After the release of the iPhone 3G (and the iPhone 2.0 update for first-generation iPhones), I reviewed the challenges facing corporate IT departments integrating the iPhone as a business device. In that three-part series, I looked at how to handle mass iPhone configuration and deployments, how to configure the iPhone to function in an Exchange environment, and the issues and rewards involved in developing custom in-house iPhone apps.
One thing became clear: The iPhone is unique. While it offers numerous features, its origins as a consumer device still leave in place a number of challenges when adopting it in the enterprise.
To its credit, Apple has dealt with a number of these issues, allowing the iPhone to be preconfigured for users, supporting secure networking and offering Exchange support—including Exchange security policy support and the ability to remotely wipe a lost or stolen phone. But there’s more Apple can do to meet corporate needs, from the perspective of both IT staffers and business users.
Here are 10 things that Apple could—and should—offer to make the iPhone a killer business device.
1. Provide expanded configuration and restriction options for administrators
Apple’s iPhone Configuration Utility gives administrators a way to automatically configure a handful of features on the iPhone. Areas like e-mail/Exchange server and account information, passcode and auto-lock policies, wireless networking and VPN configuration, and installation of security certificates can be configured for users with configuration profiles that can be manually loaded onto each iPhone, distributed by e-mail or hosted on a Web site.
While the options for configuration profiles cover several core areas, they’re still limited. A quick look at the iPhone’s Settings application shows other areas a business might want to configure: the use of direct push or periodic fetch for new e-mail and other data, the ability to enable Bluetooth and location services; access restrictions on, for example, explicit content in the iPod application or built-in apps such as Safari, YouTube, the iTunes Wi-Fi store, the built-in camera and the App Store; and security settings for Safari.
Moving beyond the Settings application itself, administrators would benefit from being able to preconfigure additional applications, though this might be more difficult with third-party applications. Perhaps most importantly, administrators should be able to restrict access to any installed application, particularly since there’s no way to remove any of Apple’s built-in apps. What better way to really secure the device and ensure it is used appropriately and in accordance with company policies or local laws?
2. Provide a way to enforce the use of configuration profiles
Even if you set aside the need for expanded configuration options, there’s a much bigger concern for IT staffers who are required to manage iPhones. Configuration profiles are designed to ease iPhone configuration, not to serve as security policies that can be implemented with other platforms. End users must actively accept a configuration profile before it can be applied to an iPhone, and they can remove a profile simply by using the iPhone’s Settings application.
This approach makes any real security or enforcement of acceptable use policies well-nigh impossible. Administrators can’t be sure that any configurations they deploy to an iPhone will be in use at any time. The inability to enforce passcode policies on an iPhone without an Exchange environment raises security concerns.
It can also lead to support headaches if users routinely remove profiles that deliver needed configuration details, such as for Wi-Fi or VPN access. For the iPhone to be secure and properly managed in enterprise environments, it must offer an option for security and configuration policies that can be reliably enforced.
3. Develop over-the-air deployment for profiles
Given the limitations of working with profiles for the iPhone, Apple needs to develop a way to deploy configuration profiles (as well as provisioning profiles to enable the installation and use of in-house applications) and make sure they’re enforced.
The current approach does not push profiles out to devices; it requires administrators to manually apply a profile using the iPhone Configuration Utility, e-mail it to users or host it on a Web site and ask users to load it via Safari. That alone makes initial deployment a challenge, and it makes managing profile updates even harder.
Without a staff member manually applying profiles, there’s no way to ensure that an updated profile is actually installed after it’s released. This can pose headaches when pushing out security policies and ensuring that changes to other configurations—in particular, Wi-Fi and VPN—are updated.
Since the iPhone supports syncing of security policies from an Exchange server, it’s clearly capable of these functions. Even if the capability isn’t fully extended to all environments, providing a workable solution for Exchange environments would be a step in the right direction.
4. Develop direct push options for platforms other than Exchange
Apple’s decision to rely on Exchange as the sole method for direct push and other enterprise features for the iPhone was a logical choice. Exchange is widely deployed, and it already offers support for direct push, groupware functionality and security policies that Apple would need to offer to make the iPhone an enterprise-caliber smart phone.
