Overview of User Data Access via Mobile Devices
Once users authenticate successfully from secure mobile devices, allow them to access only the corporate data or applications that you want them to. You may not want all users to be able to access any or all types of applications by default.
Here is a broad categorization of application types that you may want to restrict access from or allow access to, depending on the group that a user belongs to:
Web-based applications: Users can access intranet pages from mobile device browsers.
E-mail: Users can send and receive e-mail and schedule meetings on the calendar.
Full network access: Users can access not only web-based apps and e-mail but also any other corporate client apps on the mobile device downloaded from an app store.
You can allow mobile users to access web-based applications and e-mail without letting those devices into the corporate network, such as by assigning them an IP address within the network.
Web-based applications can be accessed by most sophisticated mobile browsers supporting SSL encryption. E-mail access can be enabled via Microsoft Exchange or ActiveSync, which also does not need the mobile device to have an IP address within the network.
Full network access, on the other hand, needs the device to be within the corporate network. This type of access allows the user to access pretty much any application within the network, just as if they were in the office. Accordingly, your security policies need to be at their strictest for granting full network access.