Should your IT department support the iPhone?

As the iPhone gains enterprise cred, sysadmins may have no choice

1 2 3 4 Page 3
Page 3 of 4

Even this may not be effective if employees are allowed to access services from outside your network. Even if you can banish the iPhone from your network, you still can't stop users from entering notes, appointments, or contacts from within your organization onto their iPhones by hand.

Acceptance and control

If you know or suspect that iPhones are making a stealthy march into your operation, you have a couple of options. First, you can offer an alternative. By providing employees with an alternate smartphone such as a BlackBerry or a Windows Mobile device -- both have great centralized security options -- you can reduce the clamor for the iPhone and at the same time provide a more secure, business-proven solution.

In many cases, however, providing and supporting an alternative phone may not be a viable option. Doing so could be cost-prohibitive, especially if it means setting up a BlackBerry Enterprise Server, an Exchange server or an Exchange alternative. If you're asked to support only a couple of iPhones, it's probably easier to manually configure and restrict them by hand. This is particularly true if high-level managers are the primary users demanding the iPhone.

Here, user education is important. By explaining why devices need to be managed for security reasons and explaining the policies that you've implemented on the managed iPhones, you can at least offer them a rationale for minimizing the use of iPhones in your environment. This may not always be successful in limiting demand, but it's always a good starting point.

If you're forced to make the iPhone more broadly available, you can develop a configuration profile, or a series of profiles, that effectively limit access to iPhone features and applications and enforce needed security options. You can then make these profiles available to users. One advantage of the current iPhone OS is that once a policy is accepted on the device, you can restrict who can remove it.

This can be effective in dealing with both company-owned iPhones as well as personal devices. If you can get support for the idea that employees using a personal iPhone for work means some of its features need to be secured, you can distribute the requisite profiles. This gives you a way to configure and allow access to a wireless network or to other internal resources while at the same time layering on needed security measures.

A key point here is communication. You need to spell out why the iPhone needs to be locked down as much as possible. You may even want to create company-wide policies about what resources users are allowed to access or store on their iPhones. It helps to be willing to entertain the option of an iPhone, even as you also make clear your concerns and provide ways to address them. The bottom line is this: If you're forced to deal with iPhones in your environment, you want as much control and cooperation as possible.

Third-party solutions

While the iPhone Configuration Utility and the profiles that it can apply and enforce provide the best options for mitigating risks, they're not the only options. As I mentioned earlier, if you have an Exchange environment, you can also apply Exchange security policies. They, unlike configuration profiles, can be deployed over the air.

1 2 3 4 Page 3
Page 3 of 4
Shop Tech Products at Amazon