Skip to main content

Breaking down the Apple approach to containerization

Posted in: Casper Suite, Jamf Pro

When it comes to technology, security and usability can often be seen as opposing forces — especially by users. But this doesn’t have to be the case if they are managed appropriately. The challenge is striking the right balance between the two.

Today, many enterprise mobility management solutions deploy container solutions to enforce strong security on devices. These container applications require that users leverage non-native applications to access content, messaging, mail, and other technology tools. The issue is that this method is not popular with users, who generally prefer a more natural and uninterrupted native experience on their device.

Built-in native containers

A delightful and engaging user experience drives every decision that Apple makes with their products and technologies. When using Apple devices in an enterprise environment, Apple wants that same delightful experience to be preserved for users. Apple also recognizes that security plays a huge role in that experience, and innovates strong security features for both users and enterprises.

Among these security features is a native container solution that is built into Apple operating systems, allowing users to fluidly and seamlessly move through the Apple ecosystem without the usual hindrance of a container.

Wait, Apple provides a secure container, you ask? Many would argue against this fact, but only because Apple’s container is implemented in a very different way than most — integrated directly into the core of the operating system.

Securely and freely move content

The job of a container is to prevent a user from sharing sensitive content from a work-related application to an unsecured application. For most software companies that build container applications, this is done by creating an independent app that stands alone and prevents users from sharing the app’s content.

Apple takes a different approach, one that does not prevent users from sharing content across applications. In fact, new app extension features would likely be very hindered by such a firm posture of control.

Instead, Apple has created tools that allow users to use native and other trusted third-party applications to move data between applications without allowing it to be shared with untrusted applications. Instead of having a single non-native app that is containerized, IT can choose a selected group of apps that are containerized within the ecosystem. With iOS 8, Apple has extended this functionality to content downloaded from the web via Safari and Mail. Apple calls these features “managed open-in” and “managed domains.”

Supported containers without intrusion

Apple has now created a scenario where IT administrators can work with both users and security officials to select powerful apps that are still trusted and supported. These apps can then be pushed to users—or made available through on-demand enterprise app catalogs—and ensure that users can only share data between trusted and supported applications.

Wouldn't it be nice to be able to containerize and secure data without a user even being aware? With these new management framework capabilities in the Apple ecosystem, we’re already there.