re: BYOD Strategy Should Start With Data-Centric Security
That's not actually what I said. What I said is that remote wipe is giving you false sense of security. Let me play it through for you:
If I leave my phone in cab and some miscellaneous person finds it, in all probability they'll wipe it for you before they sell it. It's the phone they're after, not the data.
If someone steals it for the intellectual property, they'll do so only if they already know my complex password (or know a way around it) and have a plan for extracting the data very quickly. By the time you've decided to wipe my phone, the damage is done, and the data is long gone. It only takes a few minutes.
But, if we had put proper protections on the data itself (as described in the article), then it's unlikely that a would-be IP thief is going to have the right passwords, and if for data that's really sensitive, we (you and I working together) would have found a way for it not to leave the company's walls, at least not in unencrypted formats.
For the vast majority of users, the answer is exactly not to do what you say. Don't use technology to solve a problem that should be solved with training and awareness. Make people the solution. Even lawyers will understand that the remote wipe capability is all but useless (just explain it to them slowly).
For other users, ones who constantly work with sensitive information, you may indeed need some technology. Elaine's link above lays out a pretty good way to look at that issue. And Jan, above, points out an approach that can also work. But the place to start isn't by throwing technology at the problem (or conversely throwing up your hands, saying we can't afford new technology, and slapping a wrong-headed policy on the management of equipment you don't own).
Seriously. Read the article. You might enjoy it.
I do agree that multiple personalities would be a good thing, and would be a big help in this situation. I'd let you (mis)manage a corner of my phone.
(Readers, David is the CIO of our company - and he and I disagree on the approach to this issue. He's a good sport for nicely responding here - even if he didn't read what I wrote)