Should your IT department support the iPhone?

When the iPhone was first launched in June 2007, it was generally panned by IT managers and systems administrators.

iPhone in the enterprise?

iPhone in the enterprise?

Acceptance and control

If you know or suspect that iPhones are making a stealthy march into your operation, you have a couple of options. First, you can offer an alternative. By providing employees with an alternate smartphone such as a BlackBerry or a Windows Mobile device -- both have great centralized security options -- you can reduce the clamor for the iPhone and at the same time provide a more secure, business-proven solution.

In many cases, however, providing and supporting an alternative phone may not be a viable option. Doing so could be cost-prohibitive, especially if it means setting up a BlackBerry Enterprise Server, an Exchange server or an Exchange alternative. If you're asked to support only a couple of iPhones, it's probably easier to manually configure and restrict them by hand. This is particularly true if high-level managers are the primary users demanding the iPhone.

Here, user education is important. By explaining why devices need to be managed for security reasons and explaining the policies that you've implemented on the managed iPhones, you can at least offer them a rationale for minimizing the use of iPhones in your environment. This may not always be successful in limiting demand, but it's always a good starting point.

If you're forced to make the iPhone more broadly available, you can develop a configuration profile, or a series of profiles, that effectively limit access to iPhone features and applications and enforce needed security options. You can then make these profiles available to users. One advantage of the current iPhone OS is that once a policy is accepted on the device, you can restrict who can remove it.

This can be effective in dealing with both company-owned iPhones as well as personal devices. If you can get support for the idea that employees using a personal iPhone for work means some of its features need to be secured, you can distribute the requisite profiles. This gives you a way to configure and allow access to a wireless network or to other internal resources while at the same time layering on needed security measures.

A key point here is communication. You need to spell out why the iPhone needs to be locked down as much as possible. You may even want to create company-wide policies about what resources users are allowed to access or store on their iPhones. It helps to be willing to entertain the option of an iPhone, even as you also make clear your concerns and provide ways to address them. The bottom line is this: If you're forced to deal with iPhones in your environment, you want as much control and cooperation as possible.

Third-party solutions

While the iPhone Configuration Utility and the profiles that it can apply and enforce provide the best options for mitigating risks, they're not the only options. As I mentioned earlier, if you have an Exchange environment, you can also apply Exchange security policies. They, unlike configuration profiles, can be deployed over the air.

Granted, the entire range of profiles isn't available, but basic ones such as requiring a passcode to unlock the iPhone are available. Exchange also enables remote wipe, making it one of the more powerful options for using an iPhone in the enterprise.

If you don't have Exchange, and don't want to spend money on it, there are a number of less-expensive alternatives -- Kerio MailServer, Zimbra and Communigate Pro -- that still provide the core features of Exchange by licensing Microsoft's ActiveSync.

Another third-party product is Good for Enterprise. This suite allows you to secure not just iPhones, but also Android and Palm WebOS devices such as the Pre and Pixi. Good offers this security by using its own native iPhone application. The app provides much of the same groupware functionality that the iPhone's Mail, Calendar, and Contacts apps provide, but enterprise data is stored in encrypted form and can be remotely wiped from the device when necessary.

This provides better security than even the built-in Exchange support and is relatively easy to configure and manage, though an appropriate collaboration suite such as Exchange or Domino is required. Even with Good, though, you may want to further secure the iPhone using configuration profiles.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags enterprise smartphonesiPhone 3G Smobilitysmartphones

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ryan Faas

Computerworld (US)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?