Many organizations allow people to use the same mobile device for personal and business purposes because it’s more convenient and can boost productivity.
The coexistence of corporate and private applications on the same device can, however, raise concerns about the security of the work data as well as the privacy of users.
What is Containerization?
It is beneficial for both the device users and IT organizations to draw a clear line between work and non-work related activities on a mobile device by separating the business and personal apps from each other. This security strategy is known as containerization.
How to Control the Flow of Business and Personal Data on iOS/iPadOS Devices?
Unlike for Android, there is no need to create a dedicated Work Profile container or workspace for business apps on Apple devices. Instead, on the Apple iPhones and iPads, work and personal data are managed separately without segmenting the user’s experience. Apple’s framework in the device’s operating system allows IT organizations to secure business data with a light touch through MDM software like Miradore. No separate Client is needed because the framework is part of the operating system.
Managed Apps vs. Unmanaged Apps
iPadOS and iOS operating systems categorize applications into two categories: managed and unmanaged.
Managed apps are applications deployed by the organization’s IT department using Miradore or some other MDM software. The managed apps can be any apps deployed from the App Store or custom in-house applications installed over-the-air. The managed apps can be remotely configured, updated, or removed from the devices through the MDM. Mail clients, communications software and office apps are typical examples of managed apps.
Unmanaged apps, on the other hand, are personal applications installed by the device user.
Prevent Data Transfer between Managed and Unmanaged Apps
Device users can, by default, move data and contents between managed and unmanaged apps freely as they see fit.
With Miradore, you easily apply restrictions to protect company data and users’ privacy. You can do this by denying the data transfer between managed and unmanaged apps on devices that are used for both work and personal matters. The devices don’t even have to be supervised.
- Navigate to Management > Configuration Profiles on your Miradore site, and create a Restriction profile (Add > iOS > Restrictions).
2. Switch to the Security and privacy tab and check the Deny documents from managed sources in unmanaged destination and Deny documents from unmanaged sources in managed destination fields. See the picture and field tooltips for more. After applying these restrictions, device users cannot open data from managed apps in unmanaged apps or vice versa. The users still can open managed documents using other managed apps and unmanaged documents using other unmanaged apps.
3. In addition to the above-mentioned restrictions, you can also consider implementing the following restrictions for added security:
On the Device functionality tab:
- AirDrop: Force unmanaged drop target: This restriction specifies if AirDrop should be considered an unmanaged drop target.
- Deny screen capture: This restriction prevents users from saving a screenshot of the device screen. This restriction affects the whole device, no matter whether the user has unmanaged or managed apps open.
On the iCloud tab:
- Deny managed apps sync: This restriction prevents data sync from managed apps to iCloud.
4. Lastly, remember to deploy the restrictions configuration profile to the desired devices. You can do that easily from the Devices page using the Deploy > Deploy configuration profile option.