ActiveSync on Android allows corporate to force compliance with security policy and allow remote wipe. User cannot complete the exchange account setup without permitting the controls. If the user doesn't agree their sync isn't enabled. Moreover, if corporate requirements change sync is disabled until you approve again. That seems like it covers all the bases to me. Sent from my Verizon Wireless Phone -----Original message----- From: Andrea Gozzi <mls@vp44.net> To: Jamie Bowden <jamie@photon.com>, Christopher Morrow <morrowc.lists@gmail.com>, Jay Ashworth <jra@baylink.com> Cc: NANOG <nanog@nanog.org> Sent: Thu, Oct 13, 2011 17:02:53 GMT+00:00 Subject: Re: NANOG:RE: [outages] News item: Blackberry services down worldwide Can't but agree with Jamie. The ability to centralize management for all Blackberry users and _force_ them to comply with company policy (it's an investment bank) saved us lot of hassle when, and it happens regularly, people lose their handsets. Otherwise, it would be all unencrypted, unmonitored and unprotected access points to customer's private data. Some of our representatives recently switched to iphones, but nobody from management will ever be allowed anything than a Blackberry. Andrea On 10/13/11 5:55 PM, "Jamie Bowden" wrote:
-----Original Message----- From: Christopher Morrow [mailto:morrowc.lists@gmail.com] Sent: Thursday, October 13, 2011 11:36 AM To: Jay Ashworth Cc: NANOG Subject: Re: [outages] News item: Blackberry services down worldwide
----- Original Message -----
From: "Jamie Bowden"
Someday either Google or Apple will get off their rear ends and roll out an end to end encrypted service
plugs into corporate email/calendar/workgroup services and we can all gladly toss these horrid little devices in the recycle bins where
On Thu, Oct 13, 2011 at 11:13 AM, Jay Ashworth wrote: that they
belong.
I'm fairly sure K-9 does GPG, at least for the email
plus normal mail + k9 will do TLS on SMTP and IMAP... or they both do with my mail server just fine. (idevices seeem to also do this well enough)
It's possible that the 'encryption' comment from Jamie is really about encrypting the actual device... which I believe Android[0] will do, I don't know if idevices do though.
As of 2.3[.x?] (can't remember if it's a sub release that intro'd this), Android devices can be wholly encrypted, though I don't know if they are by default. All these kludges are great on a small scale, but the BES does end to end encryption for transmission, plugs into Exchange, Lotus, Sametime, proxies internal http[s], and lets us manage policies and push out software updates from a central management point. When it works, it's also scalable, which matters when you have thousands of devices to manage.
Jamie