Originally Posted by cyclmpc
It sounds as if your place needs an official Electronic Policy agreement. This agreement outlines everything we expect our users to understand when using devices, be it a handheld or laptop/desktop etc... It's about a 10 page document, so I cannot put it here. If you want to contact me directly, I could share some of it with you.
Sorry, I should have been clear about that but didn't want to fill up a page. We do have an employee acceptable use policy for IT equipment but it is in serious need of updating as it does not fully address the security risks involved with the personal Smartphone issue.
I've seen a couple of company's documents... but the one that stuck with me was from a Health management company that was about as bad as any Cold-War Era coerced confession. I don't mean to be flippant as I take my network security seriously but the document I reference even stated that the company had the right to confiscate the device in the event that they thought it was being misused! I've opened talks with our legal department about this and am awaiting their input.
As a customer service guy I want my customers happy but as an IT guy these people have no idea the risk they're putting themselves and the company's data in. I get a lot of "So what's the big deal... its just my email and calendar"? When I point out that the last thing we need is for them to lose their shiny new Smartphone and have some clown pick it up and have an open line to our email system, they just shrug their shoulders and go "So"?
Me personally... I'd love to limit it to BB's, i Phone's, and certain Droids. We've tested controlling these with a policy for a forced password and a remote wipe and it worked pretty well. I just don't have the confidence in the control we have with EAS as opposed to the kind we have on the BES.
We've also priced some of the 3rd party apps out there like Zenprise. Its a great product but $$$$$
Thanks for the input! Please keep it coming!