Sandboxed email clients secure mobile devices, manage mobile email

Sandboxed email clients provide secure method for managing corporate mobile email. But, this approach diminishes the value of mobile devices.

Sandboxed email clients on mobile devices can keep work and personal data separate, which makes it easier for IT to manage devices and keep them secure. But some experts worry the approach undermines mobile device functionality.

"[The] majority of our clients are using [sandboxed email] and the feedback that I get is that IT loves it because it's secure, controlled and offers a certain level of safety, but end users hate it," said J Schwan, founder of Chicago-based enterprise mobility and consulting firm, Solstice Consulting.

Email clients that are built into mobile operating systems share information with other applications on the device. That means it's fairly easy for corporate contacts, calendars and emails to be siphoned out of the email client and into various applications, which creates a security concern for IT.

One example is when the mobile social network app Path was caught earlier this year uploading user contacts out of iOS devices and onto their servers.

Using a sandboxed third-party email client could mitigate this type of problem for companies with bring-your-own-device (BYOD) initiatives because the client is essentially firewalled off from the personal apps on the mobile device.

"It's a fine approach if you need to implement policy to corporate email," said Phil Redman, a mobile analyst with Stamford, Conn.-based research firm Gartner Inc. "This is typically necessary for organizations that need the highest degree of security and compliance to regulations like health care, government and financial organizations."

IT can use mobile device management (MDM) or mobile application management (MAM) products to set policy and security controls around the sandbox to protect corporate data.

Is sandboxed email a short-term stopgap?

Apple and Google continue to improve their mobile operating systems with built-in security features to support the division of secure corporate and personal email, while also allowing for native interoperability with other applications.

But sandboxed email diminishes interoperability because the email client can't easily interact with other apps on the device -- which is why end users find it cumbersome, Schwan said.

"It's a stopgap. A short-term solution for addressing the needs of IT," Schwan said.

Others agree with that sentiment.

"Sandboxed email kind of defeats the purpose of a mobile ecosystem where functionality is interconnected," said Benjamin Robbins, a principal at Palador Inc., a mobile consulting firm based in Seattle.

"I can see why IT may want to make sure other apps aren't tied into the native mail client, but most of what we write and do digitally just isn't that important. For the most part, I think people overrate their need for security, or rather the importance of their emails," he added.

With any mobile initiative, Robbins said, organizations need to understand how employees intend to use the device and apps to plan a BYOD policy, which may or may not include a corporate sandboxed email approach.

More sandboxed email clients surface

There are a number of sandbox email apps available. Good Technology is most prominent and its standalone client works on iOS, Android and Windows Phone; NitroDesk Inc.'s TouchDown is an Android email application that integrates with a variety of Active Sync email servers and is often bundled by MDM providers into their products; Enterproid Inc.'s Divide application not only creates a sandboxed email client, but also creates an encrypted work container for all business applications.

Citrix Systems Inc. plans to release a sandboxed email client in September. Upon initial release, the mobile email client will only work with Exchange server, but the company said it does have plans to support all Active Sync-enabled email programs, such as Lotus Notes Traveler.

Mobile device users will be able to open the Citrix Receiver application and have access to a secure, corporate email program that also integrates with ShareFile for data. IT will be able to manage and wrap policy around it through CloudGateway and Citrix's MDX protocol.

The combination of Receiver, ShareFile and CloudGateway, plus the upcoming email client gives Citrix customers an interesting mobile management offering, Redman said, because the Citrix container essentially becomes the work layer on the endpoint device.

At the same time, not every organization has investments in Citrix, and because the company's sandboxed email client can't be installed to devices as a standalone mobile application, it's very limited in its appeal.

Dig Deeper on Enterprise mobile app strategy

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

6 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What's the best approach to managing corporate email on mobile devices?
Cancel
Minimize it. Mobile devices - especially smartphones - are emblematic of an 'instant' culture, and most emails sent on them won't be especially long or thought-out. If the matter is something that needs someone's full attention, it should be delivered in a way that supports this - and if it doesn't need their attention, then why is it being sent to them in the first place? Oh, and don't forget security - it's surprising how many companies fail to properly secure the email accounts on their mobile devices, and that makes them far easier to tap into, especially on devices that are easily stolen.
Cancel
Allow interoperability withouth compromise on security. In a sandbox is safe but it's not the best use of any application. Should set a higher on the capability of IT management professionals.
Cancel
Either container or VDI like citrix, configured to keep data off the device
Cancel
A sandbox model that uses the Trust Zone capabilities of some processors would be a great solution.
Cancel
why is sandboxing or containerization different from MAM?
Not sure how RIM is a category in itself.
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close