Enterprise Mobile Device Security: E-mail Access Recommendations

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Providing secure access to corporate email assets is essential to most enterprise mobile device deployments. E-mail, calendar, and contacts are among the first applications that end users wish to access from their mobile device.

Every major modern smartphone platform supports a set of protocols known as Exchange ActiveSync, a proprietary Microsoft protocol that allows for this same mail, calendar, and contact data to be transmitted between mobile device clients and a mail server. In many cases, that mail server happens to be a Microsoft Exchange server, but several other mail servers also support the Exchange ActiveSync protocol.

In order to provide access, many enterprises have simply deployed their mail servers so that they are externally reachable from the Internet, with the devices connecting directly to the server. There are advantages and disadvantages to using this approach. One major downside is that deploying the mail server on the DMZ exposes a very important asset — your corporate e-mail — as a target to the Internet.

For this reason, it is recommended as a best practice, that organizations use a dedicated VPN for even basic e-mail access. On the other hand, there is no need to deploy any software on the mobile device in order to make this work because the major smartphone operating systems already support the ActiveSync protocols.