Security Skeptics Invite iPhone into the Enterprise
Some vendors are working with the Apple Push Notification Service, introduced earlier this year, to mimic multi-tasking. Apperian, a consulting company that's creating custom iPhone apps and software frameworks to support large-scale enterprise iPhone deployments, is creating an SDK to simplify this for security and management: a server sends an alert via the push service to the iPhone and wakes up a security application to run a check or report on a possible security breach.
"In the next year, the iPhone enterprise application infrastructure will be pretty much the same as other platforms," predicts Bin Lee, Apperian's CTO.
Even without these expected changes, the iPhone today meets the basic security needs for a surprisingly large number of enterprise customers.
"The iPhone gives you ActiveSync device management," Field says. "ActiveSync is becoming the de facto management and security platform for these lower-end security requirements."
Apple's security improvements create a basic foundation that supports a range of options for enterprise customers. "Some iPhone apps we build for enterprise customers are low-security applications, like searching a corporate directory or finding a location on a big campus," Apperian's Bin Lee says. "Different companies have different security policies."
At Chicago-based law firm Sonnenschein Nath & Rosenthal LLP, there was "tremendous demand" from lawyers to support iPhone as an alternative to the ubiquitous BlackBerry, recalls the firm's CIO, Andy Jurczyk. A self-confessed security "extremist," he resisted those demands until Apple improved security in 2008 with ActiveSync supporting Exchange policies. "It was enough for us to build on," he says.
Sonnenschein begins by provisioning each iPhone, as it does with the firm's BlackBerries, configuring it for each user. The firm uses the current iPhone capabilities but adds a separate digital certificate to create two improved security layers. Initially, the user logs on with a strong password, enforced by the software (as is done for BlackBerry users also). The combination authenticates the user to work with the iPhone and to access Exchange via ActiveSync.
If the user wants to connect to the firm's Microsoft SharePoint Server to access client documents, for example, he has to go into "settings" and activate the VPN, the rules for which are determined by the added certificate. The user has to enter a second Active Directory password to complete the secure log-in. (SharePoint 2010 sites are easily viewable with the iPhone, according to a Network World review.)
Separately, the firm's iPhones run a two-factor authentication software token from RSA Security, which generates a one-time password when a user logs into Exchange with the Safari Web browser via Outlook Web Access, or into virtualized applications hosted on the firm's Citrix servers.
"There are things we can do on the back end with RIM that we can't even come close to with iPhone," Jurczyk says. "But there's enough [with iPhone]: we can kill the device, and apply our security certificate." There are about 200 iPhones deployed.