manage their data. Adoption of data containerization is rapidly growing, and with Samsung Knox maturing to a relevant solution, will see continued uptake in the next year. But much is still misunderstood about the different container technologies and methods for securing mobile data. Each container technology has its trade-offs, but some are rising to the top over others. To assess them it’s important to look at these four main areas: cost, availability, security level and user experience.

There are generally two ways to contain data on mobile devices: through hardware or software techniques. Hardware containerization basically runs two systems on a single device-two radios, DSPs, memory, OSes etc. One is used for personal data, one for corporate. Never the two shall meet. So even if the personal side is hit by a virus and can’t even be turned on, the corporate side still works. This is a very strong, secure solution. The problem is that it is not widely available, running two systems is costly and the user experience–switching back and forth between two systems–is poor. The need for this level of security is typically for those industries that have the highest security need, usually driven by regulations. Government, financial services and healthcare are the primary targets.

More popular are the software-based containers, of which there are three types: OS-based, application and thin-client. Some companies are promoting the use of OS-based containers. Usually a form of a hypervisor is used to run two separate OSes (on the same hardware layer)–one for business, one for personal. A single hardware platform keeps costs down; it has a high level of security, virtually separating data. Also, applications don’t need to be rewritten or designed for a specific vendor. But hardware availability is low–not every Android device is supported, the container may be proprietary to specific vendors (i.e. Samsung Knox) and iOS is not supported in this manner.  The user experience of “dual-personas”, though getting better, is not one that companies have accepted yet, so is often rated lower.

In the past year–the idea of application containers has taken off. With app containers, apps can be forced to support enterprise policies (i.e. data movement, cut/copy/paste, encryption standards etc). This supports a moderate to high level of security (hardware-level security is not available). Companies can quickly (in minutes) convert existing apps (via “app wrapping”), or easily add code in to new ones to enforce security and management policies. Plus this works across both iOS and Android devices, so availability is high. We bundle in this app management capability to our MDM platform–so costs are low too. It offers a great UE, most won’t know the app is managed and secured except for restrictions based on security policies. It looks, and (almost) acts the same as ever. Already thousands of managed and secured apps are on the Apple App Store and Google Play. Many users may not even show they are secure–but they are. The biggest drawback here is that each app management vendor has a proprietary method for app management and security. Enterprises get locked into one vendor. Most are already doing this anyway, so a small price to pay.

In the list of application containers, I mentioned a fourth–thin client. This is sometimes not considered a true container, because data isn’t stored locally. At least today. Thin-client containers use web browsers to access data or apps, or are specific apps themselves, like Citrix Receiver. They are very secure because they can be set to erase data once disconnected–so no data remains locally. However, this can be an issue for mobile users who need offline access to data and apps if not connected to the network. In the future–secure data stores can be created to allow for some offline access to apps and content. But otherwise, thin-client containers are excellent–widely available, easy to use, low cost (depending on type) and very secure. More companies–especially those with campus-oriented, or always connected employees as in healthcare, hospitality, banking, education–are using thin-client containers as part of their mobile strategy. This will only increase.

Containerization is gaining speed and adoption in the enterprise. Today the race is on to create secure and easily managed applications that offer the convenience and rich user experience of a personal app, but help enterprise control the security of movement of their data. This will be the next opportunity for vendors in this space, to increase the functionality and UE of secure data, but allow enterprises and users the freedom they need to do their job.