Apple actually does a pretty good job in helping IT to secure iPhones in a business environment. IT just needs to take advantage of what's available to them.
Apple may not like to brag about it, but they have made the iPhone a superior smart phone from the point of view of IT. In fact, the iPhone is approaching the IT status that Windows achieved in the 90's: the acceptable, safe solution because of good management and security.
I spoke with Alex Horan, Sr. Product Manager at Core Security about what we thought, at the time, to be the iPhone 5. iPhone 5, iPhone 4S, it doesn't really make a difference for this analysis. Horan stressed the iPhone's potential... for mischief. The iPhone's weakness is not anything technical, it's popularity. Because it's the the most popular platform for smart phones, it's the most popular target for criminals. It's the same popularity problem that got Windows to be such a dirty ecosystem, although Microsoft did make it easy for attackers until about 2003 or so.
I know what you're thinking (or at least it's what I'd think): Isn't Android more popular already and certain to pass iOS in market share? Yes, and some analysts say the same about Windows Phone (eventually), but it's not the same thing. There are many Android phone vendors with dozens of hardware platforms and distributions of the operating system. The same is, or will be true of Windows Phone. The only iOS devices come from Apple and there are very few of them. I would hazard a guess that the iPhone 4 is the number 1 model of smart phone. Writing exploits is much simpler when you can target one specific phone like that.
But if you want to go to the trouble and expense of securing your employees' iPhones, with the exception of Blackberry there is no better smart phone from a security and manageability standpoint. Oh yeah, Blackberry. IT loves them and there are plenty of companies, especially in financial services, that still allow only Blackberries for company use. But they've been losing the hearts and minds of users for years now and I don't see any sign of that turning around.
Incidentally, at least of the major smart phone platforms, iOS and Blackberry are the only ones to support IT policy-enforced device encryption. That and strong password policies seriously mitigate the substantial risk of lost devices. Other platforms support remote wipe, but you can only invoke it when you know the device is missing. How long would it take a thief to recover data from your unencrypted device? Not too long, especially if there's a removable card in it.
Horan also pointed out the risks in iCloud, risks which are probably the same as in any of the emerging consumer cloud services (Microsoft Skydrive, Amazon's cloud, even separate services like Dropbox). You have to be careful about company data making its way on to such services, especially if you are subject to regulatory regimes like HIPAA, Sarbox or FISMA.
So a smart workplace's attitude towards smart phones is to let users have what they want, as long as it can be managed and secured. There has to be a management system which will limit the user's ability to do what they want with the device; there has to be full device encryption and there has to be strong password enforcement.
There's nothing significant in the iPhone 4S or iOS 5 to change IT's perspective on this. It's the same, only more so.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
. We've got a management crisis right now, and we've also got an engagement crisis. Could the two be linked? Tune in for the next installment of IT Life Radio, Wednesday May 20th at 3PM ET to find out.