iPhone not ready for the enterprise

While the Apple iPhone won't be the first choice of many enterprises, a group of industry analysts say it could have a positive impact on future devices.

The iPhone lacks encryption, robust central management capabilities and the ability to integrate with localized infrastructure making it an unlikely choice for most businesses, according to analysts at Midvale, Utah-based research firm, the Burton Group.

I would love it if our organization ran the iPhone for a standard device but there's just enough missing pieces that it doesn't make sense for us at this point.
Richard Monson-Haefel,
senior analystBurton Group

In an online panel discussion, the analysts said the device is suitable for consumers to access email, browse the Web and access Web-based, Ajax-enabled applications. But cheaper devices that mimic many of the iPhone's features may win out in the enterprise marketplace of the future.

"The iPhone is unquestionably cool, but the Mac has always been cool," said Jamie Lewis, CEO and research chair of the Burton Group. "It's clear that the lines between work and life and the devices you use in the different roles that you have will continue to blur."

The iPhone was released in June and since then security researchers have been clamoring to crack the smartphone's security features. Since then, flaws were discovered in the Safari browser, used by the iPhone. In July, a team of security pros at Baltimore-based Independent Security Evaluators discovered simple ways of taking complete control of the Apple iPhone. Other security experts said that iPhone popularity could increase mobile phone attacks.

From a security perspective, the iPhone's lack of a centralized management capability – it currently relies on the iTunes interface for user management – takes the control of patching and configuration updates out of the hands of enterprise IT pros. Users can download security updates from a site provided by Apple.

"There's no way to force a patch or configuration change from a central place," said Diana Kelley, vice president and service director at the Burton Group.

Apple iPhone:
iPhone crack discovered by security researchers: Researchers have found a way to take complete control of the Apple iPhone by sending a user to a malicious Web site.

Apple iPhone to provoke complex mobile attacks, expert warns: Mikko Hypponen, director of antivirus research at F-Secure Corp., said he expects mobile malware attacks to escalate thanks to interest in Apple's iPhone.

Apple releases fixes for Mac OS X, iPhone vulnerabilities: Apple has released software patches fixing critical vulnerabilities in Mac OS X and its newly released iPhone.

Kelley said that the lack of centralized control coupled with the iPhone's lack of encryption makes it an unlikely choice for security-conscious enterprises, such as organizations in the government, healthcare, and financial markets. While Apple makes it difficult to store files on the iPhone, new software called the iPhone Drive is available, and indications are that storage could be made available in the future, making encryption even more important for the device, Kelley said.

"There are a lot of issues with data leakage and organizations are saying 'we don't want files being carried on a small device that we can't control,'" she said.

Many enterprises have been trying to address issues related to data leakage in the wake of many high profile data breaches and stolen laptops containing sensitive information. Some IT shops are deploying file encryption on laptops and even full disk encryption to address the issue, Kelley said.

Still, some analysts believe the iPhone's limited features could be ideal for many enterprises. Since the phone lacks the ability to store enterprise data via cut and paste and download features, the device currently doesn't need encryption, said Bob Blakley, a principal analyst at the Burton Group.

The iPhone also lacks the ability to enable a user to store local applications. This could benefit enterprises since end-users could connect to Ajax-based Web applications, keeping sensitive data stored on local servers, Blakley said.

"Any Ajax application that an enterprise chooses to develop is going to be able to present rich information density and interactions dialogue with the user," he said.

Blakley admitted that future software updates, driven by consumers, could make the iPhone more prone to data leakage.

Still, Burton Group senior analyst, Richard Monson-Haefel, an iPhone user, said he is hesitant to recommend use of the iPhone by most enterprises. The need to store resident applications is important in some job roles, he said, including field technicians and service professionals. Even with a fast Internet connection, downloading schematics and other large amounts of data could be burdensome, he said.

"Technicians working in the field may need a massive amount of data … and can't afford to spend time downloading without a fast pipeline," he said. "I would love it if our organization ran the iPhone for a standard device but there's just enough missing pieces that it doesn't make sense for us at this point."

Dig deeper on Handheld and Mobile Device Security Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close