Policy-based secure containers for multiple enterprise applications

摘要

Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

主权项

1. A client computing device for applying enterprise policies to applications comprising:
trust agent circuitry to send device attribute information that identifies attributes of the client computing device to an enterprise policy server, wherein the device attribute information is indicative of a hardware component of the client computing device or a software environment of the client computing device; and security management circuitry to:
send a request for an enterprise application to the enterprise policy server in response to receipt of a user request for a session with the enterprise application, wherein the enterprise application is to access enterprise data;receive a security policy for the enterprise application from the enterprise policy server in response to sending of the device attribute information and the request for access to the enterprise application;determine whether a secure container exists on the client computing device for the security policy;construct the secure container on the client computing device for the security policy in response to a determination that the secure container does not exist; andadd the enterprise application to the secure container; wherein the secure container is to enforce the security policy while the enterprise application is executed on the client computing device.