How do you keep people from installing new ROM's on a winmo based phone, they are jailbroken before the OS updates come out (WinMo 7 beta ROMS should show up soon, just like 6.5, 6.1, 6.0 etc.)
Isn't that the same argument?
Does enterprise use WinMo, isn't it too "open" compared to Apple's "closed" system?
Quote:
Originally Posted by MobileAdmin
[You talk a good game but the likelyhood of Apple gets FIPS is a joke. They can't keep the iPhone from being jailbroke 1 week after each OS update. Trust me it's a huge issue and provides a means to disable ActiveSync policy.
You talk a good game but the likelyhood of Apple gets FIPS is a joke.
Actually, it's not.
Quote:
They can't keep the iPhone from being jailbroke 1 week after each OS update. Trust me it's a huge issue and provides a means to disable ActiveSync policy.
Jailbraking and FIPS certification are not related.
If you have physical access to a device, you can hack it - even a blackberry. They key is detecting and not communicating with hacked devices. Look for more cryptography built on what was started with the 3Gs.
It's not rocket science to see where they are going
One other thing about security - we have blackberries that are like pre-3Gs iPhones - they take hours to do a secure wipe. That never gets brought up yet every iPhone but the 3Gs is unacceptable for the enterprise? Talk about bias and unevenly applied standards.
Quote:
Your other phantom solution is how Apple will improve security / management. How their own platform? You better bet it will have the same server and CAL costs as RIM's solution. Apple is tied to Microsoft's hip - they need Exchange ActiveSync or it won't function.
ActiveSync is the enterprise solution for Apple - why do they need to develop their own? Even IBM has licensed it and is giving it away with Domino 8.51. Exchange and Domino cover over 80% of enterprise seats. Game over.
Quote:
The issue is EAS alone doesn't provide half the policy BES does.
Not right now. By June that will change.
Quote:
Even with Exchange 2010 it's not close.
I doubt the upcoming changes in ActiveSync will require Exchange 2010 - I haven't seen anything indicating that Exchange 2007 won't also get them.
Quote:
Last I looked there is no less then 10 EAS based management solutions that support iPhone - none of them match Blackberry's solution and their cost is 2x the cost of our current BES CAL. So what will we gain? iPhones with entertainment and users downloading crap?
Yes, there are third party solutions - heck, there are third party add-ons for blackberry's (I never did get that). The existence of tools doesn't automatically translate into deficiencies - just good marketing on the part of the tool makers convincing people they are required.
Quote:
The other issue is Apple controls all Application deployment.
No they don't. Not for the enterprise. You can self-publish. Granted, right now it's kludgy and requires iTunes, but I guarantee they will offer application provisioning over the air. Apple is keenly aware of the requirements for the enterprise. It took RIM over 10 years to get there, Apple is just now coming on year four...
Quote:
We want to control that which we can do through BES. No need for Apple, approval etc. We also control how / when we deploy said applications.
You might want to read the iPhone enterprise deployment guide. You are uninformed.
Quote:
In the post Madoff world there is a growing need to supervise SMS (or disable it) Apple doesn't provide that - hopefully the next OS / model will.
I expect management to be a VERY prominent part of of the next iPhone OS, along with a new version of ActiveSync from MS.
Quote:
Which brings my last point - Apple just wants you to upgrade which is fine for consumers but we're not about to upgrade our mobile deployment yearly. Presently we get 3 years per device. They also have little to no enterprise support in place. They actually suggested to go to the nearest Apple store. Cute.
What? There is no reason you couldn't get three years out of an iPhone - but I find it very hard to believe you can get three years out of a device with normal users. Two years seems to be our average. If you have an enterprise agreement with Apple you can get next day and four hour response. Do you know who your enterprise rep is?
Quote:
We don't support iPhone, don't allow personal liable devices and it's likely not going to change anytime soon.
You may not have much to say about it. The days of IT autocratically dictating to the user base are fast dying. If you aren't flexible enough, you may just get outsourced.
