Gartner Blog Network

Has OWA Really Caused Any Owwies?

by John Pescatore  |  July 27, 2011  |  Submit a Comment

I’m spending a lot of time with Gartner clients as they try to address the risks of letting employees use employee-owned smartphones to access business email and business systems. We go through all the risks, but one question I always ask is “Do you support Outlook Web Access?”

The answer is invariably yes. OWA has been out and in use for almost 15 years now, with widespread use during the 10 years since Windows 2000 came out. So, for over a decade employees have been able to access corporate email from their personally owned home PCs (or anything else with a browser), store work related documents on their home PCs, and often even access shared files and Intranet systems using Outlook Web Access – and the same is true for use of SSL VPNs, which allow even broader access from home PCs.

Now, Microsoft and the SSL VPN vendors have build lots of security capabilities into those products, but most enterprises have not turned on attachment blocking or remote cleanup or many of the advanced features at all – and there have not been many incidents even so. So why all the focus on the risks of allowing employees to use personally owned smartphones?

Well. one big reason is that home PCs usually sit in one place and the employee rarely loses it or has it stolen. Nor does the user change home PCs every 18 months or so – the risks definitely are lower that the device will be out of the possession of the user. However, such a high percentage of home PCs are compromised with bot clients and other malware that the risks of data loss via malware is actually much higher using web mail clients on home PCs than using smartphones.

The real message is to meet in the middle: don’t try to apply draconian security policies to the use of personally owned smart phones but also don’t take a “don’t ask, don’t tell” policy on OWA use, either. We have a continuing series of research notes on this: Ken Dulany and John Girard with “Four Architectural Approaches to Limit Business Risk on Consumer Smartphones and Tablets” and John Girard and I with “Critical Security Questions to Ask Before You Support a New Smartphone Platform.” with another one to come in August.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.