Jamf Blog
An illustration of a person in full lotus, in yoga clothes on one half of their body and in work clothes on the other, working on a MacBook managed by Jamf.
July 24, 2023 by Haddayr Copley-Woods

Protect company data and user privacy with iOS containerization.

It’s no secret that Apple devices are seeing an upsurge in attacks as more and more organizations select Apple for their enterprise companies. To protect company data while preserving employee privacy, take advantage of Apple’s iOS containerization.

What is containerization?

Containerization, in its general sense, is the ability to keep certain types of apps and data completely separate from others on a device used for work. Apps and data managed by an organization are kept partitioned from apps and data that belong to an individual employee.

What is the purpose of containerization?

Containerization keeps company and individual data separate on devices used for work and for personal use. This allows companies to control access to their own apps and data without also managing an employee’s data and apps for personal use.

How does Apple containerize?

Apple, combined with an MDM such as Jamf Pro, puts device data and apps into separate volumes on iOS and iPad: managed and unmanaged. This allows companies to manage their own data and apps while leaving employee contacts, location and personal apps untouched.

With MDM containerization and Apple’s volumes, there is an unbreakable separation between the two types of apps and data. It is not possible, for instance, for a user to copy and paste between these two sides.

How does iOS containerization affect the user experience?

Thanks to Apple’s focus on the user experience, employees can take advantage of this feature without having to sign in and out of each side or manually switch between work and personal interfaces. With containerized apps, although work and personal data are completely isolated from one another, employees use their devices just as they always have.

Because Apple already has separate volume capabilities as part of its operating system, no outside client is required. Just Apple and an MDM.

If you’d like more detail on how Apple helps to manage corporate data and employee-owned devices, read Apple’s paper “Managing Devices and Corporate Data.”

What are the advantages of containerization?

Containerization protects both organizations and individual employees.

Containerization advantages for business

  • When organizations are able to manage access to their networks, data and apps, they sharply mitigate risk while also enabling their employees to work from anywhere and on their preferred devices.
  • With Jamf Pro, organizations have complete control of company apps and data, along with the ability to further restrict access to sensitive data based on Smart Groups and configuration profiles.
  • Organizations can also ensure that devices and individuals are trusted and verified before entering the network without controlling an employee’s personal use.

Containerization advantages for employees

Containerization means that employers are able to manage only the work-related portion of an employee’s device.

  • Workers can enjoy the convenience of one device for work and personal use without worrying about an employer tracking or spying on them.
  • With containerization using separate Apple volumes, even if a company wished to access an employee’s location, read their texts, or discover which personal apps they are using, they would be unable to do so.
  • And staff doesn’t have to worry about accidentally sending sensitive information outside of the organization, or sending personal information to business associates.

Why containerization is important in BYOD

Containerization is more than just important in BYOD. It’s absolutely essential.

Many companies like the idea of allowing individuals to use their own devices. Employees who participate in BYOD programs at work not only shoulder the cost of devices, but they also experience a boost in productivity, by and large.

However, companies must take care to protect their networks and sensitive data on all devices— not just company-owned. And they must do so while also assuring employees that they will not attempt to surveil them or track their locations.

For employee buy-in, organizations must be able to convince them that they are enabling work, not spying on them. Containerization is how they can do exactly that.

And for organizations to trust in their BYOD programs, containerization allows for all of the security and access controls that a company needs while also protecting employee privacy.

Jamf can help you take advantage of containerization in your BYOD program.

Photo of Haddayr Copley-Woods
Haddayr Copley-Woods
Haddayr Copley-Woods is a senior copywriter at Jamf. She writes about tech, specializing in Apple and Jamf with a focus on education, accessibility and security.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.