Like it or not, the iPhone is coming to the enterprise. You can keep up or put your head in the sand and get passed by. Your choice. Makes no difference to me
I'm sure like most other 20,000+ seat corporate technology departments our concerns are not some steadfast refusal to support iPhone. Apple has some major shortcomings regardless if/when THEY decide to provide them. Apple's focus is consumers so why bother with the enterprise market that has controls and demands they would have trouble providing?
We're also not talking about supporting 100 iPhones. It would be a nightmare with the current iPhone management (basically none) and application deployement options supporting 1,000+ devices.
Your logic is flawed. The current "controls" are limited to either iTunes blocking a jailbreaked iPhone when connecting (again no enterprise is going to deploy iTunes enmass) or Microsoft puts in a ActiveSync policy to "query" the device on connection. Considering ActiveSync has limited policies I don't see that happening. You confuse what EAS is capable of. Microsoft would need to support iPhone with Mobile Device Manager (part of the System Center suite) to get greater management of iPhone. Would Apple even release the API's - again it's a long road with small steps. Companies need these controls now so in lieu of not having proper control - do not support the device. It's no different with Android, Palm Pre etc. There is a reason RIM has the position they have. They provide total control of the device.
Again - supporting thousands of devices in all parts of the country not to mention international. The current Apple means for application deployment is AppStore. Not the greatest as you have all their rules to adhere to. With Blackberry you package and push as you wish. You can even schedule when it is delivered. Trust me I've read each version of the Apple enterprise deployment guide as well the "configuration utility". It's just not an enterprise approach to device management. A hodge-podge solution which still requires you have physical access to the device and a huge manual effort. Not so bad for less then 100 iPhones but expand that out over 500, 1000, 5000 devices not to mention remote users, it's just way to much to take on.
Can people stop talking about 5+ year old Blackberries? Any of the current Blackberries can encrypt and un-encrypt fairly quickly. Apple's encryption on 3GS has questionable security and the KEY stored fully on the device so unsure how that is even secure to begin with. So as mentioned - Apple needs FIPS certification like last year. Should we wait with fingers crossed ever year hoping Apple announces (and delivers) these features? So when they do not (as they haven't thus far) we move on.
Enterprise IT is not the issue. We have a plethora of regulatory and security standards to adhere to both internally as well externally. Apple is not doing enough for us to support their platform. Should we be careless and just do whatever users want now? Now if you work somewhere that hasn't a care for security more power to you.
At the end of the day we do what we the management instructs us. Many of these decisions have nothing to do with technology and are simply cost focused.
Comments
Isn't that the same argument?
Does enterprise use WinMo, isn't it too "open" compared to Apple's "closed" system?
[You talk a good game but the likelyhood of Apple gets FIPS is a joke. They can't keep the iPhone from being jailbroke 1 week after each OS update. Trust me it's a huge issue and provides a means to disable ActiveSync policy.
You talk a good game but the likelyhood of Apple gets FIPS is a joke.
Actually, it's not.
They can't keep the iPhone from being jailbroke 1 week after each OS update. Trust me it's a huge issue and provides a means to disable ActiveSync policy.
Jailbraking and FIPS certification are not related.
If you have physical access to a device, you can hack it - even a blackberry. They key is detecting and not communicating with hacked devices. Look for more cryptography built on what was started with the 3Gs.
It's not rocket science to see where they are going
One other thing about security - we have blackberries that are like pre-3Gs iPhones - they take hours to do a secure wipe. That never gets brought up yet every iPhone but the 3Gs is unacceptable for the enterprise? Talk about bias and unevenly applied standards.
Your other phantom solution is how Apple will improve security / management. How their own platform? You better bet it will have the same server and CAL costs as RIM's solution. Apple is tied to Microsoft's hip - they need Exchange ActiveSync or it won't function.
ActiveSync is the enterprise solution for Apple - why do they need to develop their own? Even IBM has licensed it and is giving it away with Domino 8.51. Exchange and Domino cover over 80% of enterprise seats. Game over.
The issue is EAS alone doesn't provide half the policy BES does.
Not right now. By June that will change.
Even with Exchange 2010 it's not close.
I doubt the upcoming changes in ActiveSync will require Exchange 2010 - I haven't seen anything indicating that Exchange 2007 won't also get them.
