Sandboxed email clients on mobile devices can keep work and personal data separate, which makes it easier for IT to manage devices and keep them secure. But some experts worry the approach undermines mobile device functionality.
"[The] majority of our clients are using [sandboxed email] and the feedback that I get is that IT loves it because it's secure, controlled and offers a certain level of safety, but end users hate it," said J Schwan, founder of Chicago-based enterprise mobility and consulting firm, Solstice Consulting.
Email clients that are built into mobile operating systems share information with other applications on the device. That means it's fairly easy for corporate contacts, calendars and emails to be siphoned out of the email client and into various applications, which creates a security concern for IT.
One example is when the mobile social network app Path was caught earlier this year uploading user contacts out of iOS devices and onto their servers.
Using a sandboxed third-party email client could mitigate this type of problem for companies with bring-your-own-device (BYOD) initiatives because the client is essentially firewalled off from the personal apps on the mobile device.
"It's a fine approach if you need to implement policy to corporate email," said Phil Redman, a mobile analyst with Stamford, Conn.-based research firm Gartner Inc. "This is typically necessary for organizations that need the highest degree of security and compliance to regulations like health care, government and financial organizations."
Is sandboxed email a short-term stopgap?
Apple and Google continue to improve their mobile operating systems with built-in security features to support the division of secure corporate and personal email, while also allowing for native interoperability with other applications.
But sandboxed email diminishes interoperability because the email client can't easily interact with other apps on the device -- which is why end users find it cumbersome, Schwan said.
Product reviews from
"It's a stopgap. A short-term solution for addressing the needs of IT," Schwan said.
Others agree with that sentiment.
"Sandboxed email kind of defeats the purpose of a mobile ecosystem where functionality is interconnected," said Benjamin Robbins, a principal at Palador Inc., a mobile consulting firm based in Seattle.
"I can see why IT may want to make sure other apps aren't tied into the native mail client, but most of what we write and do digitally just isn't that important. For the most part, I think people overrate their need for security, or rather the importance of their emails," he added.
With any mobile initiative, Robbins said, organizations need to understand how employees intend to use the device and apps to plan a BYOD policy, which may or may not include a corporate sandboxed email approach.
More sandboxed email clients surface
There are a number of sandbox email apps available. Good Technology is most prominent and its standalone client works on iOS, Android and Windows Phone; NitroDesk Inc.'s TouchDown is an Android email application that integrates with a variety of Active Sync email servers and is often bundled by MDM providers into their products; Enterproid Inc.'s Divide application not only creates a sandboxed email client, but also creates an encrypted work container for all business applications.
Citrix Systems Inc. plans to release a sandboxed email client in September. Upon initial release, the mobile email client will only work with Exchange server, but the company said it does have plans to support all Active Sync-enabled email programs, such as Lotus Notes Traveler.
Mobile device users will be able to open the Citrix Receiver application and have access to a secure, corporate email program that also integrates with ShareFile for data. IT will be able to manage and wrap policy around it through CloudGateway and Citrix's MDX protocol.
The combination of Receiver, ShareFile and CloudGateway, plus the upcoming email client gives Citrix customers an interesting mobile management offering, Redman said, because the Citrix container essentially becomes the work layer on the endpoint device.
At the same time, not every organization has investments in Citrix, and because the company's sandboxed email client can't be installed to devices as a standalone mobile application, it's very limited in its appeal.