Opinion: iPhone security chatter is only a distraction

Plenty of opinions floating around, but security pros need to get grounded

Enough about the iPhone. For a product that's barely launched, the sheer volume of commentary on the interface, the shape, the merits of touch-screen dialing, its voice and data-network compatibility, and virtually every other aspect shows that Steve Jobs really is operating in the proud tradition of P.T. Barnum: It doesn't matter what you say about the iPhone, as long as you spell the name right. Good on 'im.

What's bothersome is the nonsense put out by analysts declaring -- sans experiential data -- that the iPhone is unsuitable for business use, essentially because it does not look like what came before it. That kind of talk is good for getting your name in the newspapers, but there are two problems. The first is that IT analysis and pundits seem to have forgotten that suitability is closely related to the notion of technical standards, and that standards are not products. The second is that some technical aspects of any device are unknown without practical use; they can't be judged by the specifications alone.

Out on a limb

Since AT&T Inc. confirmed that it will market the iPhone to business users, analysts have been speculating about how potential buyers will probably use an almost-untried device once theoretical IT crews integrate them into tomorrow's infrastructure. That's a critically high percentage of speculation. Some things just can't be determined before a system is in production or a device is in hand. It's one thing to express concern that a popular new device may require some adjustments. It's really another to scream about the sky falling.

And everyone's piling on. Gartner Inc.'s Ken Dulaney makes three claims in that company's report: "You'll have e-mail in a place that's unsecured. There are no firewalls on the device. There's no ability to wipe [information from] the device if it's lost."

Let's take those claims apart, just for practice. The first statement is probably false if one uses secured Internet Message Access Protocol (IMAP), which they should be doing anyway (more below). The second is almost a nonsequitur for Unix users familiar with turning off unnecessary services. And the last is an unresolved issue of management software in the enterprise, not a basis upon which to criticize a soon-to-be-managed endpoint device.

At least that sort of speculation is reality-based and fairly specific. The broader the statements I saw at and immediately before launch, the more unreal they were. For instance, Tony Rizzo, director of mobile technology at The 451 Group, is quoted as making the nonsensical statement that "it doesn't have any features that would make it successful as a business tool." Barring Rizzo's prescient knowledge of application development -- and contrary to many things already known about business documents and communication -- that comment is out of line in regard to any general-purpose configurable or modifiable computing device, and brings into question the logic and foundation of his firm's other analyses.

It's particularly irritating to see unfounded criticism of any new device or service because of perceived incompatibility with Microsoft Exchange or Lotus Notes. Exchange is the most popular corporate e-mail system, while Notes still has a lock on the very largest companies. Both dominate the scene with fat-client implementations for e-mail and calendaring data. However, the protocols they use are outmoded one-off, vendor-specific legacy technologies, in no way suitable as a metric for whether a new device or service is suitable for the future of an organization.

I've grown used to enterprises saddling themselves with proprietary protocols just because everyone else is using them, locking themselves into client applications as a result. Imagine my pleasant surprise earlier this year when I joined a project with some of the very best security professionals from lives past. Without a second thought, they had set up a mail access using IMAP over Secure Sockets Layer. They didn't have to specify client platforms, software or modes of use -- as long as we chose standards-based tools, our business communications just worked.

1 2 3 Page 1
Page 1 of 3
Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon