The iPhone vs. IT's culture of 'no'

Computerworld - It's still not good enough. That's the reaction of IT analysts and security outfits to Apple's new iPhone 3G. Sure, the iPhone 2.0 software will support Microsoft Exchange and Cisco VPNs. But is it safe enough for enterprise use -- as safe as, say, PCs? Gartner says not quite. The security guys say be afraid. It's just not good enough yet.

And it never will be. Oops, that wasn't supposed to slip out.

But hasn't that historically been IT's official position? We're the Department of No. Whatever it is, we're against it.

Cell phones? Wi-Fi? BlackBerries? Web sites? LANs? Laptops? Spreadsheets? PCs? Departmental minis? Not one of those technologies was secure enough, reliable enough and enterprise-ready enough when business users first insisted on sneaking them in under the IT (or MIS or DP) department's radar.

Of course, users had to sneak that stuff in. They knew what the answer would be if they asked us: No. Not ready. Not good enough. Not yet.

And if it was up to us, not ever.

Somehow, though, in the end those users got their way. We made our peace with those unfamiliar, much-dreaded technologies. We figured out how to lock them down, cordon them off or keep them under control.

Thus, today we hear analysts and security vendors advising us to avoid the much-dreaded iPhone because it may not be as secure as the (once much-dreaded, now familiar) PC.

Ironic? Sure, but we all know the fear that drives that irony. Security and reliability are important, and we already have enough trouble on both those fronts. PCs are the devil we know. We're stuck with them. And we can still nurse the fantasy that we can keep iPhones out by just saying no.

But why? Why turn users into outlaws again? It never works. It just reinforces the idea that we're the Department of No.

Besides, aren't we a lot better off demonstrating that we're the Department of Know-how?

When users come to us with the new iPhone -- and now that its price has dropped from the stratosphere to $199, a lot of users will be coming to us -- we don't have to tell them they can't connect to our systems.

Instead, we can start out by asking them what they want to do.

They might ask for the moon. Or they might have more modest ambitions, nothing that would test our systems' security or reliability at all.

Once we know exactly what they want, we can evaluate what will be required and lay that out for the users.

Some of the requirements will be technical. That's our job, and we'd better be up to it. Another part may be budgetary -- someone always has to pay the bill.