Iphone Implementation in the Enterprise

Google “iPhone in the Enterprise” and in the blink o f an eye, millions of results will appear. Many of these results are articles, white papers and analyst reports commenting on iPhone shortcomings that make it an unsuitable device to be set loose in any responsible organization.

This vast congregation of repor ters, analysts, IT managers and other industry commentators correctly point out that the iPhone was designed as a con-sumer/pro-sumer device and only after the fact was promoted as “The best phone for business. Ever.”

You really can’t argue with the asser tions made by this rather vast community of pundits that the iPhone, straight out of the box, is not quite ready yet for prime time in the enterprise .
Most of the comments focus on security and manageability issues, which are de-rigueur for any technology y to be deployed across the enterprise – particularly mobile devices that operate beyond the hardened, well defended walls of the data center.

The 451 Group, for example, in its November 2008 report, iPhone in the Enterprise, states, “Security comprises confidentiality, integrity and availability – that is, that messages are reasonably difficult to decrypt without a key; that one can rely on the source of a message and be sure it reached its intended recipient; and that the asset or network will remain available . Any thing that misses any o f those criteria is insecure by definition.”

Gartner, which initially found the iPhone unfit for enterprise use, has recently revised its opinion, now deeming it “acceptable,” with a clear caveat regarding security. Of course, back here in the real world, it doesn’t really matter what any of these folks say when it comes to the iPhone making its way into the enterprise .

End-users, including many executives, love the iPhone, and ultimately – like it or not – that ’s what matters. IT managers are just going to have to love, or at least accept it, because the iPhone as an enterprise device is already a done deal. Fighting this juggernaut is pointless.

Just  as resistance to PCs in the enterprise proved futile, IT must  realize that  end-user demand for convenience, func tionality and unaided access to enterprise applications and data will nearly always prevail over IT ’s preference for hard and fast  control.   

This is particularly true because of the emergence of the mobile enterprise as the most dynamic portion of many businesses. There are estimates that mobile employees now comprise upwards o f 35 percent of corporate employees and projections that that number will soar to more than 70 percent over the next couple of years.

Increasingly, the business- critical activities o f many organizations take place at the edges o f enterprises. Likewise, much of today’s enterprise innovation is being driven by the ac tions and expectations o f end-users operating in the field at the points o f ac tion and opportunity.

As noted earlier, we’ ve seen this bottom up or outside in model o f IT enterprise change and innovation in the past with the unauthorized and unwelcome introduc tion o f PCs, laptops, cell phones and PDAs into the IT ecosystem. These earlier events were driven by end-users seeking greater convenience and access to previously closely guarded centralized systems.

With the rapid adoption o f smartphones in enterprises – authorized or not – we saw it again. It is difficult to find an executive or mobile worker who does not have some type o f smartphone close at hand – indeed in hand – at all times. Now that a number o f smartphones o ffer power, functionality, storage capacity, wireless voice and data capability, larger screens and other features that often make them reasonable alternatives to notebook computers for many business purposes, their future is one of ubiquity.

The introduction of the iPhone by Apple in 2007, which was seen by almost ever yone as a redefinition o f the smartphone, essentially guaranteed it would soon find its way into enterprises in spite of weaknesses that posed legitimate concerns for senior management and IT departments. It delivered a completely new and empowering mobile experience for users.

The opening of Apple’s App Store and the release of its SDK, allowing enterprise vendors to develop and sell enterprise-focused applications, pushed the probability factor that the iPhone would storm the enterprise to the level of inevitability. One other factor at work here is the once big-buzz issue of convergence .

End-users have long desired a single, small form factor computing device that would free them from lugging multiple devices around like soldiers weighed down by backpacks, tools and weaponry, communications devices, and other essential equipment and supplies jammed into every pocket and hooked onto every clothing loop.

Given these realities, the discussion needs to shift to one o f how to incorporate the iPhone into the enterprise in a way that ensures the continued security o f sensitive information. IT needs to be able to provision and manage the devices despite a ver y different method o f application deployment and the use o f the iPhone for both personal and business functions.

Let ’s begin with the obvious. Employees on the move have a number o f IT requirements that are essential to their optimal productivity and effectiveness. These include wireless access to:

• Email
• The Internet
• Corporate intranets
• Enterprise applications (ER P, C RM, SFA, etc .)
• Customer contact information and history
• Personal and corporate calendars
• They also require the ability to store business- critical data on their smart phones and to receive behind-the scenes data and software updates as they become available .

One more complicating factor is that many mobile workers purchase their own mobile devices. Take the case o f independent insurance agents, for example . They typically own their own devices and are not too keen about IT departments wanting to install software to monitor and manage their use o f their devices. This scenario is particularly likely to be true o f iPhone users.

Still, IT departments are responsible for the security o f the enterprise and the integrity o f the data collected and maintained in the course o f doing business. They must protect against security breaches that might occur if phones are “misused,” lost or stolen, when sensitive data is in transit and in an environment in which mobile malware delivered via email is a growing threat?

Getting to the crux o f the issue, one might  ask the simple question: “Okay, I hear what  you’re saying . Now tell me how to do it .”

Addressing these challenges strategically, organizations need to implement  a secure infrastruc ture that  delivers iPhone suppor t  without  requiring changes to their existing enterprise messaging infrastructures.

They need to find a way to cordon off the consumer aspects o f the iPhone from the enterprise aspec ts. Put  another way, they need to create an enterprise only zone on the iPhone . Having done that  (no problem, right?), IT can then address the specific security and management  func tionality required to bring the iPhone into compliance with the organization’s rigorous policies.

By addressing the unique challenges posed by the iPhone from a strategic, architectural perspec tive, IT depar tments can ensure that on the enterprise-only por tion of the iPhone, industr y-standard encr yption algorithms protect all data that  is communicated between their data center ser vers and iPhone clients. They can also make sure that  all of the enterprise data at  rest  on the device is fully encrypted. They can implement  and enforce password access and react  to potential threats through device lock-down and/or data wipe . All while leaving the non- enterprise area o f the iPhone unaffected.

Additional, essential func tionality that  can be delivered through the use of such an enterprise isolation approach includes:

• Over-the-air client  provisioning and deployment
• Automated, unattended so ftware upgrades
• Support  for standard service monitoring tools
• Secure communications with no impact on device processor or battery per formance
• Single security solution for all mobile device communications

Beyond suppor ting secure email, organizations can also enable iPhone users to take action from within their email clients to initiate or complete business processes, such as submission and approval of expense reports, human resources requisitions and purchase orders, or to receive notifications and view CRM activities.