Tony D. • As someone with extensive experience of all 4 platforms - Microsoft Windows Phone devices are more stable than both Android and iPhone - especially in terms of application stability.

Windows Phone also has much lower security vulnerability counts. Over 300 vulnerabilties across all versions of IOS for instance. Versus only a couple across all versions of Windows Mobile and Windows Phone. (See Secunia.org).

In those regards, Windows Phone is very similar to Blackberry.

Stephen B. • Robert, well put and true. Security goes out the window anyway when the user will try do more work on their preferred platform. Its a balance between security, preferred device and employee acceptance (adoption, data quality, overall job satisfaction).
The argument is a little mute as it does depend on the security requirements of the companies work, working on a nuclear submarine project is slightly different to managing a chain of pubs.
The major challenge is that graduates will not join companies that do not have social acceptance or strategies in place, which drive platform requirements. This could result in you having a lot of secure devices and no staff.
Loving the disruption.

Jeff N. • BYOD is the way to go. User preferences with Device, OS, and Carrier are solved. Yes, there are numerous support and security issues with the BYOD model. However, most people understand how to use and support their own device or they should not own one.

As for security, having a MDM solution in place will close the gap, but if you don't have a DLP solution in place for the end-point, then the smartphone is only one source of concern.

No comment on RIM.

Robert A. • What about legal issues when you wipe a ex-employees device without his consent. You just accessed a computing device without his consent which could possibly lead to legal, and civil liability.

What if the person is running a "rooted" device. The device takes down your network. The device could be running a honeypot, or the device is set in snoop mode. These devices are powerful devices with CPU, Storage, and Connectivity.

Robert A. • Personally, I would just want the carriers to sell me bandwidth, and ip address(s). I would want my employees using a SIP client on the phone for company business. My other issue is security, what happens if they are using Google Voice on top of their device. Where is the email transcripts going, and mp3 of the phone calls when they are recorded, as well as the voice mail is left.

Jeff N. • Legal issues from wiping ex-employee devices should be mitigated, if you have a company handbook with a policy that is signed by every employee who wants to use their personal device to access company assets. Also, you don't have to wipe the entire device, Most MDM tools allow you to selectively wipe the device and enforce standards such as encryption, passwords requirements, blocking jail broken devices, etc. etc.

You're right. The devices are powerful and have tremendous capabilities which creates flexibility and complexity. I don't believe there is a single answer.

Karl C. • Our IT leadership team had a long a vigorous discussion on this yesterday. As a healthcare organization data security and costs are our primary concerns. We have a MDM solution in place (2 actually, RIM BES and IBM Traveler) which address the security needs, so it comes down to purchase, provision, support, and service costs. BB meets all the business needs and is definitely cheaper, all things considered, so that is our standard offering. We will allow employees to use personal IOS and Android devices, but they will share in the incremental costs, and accept responsibility for loss, damage, etc.,

Karl C. • When we connect a user's device to our MDM (only way to get email), they sign an agreement that we have the right to wipe the device, and that we will do that when they leave the organization, or any other event where we feel it is appropriate.

Robert A. • I agree with you that these issues can be addressed in the employee handbook, or the agreement to access "computing" resources. My only issue is when the MDM installs agents which could impact user privacy if data is mined from the device. On a personal device, I still have the expectation of privacy. Overall, I like BYOD. I have no issues respecting IP issues, and trade secrets of a corporation or a government. Personally, if I am dealing with sensitive information, I would rather be issued a corporate device because I do not want to "indemnify" a corporation for a personal device unless I have to. As vendor, I want "BYOD" device care criteria to be precisely defined, and limited.

Jorge B. • Blackberries are rather weak in terms of robustness. Specially their LCD screens. I haven't heard that many hardware problems with the iPhone. Blackberries, on the security arena are much better in my opinion. Apps wise, iphone is more capable but its strenght is its weakness. It will be difficult to prevent employees from buying their own apps and charge them to the company as typical claims and a robust policy will have to be in place. Considering the path RIM is following (like releasing the Bold 9900, a touch screen phone with a rather hopeless battery life.. It lasts.less than a day!!!) and their Playbook mess (no 3G data, citrix client still not working...), I would rather focus on Android, Apple or even Microsoft.

John K. • I have always been very much in favor of any solution that is device agnostic. Open services, protocols and platforms allowing a BYOD environment seem more powerful in my opinion than a proprietary solution.

Getting locked into a proprietary situation limits your optionsm costs more and makes it much harder to move as the technology inevitably will. Proprietary solutions sometimes look attractive at the outset but in the long run have a hugher cost that may not be obvious at the start - technical debt is hard and painful to pay back.

