||Add To My Personal Library
September 26, 2008
Vol.30 Issue 39|
Page(s) 9 in print issue
Here Comes The iPhone
How To Make Apple’s iPhone Work In Your Enterprise
Had Paul Revere been an IT manager in today’s enterprise world, perhaps he’d be known for yelling, “The iPhones are coming! The iPhones are coming!” After all, Apple’s innovative smartphone is invading enterprises with impressive swiftness, and employees are using the device to compute and communicate—regardless of whether company policy allows use of the device.
“While the iPhone isn’t perfect for every business, it is definitely accelerating the adoption of PDAs/smartphones that individual employees are purchasing—even if corporations and employers are not,” says James Bond, director of engineering for Apptix (www.apptix.com). “The days of the IT department enforcing only a single PDA/smartphone standard have been replaced with trying to keep up with the demands of users.”
In a perfect world, IT managers would be aware of every device used by employees in their organization. But reality paints a strikingly different picture, and the iPhone is the perfect example of that reality, because employees are often using the device regardless of company policies. Rene Poot, international systems engineer for NCP Engineering (www.ncp-e.com), says that if corporate policy dictates that employees can use their own devices, IT administrators should be aware of the security implications and educate users on the potential dangers.
“The users need to understand the implications of what damage can be done and the responsibility required when accessing/storing information on their phones just as they do with company-issued notebooks. I believe an educated user is very valuable. Locking down or limiting the user will often encourage creative people to find the means to circumvent the security solution that’s imposed on them,” Poot says.
IT managers need to understand what the iPhones will be used for, where they will be used, and how they will be used, Poot says, in addition to the device’s limitations and manageability issues. A major concern with the iPhone is its lack of entire-device encryption, which can become a problem when users store sensitive company information in the device.
“What happens to a device when it’s lost, displaced, or stolen? If it’s not returned, what happens to the data that’s stored on the device? What about tools on the device that allow for remote access to the corporate network via Telnet, VPN, email, or VNC or RDP [Remote Desktop Protocol] tools that are now also available for this platform? This is just as applicable for any mobile device, and so the IT security manager can apply the same security policies,” Poot says.
Thomas Ingham, co-founder and chief technologist at Coalmarch Productions (www.coalmarch.com), says a mistake people are making is that they’re considering the iPhone as something other than a regular computer. “We take all the same precautions in securing our network with any device that’s going to be playing in our sandbox on a daily basis. This means strong security on your wireless network that’s probably already in place, supported by a healthy respect for limiting the public visibility of your critical business data,” Ingham says.
Welcome To The Fold
Whether enterprises deploy iPhones as enterprise-wide devices or allow employees to use iPhones at their discretion, the iPhone has tools that help to simplify integration with the enterprise network. Bond recommends using the iPhone Configuration Utility to preconfigure settings for VPN, Wi-Fi, and Exchange accounts and then distribute the configure profiles to end users.
“I also recommend configuring your Exchange environment for auto-discovery, whereby users can connect to your server by simply entering their email address and password into the iPhone, [and] ActiveSync will automatically discover the server name, SSL settings, etc.,” Bond says. For enterprises deploying iPhones, he says that to minimize support calls to IT, “I would openly announce which features are and are not enabled on the iPhone and its built-in ActiveSync. For example, Notes and Tasks are not synchronized to the iPhone over ActiveSync.”
Bond also recommends instructing users what to do and what not to do when it comes to configuring their iPhones via iTunes. For example, he says it’s easy to accidentally “kill” calendar and contact data on the iPhone when trying to use Apple’s MobileMe server along with Exchange/ActiveSync.
Dustin Shafae', operations manager at Papercheck.com (www.papercheck.com), recommends tasking a person or team with configuring the email feature on iPhones for end users. “Although it was relatively easy for our younger users in the Papercheck main offices, an older user who is not familiar with technology will have more difficulty and take more time to complete the email configuration. [Leaving the task to IT] will save you time, frustration, and money, since the employee activating his or her phone would be doing so while on the clock,” Shafae’ says.
Regardless of the number of iPhones in an organization, iPhone management can be tricky due to the lack of a mature central management system, Poot says, although the Configuration Utility is a step in the right direction. He adds that exploit vulnerabilities in versions of Safari running on iPhones can allow the theft of call records or contacts by people who trick the phone’s user into opening a maliciously constructed link. Further, he says, security patches from Apple are slow.
Finally, for enterprises using Exchange, Bond recommends enabling ActiveSync on their Exchange systems for email, calendar, and contact synchronization. If an organization doesn’t have Exchange servers inhouse but wants to provide iPhone users with access to Exchange email and collaboration services, Bond suggests they look into hosted Exchange services.
by Christian Perry
iPhone Update 101 |
As with other mobile devices, the success of the iPhone relies heavily on IT’s and the users’ abilities to keep it updated with the latest firmware. According to James Bond, director of engineering at Apptix (www.apptix.com), this process can be performed by users simply by connecting the iPhone to a USB cradle or cable and allowing iTunes to perform the update, although he says he hopes to see Apple or a third party soon provide the ability to centrally track updates or even force or push updates over the air.
Because updates are critical to the iPhone’s security and general function, enterprises must ensure that users are indeed updating. Dustin Shafae’, operations manager for Papercheck.com (www.papercheck.com) says that the process isn’t always smooth. He explains, “The updates do require a lot of time. We have updated our phones three times since we’ve gotten them. Halfway through the update process, your PC will prompt you to plug in your iPhone, even when it is already connected. After unplugging and reconnecting, the iPhone provides the message that the update had been interrupted and that the software needs to be reset.”
Says Bond: “Just as with other PDA and smartphone devices, the asset management of corporate-owned—and even employee-owned—devices is a challenge. I am sure we will see more tools available in the future to assist with this that may or may not be iPhone-specific.”