Using Exchange also meant that Apple didn’t have to create a server solution of its own for the iPhone, as Research In Motion (RIM) provides with the BlackBerry Enterprise Messaging Server. On the flip side, even organizations without Exchange get access to push mail and related groupware features under RIM’s model. Ironically, by relying on Exchange, Apple excludes its own Leopard Server and its suite of calendar and collaborative tools.
Providing a broader solution could give smaller organizations—or those that already have legacy solutions such as Novell’s GroupWise—options that are now available only via Exchange. And it could help position the iPhone to better compete with RIM.
Ideally, Apple will provide a solution for the variety of other groupware and collaborative tools on the market in the upcoming Snow Leopard Server , which is expected to boast enhanced collaborative tools, its own level of Exchange integration, and at least some iPhone-specific collaborative features. But options already exist for integrating the iPhone’s direct push features without Exchange; for instance, NotifyLink integrates with a range of mobile devices—including the iPhone—and mail server and groupware platforms.
5. Offer a unified in-box
Another area where RIM’s BlackBerry stands out against the iPhone is with its unified in-box. The iPhone maintains separate sets of mail folders for every configured e-mail account. While this can keep mail better organized, it’s a pain for users accessing mail from two or more accounts.
When new mail arrives, users have to navigate from a single account’s in-box back to the accounts list, and then root around among the other accounts to find new messages. This can be time-consuming and frustrating. The problem could be solved by simply providing a single in-box or even a single set of mail folders.
Perhaps the biggest business feature needed on the iPhone is the ability to create and edit Office documents.
Since its early releases, the iPhone has allowed users to download e-mail attachments that contain common file formats like Word and Excel and view the contents. The list of supported file types has grown dramatically and now includes all major Office formats as well as Apple’s own iWork formats.
The problem is that the iPhone provides no way to edit these files. This is one of the biggest advantages other smart phones offer over the iPhone. BlackBerry, Windows Mobile and Palm devices all allow basic document editing, either as a built-in feature or through third-party applications.
While not all editing features are needed, being able to make basic changes to a document on the iPhone is a sorely needed improvement. If Apple itself can’t devise a solution, it should encourage third-party app makers to develop one.
7. Allow file storage/management on the iPhone itself
Perhaps one reason document editing isn’t available on the iPhone is that it would require the device to support some kind of file storage and management. Apple hasn’t offered up any such capabilities and, in fact, seems to have worked to prevent any way to directly store or manipulate files on the iPhone.
There is, of course, room to add applications to extend the iPhone’s capabilities, with the amount of space depending on which model you pick—the 8GB version or the 16GB iteration. But all that room does nothing for file storage if there’s no file storage architecture on the phone.
This is a problem for business users. There is no way to use the iPhone as a hard drive to store or move files from one computer to another—something iPods have been able to do since they were introduced. More importantly, it means developers cannot allow different applications to access each other’s documents. While it’s understandable from a security perspective why Apple might adopt this approach, there’s no practical reason it couldn’t create a single locked-down directory on the iPhone for user documents.
A number of third-party applications, including Air Sharing , DataCase and FileMagnet , already allow users to transfer files to an iPhone using Wi-Fi networking, which proves it can be done without compromising the device. The problem is that many of these options result in what is essentially read-only access, limiting their practical use.
8. Add copy and paste functionality
One of the iPhone’s big limitations from the start has been the lack of support for copying and pasting data, either within an application or between applications.
Copy and paste has become such an ingrained part of computing that it’s shocking to imagine any platform without it. Since it’s been available on Windows Mobile and other platforms for years—and in the third-party Magic Pad iPhone application—the capability clearly exists.
Apple claims to have heard the cries about copy and paste but says it isn’t a priority. Sure, there are more important issues that should be addressed first, but if Apple ever offers document-editing capabilities on the iPhone, copy and paste needs to be implemented alongside them.
And even now the ability to copy and paste from e-mails, Web pages, calendar items and read-only documents would be a boon. If the iPhone is ever to become the business kingpin it has the potential to be, this feature is a must.