Specifically bringing up BB, I have never been a fan of their email service. From a security standpost as well as a functionality standpoint. I never could understand the benefit of having BB grab mail from my server, put it on their server and then push it to my device when my device is perfectly capable of getting the mail itself. From a security stadnpoint, I do not like my mail sitting on someone else's network. And let's not forget the havok when BB goes down - totally uneccessary in my view.

John K. • As an aside, whenver I'm asked a this or that question, my next question is what is the third option? In my experience questions such as these always have a third or more solution to be considered.

Nick T. • we considered, and to be honest haven't quite let go of the idea, WP7 as our thrid option. Discounted Android, but I think as the devices mature we will replace BB with WP7 with some exec iPhones

Geoff L. • As BYOD becomes inevitable I expected to place a secure container on all tablets but have resistance against this on smartphones so stay with Mobile Iron. How far away is a single MDM ?

Daniel B. • I have been following this dialog from the start and found it quite helpful and insightful. However, I would encourage reference to actual data/references to support any claims/conclusions. It would be helpful if we could make a difference between what is factual and what is perception/opinion to distinguish between hype and reality.

As far as BB security is concerned I would be interested to see reference to any study that indicates it is insecure? The claims RIM makes are pretty significant: http://us.blackberry.com/ataglance/security/certifications.jsp and http://press.rim.com/release.jsp?id=5361. RIM indicates the following regarding email storage for enterprise customers (see http://us.blackberry.com/ataglance/security/features.jsp): "BlackBerry Enterprise Server does not store any email or data. To increase protection from unauthorized parties, there is no staging area between the server and the BlackBerry smartphone where data is decrypted."

Bill H. • @Daniel- I assume you are specifically referring to John Kloian's comments, and you are correct. From a security standpoint, Blackberry is tops. Contrary to the statement, RIM is not a store-and-forward network. In fact, their security is so stringent that it is counter to many countries who have demanded special dispensation for access (http://www.security-technologynews.com/news/indias-blackberry-security-concerns.html). Furthermore, the Blackberry OS - not the QNX/tablet - has never been hacked (http://www.technobloom.com/blackberrys-fabled-security-called-into-question/222051/), which Android and iOS cannot claim. With a loose interpretation, what John implied could easily be said of any Internet access methodology. Even ActiveSync IP packets have to traverse potentially untrusted Internet sites. And lastly, RIM network outages have been rare (but when they did falter, they were to unprecedented depths).

Security, and to a lesser degree, reliability, are not why Blackberry is losing market share.

Bernard S. • We're living in borrowed time.

BYOD moves more like a tsunami rather than a glacier, and it starts at the board and upper management level. VIP users have been receiving special treatment to use whatever device they choose since the dawn of time...

The risk of security breach is with the individual, not the technology.

We've been bamboozled by vendors preferring multimillion projects on securing data, when IT dumps old PCs/Notebooks and mobile devices without even performing hardcore DoD wipes. I can extract info from my 5 year old HDD from 3 formats ago!

Nothing stops individuals from leaking out information verbally or from memory. All the hullabaloo on secured devices are similar to investments made on poorly planned Disaster Recovery projects. You spend 10-20 mil on a DR site while single point of failures abound at the production site. Start with the core -> the people.

Trust me, ignore the red herrings and focus on dealing with the inevitable. The sooner we embrace chaos the faster we learn to swim with the currents...!

John K. • In terms of the BYOD device being lost or stolen I would think that in such an architecture it would be essential for the platform to centrally house all data within the business and the user is issued a certificate or some other means of secure identification and then their device simply accesses the data that always stays within the business. That way if the device is lost, stolen, etc. All the business has to do is revoke the user's credentials - no data ever left so it can't be lost.

The business retains control over critical data. IT maintains control over the flow of said data and the user gets to use what they're comfortable with to access said data. win-win-win in my book.

OSs will come and go as will protocols and platforms. The need to control, manage and access data will remain constant. Genralize whenever possible to allow yourself to adopt, adapt to what my come.

Brian D. • People want to use the devices they are familiar with. If you force employees to carry two devices, use antiquated technology, etc., they are going to go work somewhere else. If you want to attract top talent, you have to accommodate their needs. There are ways to do this and still provide the security that business needs. We are doing exactly the same thing Jeffrey mentions above with BYOD, supporting iOS and Andriod and using MDM to manage and secure it. We also will provide company phones for people in approved roles and give a choice of iPhone or Droid.

IMO, BB had their shot and missed it. They have one foot in the grave and are going to go the way of Palm.

Zoltan O. • iPhone!
Closed and verified software market = much more securely...
And... The simplicity! :) It's most important for the non-IT staff (especially CxO-s).