I'm not sure against what kind of problems are you looking for security against? If it's just to make sure employees phones are safe against external attacks, why not simply tell your employees to not root their phones and use Android's full-disk encryption? If it's defense from malicious employees from accessing your VPN, then the solution seems out of the scope of your phone software - and banning non-blackberries (as many companies do) wouldn't solve the problem.
Saying "don't root it" only works (weakly) to make sure your employees aren't doing things they shouldn't. If Alice leaves her phone behind at lunch, Eve can root it and install a bug to forward all her secret company mail to EveCo's servers, and Alice won't know when she grabs it from the cafe the next day. If her phone's known to be sufficiently hardened, AliceCo has less to be concerned about when it's lost.
That's RIM's only solid current advantage, enterprise customers that can trust their security. Anything that would give the appearance they can't offer this security anymore would totally destroy them.
Android's full disk encryption is supposed to solve that problem. You can't root her device and make it look the same (so she doesn't notice), because that would require breaking the encryption.
Or is it something else I'm missing?