Security Skeptics Invite iPhone into the Enterprise

Apple's iPhone is slowly but surely winning over some enterprise security skeptics. As a result, it's now showing up alongside, or instead of, Research in Motion BlackBerries and Microsoft Windows Mobile handsets, despite the fact Apple offers none of the security and management features that are hallmarks of those two platforms.

10 iPhone apps that could get you into trouble

With the release this year of iPhone OS 3.0, the popular handset is capable of a much more advanced mobile symbiosis, relying on the Microsoft Exchange security and management features that are accessed via Apple's implementation of Microsoft ActiveSync. Coupled with a greatly improved iPhone Configuration Utility (ICU), the new firmware has gotten high grades.

From its birth in 2007, the iPhone has been criticized for lacking enterprise security and Apple for not caring about it, given the company's consumer focus with the popular smartphone. That began to change in 2008, when Apple introduced support for ActiveSync, enabling an Exchange administrator to erase all the data on a lost or stolen iPhone, for example. The 3.0 release in June 2009 added more improvements (see the official enterprise deployment guide here), and some observers expect even bigger security changes in 2010.

Apple's absolute control over the hardware and software means the "iPhone has the potential of becoming the most secure mobile device on the market. I think they're going to get there," says David Field, device management and security architect for Enterprise Mobile, an IT services company that specializes in enterprise mobility and is backed by Microsoft.

But what will it take for the iPhone to become a more solid enterprise option? Experts say there are two key areas to expect changes by Apple in the near future.

The first is support for over-the-air application downloads and firmware updates, perhaps by early 2010. Today, enterprise users need iTunes on their Mac or PC to get software and updates. "Companies don't want users connecting the iPhone to a PC [running iTunes]," says Ken Dulaney, vice president of mobile computing for Gartner. "That's because they want to monitor and control what users are doing." With over-the-air downloads, enterprise can control deployment of authorized applications directly to the iPhone, and ensure fast fixes for software vulnerabilities or threats.

Second, expect Apple finally to lock the iPhone's boot loader to prevent the phone from being jailbroken. Jailbroken phones can load a new operating system image that discards many of the protections built into the official operating system, such as the sandbox architecture for applications, Field says. The sandbox is a self-contained "space" for the application, preventing or limiting access to data in other applications or hardware features. "A jailbroken iPhone is very insecure," Field says.

Another possibility is closer cooperation by Apple with third-party security vendors. Gartner's Dulaney speculates that Apple may introduce a way for these vendors to exploit limited background processing (or multi-tasking) on the iPhone. That would let a security application connect with, monitor and control lower-level operating system and device functions. Dulaney says Apple has been talking with security vendors about this kind of lower-level access.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Best of PCWorld Newsletter

Comments