IPhone in the Enterprise: 5 Shortcomings
Sightings of iPhones and iPads inside companies are becoming more common, to the chagrin of those IT departments that prefer the enterprise-class features of the BlackBerry. One of the reasons: Apple has cleared some of the more daunting security hurdles, according to Forrester Research.
Forrester has even recommended 7 steps CIOs should take for stronger enterprise iPhone security. Nevertheless, the iPhone and iPad still face a few barriers to greater enterprise adoption, mostly in the purview of device management, Forrester points out in a recent research note.
Here are five of what Forrester calls "limitations" of the iPhone and iPad:
1. Configuration Conundrum
When deploying iPhones or iPads, enterprise IT departments must be ready for a big manual undertaking just to configure them. "Apple's own iPhone Configuration Utility generates configuration profiles but doesn't automate installation tasks," writes Forrester analyst Andrew Jaquith. "Popular mail servers like Exchange and Lotus Notes can use these profiles but can't generate them and have limited automation for over-the-air provisioning and device certificate generation."
Terrell Woods, design and reprographics lead at D7 Consulting, a small consulting firm, confirms the lack of good configuration tools. In his recent iPad deployment, he had to configure each iPad individually before sending them out to construction sites. "The operating system on the iPad does not allow you to configure your iPad as an enterprise device," Woods says. "That's where it's a little tricky."
2. Third-Party Software Still in Development
Apple's newest iPhone operating system, iOS 4, was supposed to bring enterprise management to the iconic smartphone-and, for the most part, it did. There are hooks for remote inventory, password management and policy installation, says Forrester.
The problem, however, is that those hooks are for third-party enterprise management software vendors to utilize. "Enterprises seeking to operate fleets of company-owned iPhones or iPads should not expect to see credible third-party mobile device management platforms that offer these features until year-end 2010 or [first half] of 2011," Jaquith writes.
3. iPhone Falls Short on Certain Security Measures
For many companies, the iPhone and iPad have adequate security features. Many, but not all. Companies requiring the highest levels of security will continue to deploy BlackBerries paired with strong authentication tokens. Specifically, this refers to RIM's smartcard reader for authentication. "The iPhone has nothing equivalent today," Jaquith writes.
While the iPhone 3GS and iPhone 4 have device encryption, they haven't achieved FIPS 140-2 compliance. Thus, the iPhone isn't an option for companies that require FIPS. Many companies also want to be able to sign, encrypt or decrypt email messages using S/MIME or PGP. Unlike the BlackBerry, the iPhone doesn't support these technologies.
4. iPhone SMS Messages Can't be Archived
Some companies must comply with strict regulations such as Sarbanes-Oxley. For instance, certain employees must have their SMS messages logged and archived. But the iPhone lacks this capability, according to Forrester.
5. The One Phone Problem
The iPhone and iPad are blurring the lines between work and personal lives. It's called the consumerization of technology, whereby employees want their personal devices to handle job tasks, too. One phone to rule all needs.
But this can be a major headache for IT departments. "Co-mingling data from the two environments on the device means that an employee could, for example, cut and paste information easily form one environment to the other," Jaquith writes. "Employees who bring their own devices to work, for their part, may not be comfortable with IT remotely wiping everything on the device, and not just work-related data."
There are workarounds to this problem, such as a sandbox approach. For instance, third-party software can keep job-related data (emails, calendars and contacts) separate from personal data and protected via a password.
One of the iPhone's selling points is that users can download apps from Apple's massive App Store, but this can be a dealbreaker for IT departments. With BlackBerry Enterprise Server, IT can prohibit BlackBerry users from downloading rogue apps. "iOS does not have an application white list that allows finer-grained control," Jacquith writes.
This problem has been compounded with the recent availability of iOS 4 jailbreaking tools, as well as last month's ruling by the U.S. Library of Congress that people who "jailbreak" phones to add non-Apple approved apps should be exempt from prosecution. Jailbreaking, of course, can lead to a higher chance of malicious apps and exploits entering an enterprise iPhone or iPad.
Read more about consumer it in CIO's Consumer IT Drilldown.