My head exploded when I discovered this feature today, and there are several problems I see with it.
1) It seems REALLY wrong (like Cambridge Analytica wrong) to make it to that if any email user signs up with a BYOD device to get their email, then I as an administrator have the ability to permanently remote wipe their device forever, making the device effectively unusable, even after a restore of the data. ESPECIALLY WITHOUT THEIR CONSENT. And especially when you don't really tell the Administrator about the implications of what they are doing, also. Like "WARNING: If this is a BYOD device, you're wiping a private and personal device. I sure hope the user has a good backup!" Because most really DON'T.
2) IF you restore the data (as I did on my personal phone), the MOMENT email is opened again (even to remove the account) it remote wipes the phone a second time, and I imagine forever; until the toggle is turned off.
3) It seems just INCREDIBLY wrong to me to give such a power to anyone over my device simply because I want to get my company email on my personal device. While I understand the need to not have company data "walk out the door", this seems like it warrants SOME ability for me to get consent... but it doesn't even warn the ADMIN of this consent and seems to assume you know and wouldn't reasonably use that ability. As an administrator, I'd want to be able to decide if I ask for the user's consent on the device or not for such a power; AND I'd want to be able to turn on or off this remote wipe feature entirely for some devices that are using our email.
4) Market Need: I'm curious, after all of this, as to what the value of having a "Groupwise Mobility Service" is in the first place? Why make it so that a user has to connect to an entirely different server to get their email? Why "just Groupwise"? As someone relatively new to this company's infrastructure (and frankly not knowing Novell or any of it's technology still existed after the 90's) Is it to add these kinds of features? If so, why not put these features into an MDM that is actually an MDM? This extraordinary power seems baked into (and there are literally zero places I could find where I can see that Remote Wipe is configured anywhere in the admin interface). Is overpowered Remote Wipe a common feature among just plain old email administrators? Are there so many people that need this over just using the Zenworks MDM feature? If I was using Zenworks MDM, is there a place THERE I can toggle this feature of GMS?
5) I'm just seriously taken aback by the extraordinary power given to a service that seems completely misplaced in the stack of services deployed in today's enterprise, and as such seems tone deaf to the needs of the split between the Enterprise and the BYOD culture that has arisen over the last 10 years or so.
6) Why are there no User Interfaces dedicated to this, especially given it's extraordinary ability? The small tooltip for Remote Wipe of the device seems inadequate for what it really does. That seems like a UI design failure; when it exists that the nearly invisible, yet permanent and irrevocable nature of power over all devices connected to our corporate email contains no opt-in or out for either party- the user or the admin to know what is happening. So much so that I've been the main admin here for TWO YEARS and this is the very first time I've ever known even of the existence of such a feature. To the point where I remote wiped my own BYOD iOS device on purpose because I simply believed it WOULD NOT WORK. Given that I know Apple devices really well, and such a power requires things like profiles, etc. to work... how does this happen, technically? Also, why is this Remote Wipe feature a toggle by default? It seems like I as an admin would want the ability to wipe once or wipe as a toggle, rather than just toggling.
7) It seems like a principle in IT that if you're going to CAUSE data loss, that there be some kind of check/double-check about ensuring they have some kind of backup. This is often the case where this check/double-check happens on both the Admin side and the user side, but in this case, NEITHER occurs.
The entire way this has been implemented and used and the justification behind it is so confusing, I'm a bit flummoxed to be honest.
by: Regis C. | over a year ago | Mobility Services
Comments
Regis, it sounds like you don't understand the exchange activesync protocol and its feature sets. Activesync is a microsoft protocol that the industry generally standardized on for mobile device email synchronization, and includes some basic device management capabilities. GMS is the EAS connector for GroupWise and currently supports EAS 16.0 and a subset of the basic security and device management features for enforcing basic passcode requirements and device wipe capabilities
https://en.wikipedia.org/wiki/Exchange_ActiveSync
If you want more advanced and granular device management support, I recommend zenworks 2017 with its mobile UEM feature set and activesync proxy and policies.
Oh, and FWIW: On every device I have seen so far connecting to GMS (or any other business email service using Activesync of course), there actually *IS* a warning and the device user is asked for consent if there's any management options enabled.
Asking the "user" of a potentially stolen device for consent (or if he has a backup) before wiping the device for legal and data protection reason however is a truly "interesting" idea. But of course it makes no sense whatsoever once you think abut it.