As organizations begin to cope with the ramifications of the BYOD movement, network security and the enforcement of policy are among companies’ top concerns. MobileIron and Palo Alto (News - Alert) Networks have devised a mobile device management solution designed to keep devices secure, limit access based on the user’s job description and immediately address policy violations.

Devices power mobile device management from MobileIron by simply downloading the MyPhone@Work app and installing it on their mobile device. Users are then asked for the company’s MobileIron platform username and password. Once logged on, the user is prompted to accept both the appropriate security profile and settings, which are customized according to the person’s functional role in the organization based on obtained groups or directory attributes.

Accepting the security profile and settings means that users will be enrolled in corporate certificate authority, allowing for internal root and user certificates to be distributed to the mobile device. In addition, corporate email will be pushed to the device, as will the parameters of the company’s security policy. For instance, companies can forbid certain non-business-related apps from being downloaded onto devices. All firewalls work together to provide a “cloud” of network security consistently around all enterprise traffic.

So what happens when employees violate a security policy? They are, in effect, quarantined from the network. The virtual smartphone platform is notified of the violation, and the user is notified via email and push notification. Corporate certificates, exchange settings and global protect settings are removed until the user takes corrective actions. When devices are restored to compliance, the mobile device management platform resets the device with corporate settings via push.

The application works on all major platforms including Windows, Mac OSX and iOS. If users are employing an iOS-powered device, they have to use Version 5.0 or later because of its enhanced security features. Also, the devices added to the network must not be compromised, meaning no jailbroken devices.

MobileIron configures device VPN settings to connect to Palo Alto Networks Global Protect Gateways according to the user’s geographic area. In effect, the user never goes off-network, and MobileIron’s mobile device management tools always control the device.

Practically, the user’s personal use of the mobile device would be limited by company policy. For example, if the company forbade the user from downloading Angry Birds, then the employee couldn’t keep the Angry Birds app on his or her device, even if the game is only played outside of work hours. However, while the solution may have some BYOD shortcomings, MyPhone@Work should work well as a mobile device management platform for devices that have been purchased and issued by the organization.