Last I looked there is no less then 10 EAS based management solutions that support iPhone - none of them match Blackberry's solution and their cost is 2x the cost of our current BES CAL. So what will we gain? iPhones with entertainment and users downloading crap?
Yes, there are third party solutions - heck, there are third party add-ons for blackberry's (I never did get that). The existence of tools doesn't automatically translate into deficiencies - just good marketing on the part of the tool makers convincing people they are required.
The other issue is Apple controls all Application deployment.
No they don't. Not for the enterprise. You can self-publish. Granted, right now it's kludgy and requires iTunes, but I guarantee they will offer application provisioning over the air. Apple is keenly aware of the requirements for the enterprise. It took RIM over 10 years to get there, Apple is just now coming on year four...
We want to control that which we can do through BES. No need for Apple, approval etc. We also control how / when we deploy said applications.
You might want to read the iPhone enterprise deployment guide. You are uninformed.
In the post Madoff world there is a growing need to supervise SMS (or disable it) Apple doesn't provide that - hopefully the next OS / model will.
I expect management to be a VERY prominent part of of the next iPhone OS, along with a new version of ActiveSync from MS.
Which brings my last point - Apple just wants you to upgrade which is fine for consumers but we're not about to upgrade our mobile deployment yearly. Presently we get 3 years per device. They also have little to no enterprise support in place. They actually suggested to go to the nearest Apple store. Cute.
What? There is no reason you couldn't get three years out of an iPhone - but I find it very hard to believe you can get three years out of a device with normal users. Two years seems to be our average. If you have an enterprise agreement with Apple you can get next day and four hour response. Do you know who your enterprise rep is?
We don't support iPhone, don't allow personal liable devices and it's likely not going to change anytime soon.
You may not have much to say about it. The days of IT autocratically dictating to the user base are fast dying. If you aren't flexible enough, you may just get outsourced.
Like it or not, the iPhone is coming to the enterprise. You can keep up or put your head in the sand and get passed by. Your choice. Makes no difference to me
We're also not talking about supporting 100 iPhones. It would be a nightmare with the current iPhone management (basically none) and application deployement options supporting 1,000+ devices.
Your logic is flawed. The current "controls" are limited to either iTunes blocking a jailbreaked iPhone when connecting (again no enterprise is going to deploy iTunes enmass) or Microsoft puts in a ActiveSync policy to "query" the device on connection. Considering ActiveSync has limited policies I don't see that happening. You confuse what EAS is capable of. Microsoft would need to support iPhone with Mobile Device Manager (part of the System Center suite) to get greater management of iPhone. Would Apple even release the API's - again it's a long road with small steps. Companies need these controls now so in lieu of not having proper control - do not support the device. It's no different with Android, Palm Pre etc. There is a reason RIM has the position they have. They provide total control of the device.
Again - supporting thousands of devices in all parts of the country not to mention international. The current Apple means for application deployment is AppStore. Not the greatest as you have all their rules to adhere to. With Blackberry you package and push as you wish. You can even schedule when it is delivered. Trust me I've read each version of the Apple enterprise deployment guide as well the "configuration utility". It's just not an enterprise approach to device management. A hodge-podge solution which still requires you have physical access to the device and a huge manual effort. Not so bad for less then 100 iPhones but expand that out over 500, 1000, 5000 devices not to mention remote users, it's just way to much to take on.
Can people stop talking about 5+ year old Blackberries? Any of the current Blackberries can encrypt and un-encrypt fairly quickly. Apple's encryption on 3GS has questionable security and the KEY stored fully on the device so unsure how that is even secure to begin with. So as mentioned - Apple needs FIPS certification like last year. Should we wait with fingers crossed ever year hoping Apple announces (and delivers) these features? So when they do not (as they haven't thus far) we move on.
Enterprise IT is not the issue. We have a plethora of regulatory and security standards to adhere to both internally as well externally. Apple is not doing enough for us to support their platform. Should we be careless and just do whatever users want now? Now if you work somewhere that hasn't a care for security more power to you.
At the end of the day we do what we the management instructs us. Many of these decisions have nothing to do with technology and are simply cost focused.