9. Implement enterprise licensing for the App Store
I doubt anyone could call the App Store anything but a rousing a success. With thousands of applications easy to access (if not always easy to find) and download, the App Store offers users a single place to get new apps and provides a revenue stream for Apple and developers. Numerous applications in the App Store have serious business potential.
But the entire plan for the App Store seems relentlessly consumer-centric. Access is tied to an Apple ID for billing and is required even for free applications. Like other iTunes purchases, only five computers can be authorized for a single Apple ID.
While this works for individuals, families and very small businesses, it doesn’t scale well for businesses looking to roll out more than a handful of iPhones. There are only two main options: centrally activate and sync all iPhones to a handful of computers using the same set of Apple IDs, or require users to purchase and download applications on their own with individual Apple IDs—though these could be set up to bill to a company account. Neither option is particularly attractive.
Apple needs to develop some sort of enterprise licensing scheme, one that allows an organization to make bulk purchases of iPhone applications, either in a volume- or site-licensing format. Ideally, this would also include a way to distribute the applications to all the iPhones owned by a company.
Apple does have some options. It allows ad hoc and enterprise distribution of applications created by developers through the use of provisioning profiles that let applications run—even if they weren’t purchased from the App Store. The problem isn’t technical here; it’s the payment and licensing issues across a spectrum of potential iPhone developers that could be the stumbling block.
Interestingly enough, licensing for FMTouch, an iPhone FileMaker Pro solution, is available for enterprises and can be done outside of the App Store. (FileMaker requires membership in the iPhone Developer program, however, to offer enterprise licensing.) This proves enterprise licensing can be done. However, since FileMaker is an Apple subsidiary, the logistical challenges for the company are much reduced.
Another approach already used by Salesforce.com and Oracle for their iPhone applications is to tie access to an iPhone application to an existing product license. These options may point to Apple’s eventual plan to partner with, or allow major developers access to, enterprise licensing models without providing full enterprise licensing to the entire App Store.
10. Develop a mass deployment solution other than iTunes
One of the big iPhone challenges in any business is its tie to iTunes. This is one of the areas where the phone’s consumer orientation is most obvious.
While other smart phones may rely on desktop applications for syncing of contact, calendar and task information, none rely on an application that is first and foremost a media player. For many businesses, providing an iPhone to employees isn’t the issue; granting access to, and indirectly encouraging the use of, iTunes is.
Apple does provide a way around this. iTunes is not required for iPhone use, only for activation and syncing. So it’s possible for activation and distribution of the iPhone to be centrally managed with no planned sync to a desktop computer.
If your organization has an Exchange environment, users can sync most business data over the air once the iPhone is configured with an Exchange account. However, for organizations without Exchange, users can’t sync most of their data without iTunes.
In an ideal remedy, Apple would develop an enterprise solution similar to the version of iTunes used by carriers to activate an iPhone in the store. That would provide all iTunes’ data sync options as well as the ability to back up iPhone data—without providing access to the iTunes Store or a media library. It could also provide a way to distribute in-house or enterprise-licensed apps.
Or, as I noted earlier, Apple could develop a server-based answer that provides sync options for environments without Exchange. This kind of platform could also be used to create a network version of the iPhone Configuration Utility, allowing administrators to keep track of their corporate iPhones and push out configuration profile updates. In effect, this would offer much the same capabilities available for managing iPhones from Exchange.
Regardless of what approach Apple takes, the challenges of mass iPhone deployment and management need to be addressed if the iPhone is truly going to be able to unseat other devices as the smart phone of choice for business.
Where does Apple go from here?
The iPhone has a lot of potential as a business device, but its ultimate success will depend on how well it responds to the real-world needs of corporate users and IT managers. To succeed, Apple will need to prove that the iPhone is more than a media player or a toy.
Getting developers to build business applications and providing certain core features in the iPhone interface are only half the battle. The other half will require Apple to shake off some of its consumer-oriented thinking and focus on the needs of enterprises when it comes to supporting and managing mobile devices.
[Ryan Faas is a frequent Computerworld contributor specializing in Mac and multiplatform network issues.]