For basic mobile access, BNY Mellon uses Good for Enterprise to create an encrypted space on smartphones within which users can run Good's email and calendar client and use a secured browser. "It's a secure container with an app that can send and receive corporate email that's encrypted," says Perkins. All communications are routed through Good's network operations center, which authenticates mobile users.
Good has been offering its basic email and calendaring tools for several years. Late last year, it added the capability for other apps to run within its protected space using the Good Dynamics Platform, but each app must be modified to run in Good's proprietary environment. So far, about a dozen commercial apps are available, including QuickOffice, which is typically used for reading and editing downloaded Microsoft Office file attachments.
Perkins is using Good only for email and calendar -- the "killer apps" for most employees, he says -- and accessing internal, browser-based apps using Good's browser.
For users who need complete access to the corporate network, SharePoint and other services, BNY Mellon uses Fiberlink's MaaS360, a cloud-based MDM system that can take complete control of a user's device. MaaS360 monitors what gets written to and from the operating system, and it blocks access to some personal apps, such as Yahoo Mail and Gmail, when the device is accessing corporate resources.
"When it's on our network, we own it and control it," says Perkins. When used in personal mode, individuals have control over which apps they can use.
Where Apple and Google Stand on Mobile Device Management
Spokesmen for Apple and Google wouldn't comment for attribution in this story, but both pointed Computerworld to resources that might be helpful and offered clarifications by email.
Google Apps for Business, Government and Education administrators can use the Google Apps Control Panel to manage end users' Android, iOS and Windows Mobile devices at the system level. The panel allows the device to sync with Google Apps, encrypts data and configures password settings.
Another tool, called Google Apps Device Policy, enforces security policies such as device encryption and strong passwords, and can also locate, lock and wipe a device. It can also block use of the camera and enforce email retention policies. However, partial wipes of just corporate data are not supported.
MDM vendors can use Google's Android Device Administration API to provide similar controls outside of Google Apps.