Should your IT department support the iPhone?

As the iPhone gains enterprise cred, sysadmins may have no choice

1 2 3 4 Page 2
Page 2 of 4

The first question you should consider: Does the iPhone measure up to your standards for device and data security? The answer really depends on your environment and industry. If you work in health care, the answer is probably no, because of HIPAA concerns. If you work with various state or federal government agencies, you may also find that the iPhone doesn't meet compliance standards. If those type of regulatory issues aren't a problem, you still need to consider the kind of data employees might store on an iPhone and how that might involve any existing security policies.

Even if you initially find the iPhone's security lacking, there are some solutions to consider. Depending on the type of work and data involved, you can use a thin client or Web-based approach to allowing users access to data. With this approach, very little, if any, company or client data gets stored on the iPhone. Thin-client applications, including Citrix's Receiver apps, generally encrypt all data accessed by any thin client, including the iPhone. If you use a Web-based approach, you can secure the connection with SSL, a VPN or the new Mobile Access Server feature that Apple includes with Snow Leopard Server.

Other options are available, as many enterprise software providers have already developed iPhone apps that securely integrate with their offerings. This group includes Cisco, Oracle,, IBM, Market Circle, and a range solutions for accessing the collaboration tools offered for products by 37 Signals, including the popular BaseCamp.

The trickier question is this: Can you effectively ban the iPhone? Despite any reasons you come up with to justify banning the iPhone, what are you going to do when a high-level manager simply demands one? The iPhone is a stylish device that offers both fun and function, and if the CEO or a senior VP wants an iPhone, you may not be in a position to convince her that she shouldn't have it. Once a handful of top-level managers have iPhone, you'll get a growing chorus of lower-level managers and staff asking why they can't have one, too.

A second likely scenario: An employee is denied an iPhone (or possibly any company-provided smartphone) and decides to get his own personal iPhone for use at work. This surreptitious infiltration is actually a bigger concern than a handful of managers; at least with them you still get to control the configuration and deployment process. If you don't know that workers are using iPhones in your company, you can't secure them at all. You can't even be certain what data might be stored on them.

And since the iPhone is fairly easy for even novice users to set up -- they can sign onto wireless networks, access intranets, and even gain access to an e-mail server -- it's no stretch to imagine that a lone, unauthorized iPhone could seriously compromise confidential data, as well as access to your network and the services running in it.

In other words, simply banning the iPhone doesn't really work. As long as employees have their own personal phones, it can be difficult to mitigate potential compromises. Of course you can draft a policy restricting the use of personal phones in the office, but enforcing that policy is going to be tough. At best, you'll be able to restrict access to internal resources by not allowing the iPhone to connect to your wireless network and prevent users from syncing their phones to a company-owned computer. (Simply disallowing iTunes is one effective way to prevent syncing.)

1 2 3 4 Page 2
Page 2 of 4
Shop Tech Products at Amazon