Danger, Will Robinson! Beware the hidden perils of BYOD
And we're so nice, we're telling you how to dodge them
The trouble with email
Thin-client operation is fine for many apps, but you really wouldn't want to have to depend on it for the apps you need little and often, email and calendar being the main examples.
Apps, apps, apps: You need devices that can handle common tasks – and more
Similarly, you wouldn't want to allow users simply to connect their smartphones' in-built email programs to your mail server because there is no way you can ever erase any messages they have downloaded.
The answer comes with the sandbox applications from the likes of Good Technology and MobileIron. These applications install on smartphones and connect to an enterprise server in the same way as the BlackBerry, except that instead of managing the entire device you can manage only the applications.
Because the app sits there holding its data in an encrypted archive which can be auto-disabled if the device loses sight of the server for any length of time, you are giving users everything they need while maintaining full control over it.
Furthermore, many of these packages can do cool stuff such as allowing controlled visibility to the rest of the phone into the content of the sandbox. Thus the corporate phone book could be available to the phone's native dialler so the user can look up and call people, but is then hidden if the application decides or is told that the user is no longer allowed to see it.
BYOD file sharing
This final issue is an extension of the problem with application access: you want to be able to access files natively with the mobile device's in-built functions or other popular applications (for example a PDF reader or MS Word viewer), but the files need to be controlled and eradicated if required.
We are back to the sandbox approach, this time with centrally controlled file sharing and file synchronisation tools which can, like email programs, be configured to encrypt data and eradicate it if legitimate access is curtailed.
The chances are that if your company owns the devices you will go for a full-blooded MDM offering because you are perfectly happy with the idea of managing the entire device and blatting its content when you part company with the user.
And if you are working with a BYOD model you may well choose two or three packages as best-of-breed but separate offerings for email, file and application access.
Overall, though, controlling the data created or held at the edge – or in most cases outside the edge – of your network is not rocket science. The technology is out there and you simply need to pick the packages that suit you best. ®
Sponsored: Protecting mobile certificates