Sandboxing’s Potential To Empower Bring Your Own Device Policies

A couple of years ago, we separated our “technology division” into two groups: IT Engineering and IT Operations. The dividing line between the two is the production environment. Any new technology is architected by our Engineering group before it goes into production. Once something is in production it belongs to IT Operations and it cannot be touched without going through the change management process.

Here is an example of the IT Engineering group doing a good job:

All IT organizations are seeing a mounting desire for employees to use their own devices (especially iPads) in the workplace. When I recognized that this demand would be huge, I began advocating to connect Android and iOS devices to our Exchange Server via ActiveSync. I went to the Engineering team, who (as I mentioned) is charged with evaluating new technologies before they go into production.

To their credit, they said the vanilla approach to device connectivity would not meet our security expectations. They told me the only way we could safely manage employee-owned devices would be through a device management system that would sandbox the organization’s data, protecting it from security flaws, malware and poor user security practices. They also told me this would only cover the Exchange connectivity use case, and that any other use cases would require further analysis (and perhaps additional expense).

I was disheartened to learn about the added cost, but I would much rather surface that with our executives so we can make a fully informed decision, rather than spring a surprise expense on them later.