Making the iPhone a killer business device
After the release of the iPhone 3G (and the iPhone 2.0 update for first-generation iPhones), I reviewed the challenges facing corporate IT departments integrating the iPhone as a business device. In that three-part series, I looked at how to handle mass iPhone configuration and deployments, how to configure the iPhone to function in an Exchange environment, and the issues and rewards involved in developing custom in-house iPhone apps.
One thing became clear: The iPhone is unique. While it offers numerous features, its origins as a consumer device still leave in place a number of challenges when adopting it in the enterprise.
To its credit, Apple has dealt with a number of these issues, allowing the iPhone to be preconfigured for users, supporting secure networking and offering Exchange support—including Exchange security policy support and the ability to remotely wipe a lost or stolen phone. But there’s more Apple can do to meet corporate needs, from the perspective of both IT staffers and business users.
Here are 10 things that Apple could—and should—offer to make the iPhone a killer business device.
1. Provide expanded configuration and restriction options for administrators
Apple’s iPhone Configuration Utility gives administrators a way to automatically configure a handful of features on the iPhone. Areas like e-mail/Exchange server and account information, passcode and auto-lock policies, wireless networking and VPN configuration, and installation of security certificates can be configured for users with configuration profiles that can be manually loaded onto each iPhone, distributed by e-mail or hosted on a Web site.
While the options for configuration profiles cover several core areas, they’re still limited. A quick look at the iPhone’s Settings application shows other areas a business might want to configure: the use of direct push or periodic fetch for new e-mail and other data, the ability to enable Bluetooth and location services; access restrictions on, for example, explicit content in the iPod application or built-in apps such as Safari, YouTube, the iTunes Wi-Fi store, the built-in camera and the App Store; and security settings for Safari.
Moving beyond the Settings application itself, administrators would benefit from being able to preconfigure additional applications, though this might be more difficult with third-party applications. Perhaps most importantly, administrators should be able to restrict access to any installed application, particularly since there’s no way to remove any of Apple’s built-in apps. What better way to really secure the device and ensure it is used appropriately and in accordance with company policies or local laws?
2. Provide a way to enforce the use of configuration profiles
Even if you set aside the need for expanded configuration options, there’s a much bigger concern for IT staffers who are required to manage iPhones. Configuration profiles are designed to ease iPhone configuration, not to serve as security policies that can be implemented with other platforms. End users must actively accept a configuration profile before it can be applied to an iPhone, and they can remove a profile simply by using the iPhone’s Settings application.
This approach makes any real security or enforcement of acceptable use policies well-nigh impossible. Administrators can’t be sure that any configurations they deploy to an iPhone will be in use at any time. The inability to enforce passcode policies on an iPhone without an Exchange environment raises security concerns.
It can also lead to support headaches if users routinely remove profiles that deliver needed configuration details, such as for Wi-Fi or VPN access. For the iPhone to be secure and properly managed in enterprise environments, it must offer an option for security and configuration policies that can be reliably enforced.
3. Develop over-the-air deployment for profiles
Given the limitations of working with profiles for the iPhone, Apple needs to develop a way to deploy configuration profiles (as well as provisioning profiles to enable the installation and use of in-house applications) and make sure they’re enforced.
The current approach does not push profiles out to devices; it requires administrators to manually apply a profile using the iPhone Configuration Utility, e-mail it to users or host it on a Web site and ask users to load it via Safari. That alone makes initial deployment a challenge, and it makes managing profile updates even harder.
Without a staff member manually applying profiles, there’s no way to ensure that an updated profile is actually installed after it’s released. This can pose headaches when pushing out security policies and ensuring that changes to other configurations—in particular, Wi-Fi and VPN—are updated.
Since the iPhone supports syncing of security policies from an Exchange server, it’s clearly capable of these functions. Even if the capability isn’t fully extended to all environments, providing a workable solution for Exchange environments would be a step in the right direction.
4. Develop direct push options for platforms other than Exchange
Apple’s decision to rely on Exchange as the sole method for direct push and other enterprise features for the iPhone was a logical choice. Exchange is widely deployed, and it already offers support for direct push, groupware functionality and security policies that Apple would need to offer to make the iPhone an enterprise-caliber smart phone.
Using Exchange also meant that Apple didn’t have to create a server solution of its own for the iPhone, as Research In Motion (RIM) provides with the BlackBerry Enterprise Messaging Server. On the flip side, even organizations without Exchange get access to push mail and related groupware features under RIM’s model. Ironically, by relying on Exchange, Apple excludes its own Leopard Server and its suite of calendar and collaborative tools.
Providing a broader solution could give smaller organizations—or those that already have legacy solutions such as Novell’s GroupWise—options that are now available only via Exchange. And it could help position the iPhone to better compete with RIM.
Ideally, Apple will provide a solution for the variety of other groupware and collaborative tools on the market in the upcoming Snow Leopard Server , which is expected to boast enhanced collaborative tools, its own level of Exchange integration, and at least some iPhone-specific collaborative features. But options already exist for integrating the iPhone’s direct push features without Exchange; for instance, NotifyLink integrates with a range of mobile devices—including the iPhone—and mail server and groupware platforms.
5. Offer a unified in-box
Another area where RIM’s BlackBerry stands out against the iPhone is with its unified in-box. The iPhone maintains separate sets of mail folders for every configured e-mail account. While this can keep mail better organized, it’s a pain for users accessing mail from two or more accounts.
When new mail arrives, users have to navigate from a single account’s in-box back to the accounts list, and then root around among the other accounts to find new messages. This can be time-consuming and frustrating. The problem could be solved by simply providing a single in-box or even a single set of mail folders.