I do not understand one parameter in mdm comparison list. iOS5 features – sandboxed email.
I can not find on any mdm (except Goods, Excitor that offer sandboxed solutions) site info about such a feature. Probably I misunderstand this feature due to my lack of knowledge of iOS. Could somebody explain me what is ment by sandboxed email?
In most high-security environments, you want to verify that the data "at rest" on any device or in transmission is always in an encrypted form.
Sandboxed email refers to a high-security email feature - these vendors provide an App that encrypts your email within the App, as well as ensures there is a secure delivery mechanism to and from the mail server as well. So in this instance you wouldn't check your email in "Mail.app" - you'd check your email in the Good For Enterprise App.
Good For Enterprise for instance has a gateway product with Microsoft Exchange and other mail servers that assures the data is encrypted on the iOS devices, other mobile and desktop platforms, as well as in transit.
Additionally, they will have a feature where the App is installed on a personal device, the Administrator can erase all the "Corporate" data stored within the App provided by the Corporate entity, without needing to remote wipe the entire phone and erase a user's personal information.
I don't have any preference for Good - but they have a reasonable description of their product here:
Hope that helps!
Thank you for your answer David. I understand Goods approach. I was more wondering about product that has a different approach (not container based) and are mentioned in this web site MDM comparison list and has a tick in iOS5 features- snadboxed email. I whant to know how this feature works.
MobileIron, Sybase, Airwatch. MaaS360, Soti, Zenprise, Wavelink, and Tangoe all integrate into Nitrodesk's touchdown client which sandboxes all exchange data(email, contacts, calendar, etc..) They will claim they sandbox through the integration of the touchdown client. There isn't much information about the integration, but here is a link to Nitrodesk's MDM integration page http://nitrodesk.com/mdm.aspx .
Thanks for asking the question. I see now that the term is a bit ambiguous. The definition I intended was included in a summary of iOS 5's new mobileconfig keys:
PreventMove, if set to true, forces this email account into a fence. That is, messages received by this account cannot be moved into another account. This also prevents forwarding or replying from a different account than the original account.
PreventAppSheet, if set to true, prevents this account from being used in third-party applications.
These features were added to the standard mobileconfig spec by Apple iOS 5. The checkbox on the. MDM comparison is supposed to indicate that the vendor exposes these settings. (But since vendors tend to fill out the forms themselves, they may have misinterpreted this. Please help fix the charts if you see errors.)
Aaron Freimark, Enterprise iOS founder & Tekserve CTO
Thank you Aaron! Now its clear for me. I will try to more ask to particular MDM companies that interest me about this feature. But thank you for answer!!
To Barry: if I am not mistaken I think Touchdown is for Android devices. But thanks for info also!
Zane, most leading MDM players partner with Nitrodesk. End users purchase their TouchDown software from NitroDesk as well.
Also iOS already essentially containerizes the entire device including native apps to eliminate the need for a 3rd party app (like Good) that changes the native user interface and overall user experience.
Today TouchDown is for Android, other OS variations likely in the future.
Does anyone know why the iOS PreventMove and PreventAppSheet configurations are not end-user configurable settings either for an individual email profile, or across all profiles?
Is something coming in iOS6 for this?
How do you mean that iOS this
Also iOS already essentially containerizes the entire device including native apps
If that was the case then no one would be looking for MDM players to manage the devices and ensure they are secure.
Besides a secure container means that you do not need to lock down the device, but instead keep all your secure data within the contain.
The world is changing and the secure container and or the mobile virtualization solutions will lessen the need for heavy MDM solutions.
bitzer mobile http://bitzermobile.com/
Mail+ for ActiveSync http://www.ikonicapps.com/enterprise.html
Just to list a few
Since MDM is limited by mfg API most pure play MDM vendors are likely to end up holding "bag of APIs". Mobile App mgmt and app wrapping starts to get at the crux of the problem imho as well as a scalable Mobile Content Solution (cloud, premise and hybrid). Dual persona as Grimesdr mentions is yet another play for bring your app/device play.
Appears this industry will be moving towards this EMM/Mobility Management software vision (rewind to system management playbook in last computing generation) as evidenced by many point players trying to bolt on App or Content or Browser functionality for their SME customer base.