Dearing said while there are numerous Mobile Device Management (MDM) vendors who provide plenty of security features, they tend to, "fall short when it comes to employee productivity and satisfaction, often changing the user experience and limiting application use to just a few dozen apps in their proprietary ecosystem."
The solution to that, say Dearing and others, is "containerization," which separates work and personal apps and data and thereby prevents enterprise data leakage and ensures employee privacy.
Done effectively, that allows employees to use any device for work and allows the enterprise to control access to its apps and data, including the ability to wipe them without affecting the employee's personal data or apps.
The best version of that, so far, according to Rich Mogull, analyst and CEO of Securosis, comes from Apple's iOS7. In one of a series of blog posts that are being combined into a research report to be released Feb. 10, Mogull wrote that Apple's latest mobile operating system takes, "an active role in mediating mobile device management between the user and the enterprise, treating both as equals.
"We haven't really seen this before; even when companies, like Blackberry, handle aspects of security and MDM while also treating the device as something the user owns," he wrote.
What that means is that Apple is selling different models of devices, depending on whether they are for BYOD or for the enterprise.
"In BYOD, users own their devices, enterprises own enterprise data and apps on the devices, and the user experience will never suffer. No dual-personas. No virtual machines," Mogull wrote, adding that this also means users don't have to worry about exposure of their data to the enterprise.
With enterprise-owned devices, "the enterprise controls the entire provisioning process, from before the box is even opened," he wrote. And when the user does open the box, "the entire experience is managed by the enterprise, down to which setup screens display."
Others agree that iOS 7 leads the pack in this area. MobileSpaces' Dearing said other major vendors have not yet provided that level of separation. "Google has not provided similar support and has instead let the handset vendors such as Samsung solve the problem," he said. "Unfortunately, that's create a highly fragmented approach to mobile security that makes it difficult for IT to predict the security posture of employee's Android device even if it is a Samsung device."
"Apple BYOD gets it right," said nCrypted Cloud's Stamos. "It's about the data, and he who owns the data controls the data. Employees are trustees of corporate data, and when their tenure ends, they lose access. Clean and simple."
The cloud is also expected to play a role in maintaining security in an "always connected" corporate world.
Sign up for CIO Asia eNewsletters.