The problem is that right now there aren't granular enough controls of remote devices to allow people to adequately differentiate between approved ones and illicit ones. The fault lies on both the side of the client device software and the server side software.
The same goes for Gmail (Google Apps Premium Edition only) and Android (or anything else using Google Sync). You can enable/disable IMAP & POP for the domain and if you enable it you open the floodgates. You can selectively enable/disable users via API but they can toggle it back on their own. If you setup Google Sync instead of IMAP/POP you can remotely wipe devices but you can't do anything except wipe everything and there is no inbuilt method to notify the user first.
Exchange, as described in the blog post, is equally bad. I'm confident things will improve in 2011 but it's unpleasant right now. The best thing companies can do is to set a clear policy on what's allowed and what isn't based on their data security needs, and never violate the users' trust.
The same goes for Gmail (Google Apps Premium Edition only) and Android (or anything else using Google Sync). You can enable/disable IMAP & POP for the domain and if you enable it you open the floodgates. You can selectively enable/disable users via API but they can toggle it back on their own. If you setup Google Sync instead of IMAP/POP you can remotely wipe devices but you can't do anything except wipe everything and there is no inbuilt method to notify the user first.
Exchange, as described in the blog post, is equally bad. I'm confident things will improve in 2011 but it's unpleasant right now. The best thing companies can do is to set a clear policy on what's allowed and what isn't based on their data security needs, and never violate the users' trust.