Your company has just terminated an employee who has all sorts of sensitive business data on his/her smart phone. No problem, right? You'll just use that wonderful remote wipe feature in Exchange and get rid of it all, right? Well, if it's ever actually happened in your organization, you may have found that solution isn't quite as magical as you thought. There are a couple of problems: one is that the user has to authenticate before the remote wipe action will take place, and if you've disabled the account, authentication fails and nothing gets wiped. Jesper Johansson describes the whole process and why it's flawed in his blog at
Paul Robichaux then brought up another potential problem: Remote wipe is not granular. It usually wipes everything on the device and resets it to the factory settings. You might or might not want to do that, even to a terminated employee, when the employee bought the phone and may have purchased and installed additional applications, made extensive configuration settings and so forth.
Maybe that's another reason not to allow personally-owned devices to connect to the network, but is such a policy even feasible in today's iPhone-centric environment? It's certainly something to think about.