We're looking into whether we should allow employees to BYOD. Our industry necessitates that we run a very secure environment and so we're looking at the risks of BYOD, and we're running some tests on the two device types we plan on supporting (Android & IOS). That said, we'd love to hear from other Zimbra shops who must maintain high levels of security for the devices and data that reside on them, and how you've gone about protecting against loss, theft, etc.

Our main goals are to be able to:
  1. Protect data on devices in a theft or loss scenario
  2. Have the ability to wipe a device remotely
  3. Control an employee's ability to copy restricted data from their phone to a non-company device (e.g. via USB or Bluetooth)


#1
We've found that the iPhone plays nice with our security policies in that it has encryption of local data, accepts our security controls (Zimbra Mobile), and doesn't easily allow a user to remove the controls. On the other hand we have found that Android devices will accept security policies but an employee can easily remove the PIN protection, for example, and as far as we can tell the Zimbra Mobile policy will not be "re-enforced". That leaves the device open and unprotected.

#2
Remote wipe seems to work fine across both types of devices but what we're missing is a confirmation in the Zimbra logs that the device received the command. We've had a couple of incidents over the past year where devices have been lost or stolen and in reality we have no way of knowing if the device was actually wiped remotely.

#3
We don't know of a way to do this so if anyone has any experiences here they would be most welcome.

Is anyone using a 3rd party solution for mobile device management? We would love to hear success & horror stories from you as well.