Why Virtualized Email Is Safer than ActiveSync Email on Your Personal Devices

If you’re reading this article, there’s a good chance that you own a smartphone and maybe a tablet or two and that you use ActiveSync to retrieve your corporate email through your personal devices. But did you know that both you and your Exchange administrator have the ability to remote wipe not only your email but your entire device?

This actually happened to a consultant friend. The client set him up with a new email account, and he connected to it via his smartphone. When the engagement was completed, the Exchange administrator took it upon himself to perform a remote wipe of his phone without notification. Fortunately, his phone was backed up, so he was able to retrieve his settings, pictures, etc., but it was an unwelcome experience.

From a smartphone user standpoint, you’ve likely breezed past a message that appears when you set up an Exchange-based email account on your personal device. If you stop to read it, the words will appear something like this: “If you’re adding a business Exchange account, your network administrator will be able to remotely delete your content and settings from your phone.”

This feature has been built into email since Exchange 2003 SP2 was released in July 2005; thus, it has existed for nine years. While the intention of this feature was focused on security, such as when a user loses a device, remote wipe may cause smartphone and tablet users to rethink whether to use ActiveSync or virtualized email. Users should likewise be fearful of mobile device management (MDM) solutions because of the remote wipe capability.

If you aren’t feeling alarmed yet, be aware that when Outlook Web Access (OWA) registers your smartphone, it also records the Device ID and IMEI, which are the keys to the kingdom when it comes to cellular communications. This information is readily available to everyone with Exchange administrator permissions, including that new IT guy who doesn’t seem to like you.

If you must access email locally, full Outlook is the only loophole. For example, if you configure email synchronization on a Windows 8.1 device, you’ll see that the inherent Mail capability registers as part of a phone/personal device within OWA and is thus a candidate for remote wipe, whereas full Outlook does not. Similarly, if you access email from your iPad, that email also registers as part of a phone/personal device within OWA. However, for iPad and all other personal devices, keep in mind that accessing email via a virtualized session leaves no possibilities of a remote wipe.

So, virtualized email is suddenly looking like a better option. A much better option. You likely access many of your business apps via either virtual apps or desktops anyway, so this is just one more reason to fully embrace your virtualization infrastructure. Virtualized Outlook leaves no trace on the remote wipe list; from a tracking standpoint, only information such as your IP address and device type is recorded, as well as session information.

While we all agree that email is a critical application for everyone these days and that receiving email via a personal device is fast and easy, maybe it’s time to rethink how to access email on the go. The possibility of a remote wipe of your personal device is just another reason why virtualization makes sense.

Posted in End User Computing, SecurityTagged , , , , ,