Gartner approves iPhone for limited enterprise use

Posted:
in iPhone edited January 2014
Market research firm Gartner said this week that Apple's iPhone Firmware 2.0 update meets its criteria for 'appliance-level support status' for big businesses, but warned enterprises to approach expanded use of the handset slowly and with close examination.



Gartner's changing tune on the iPhone



Prior to Apple's iPhone 2.0 announcement in March of this year, Gartner analyst Ken Dulaney had characterized the iPhone as having questionable security policies that rendered it unfit for enterprise use. ?We?re telling IT executives to not support [the iPhone]," Dulaney wrote in an initial Gartner report shortly before the launch of the original iPhone, "because Apple has no intentions of supporting [iPhone use in] the enterprise.?



In particular, Dulaney criticized the lack of any provision for "remote wipe," in the manner allowed by Microsoft Windows Mobile phones when linked with Exchange Server management tools. At the time however, Microsoft's own remote wipe feature was not able to clear Flash RAM cards installed in the majority of its phones. Because WinCE-based phones ship with very little usable RAM, removable SD Flash cards would contain the majority of most user's sensitive data, the very data corporations would want to wipe in the event of a lost phone or an employee termination. Software updates that provided adequate remote wipe weren't even available for many Windows Mobile phones until later in the fall.



Gartner hasn't noted this critical detail in its reports maintaining that the iPhone 1.x software was missing a feature that had been available for years on Windows Mobile. In addition, Apple's smartphone does not expose any Flash RAM card slot, making it more difficult to steal or lose data that has been downloaded to the phone without expert knowledge of how to forensically attach a USB serial connection to the iPhone and crack through its security to read data on the device. With a Windows Mobile phone, any remote wipe would have to occur before a thief ejected the SD memory card.



iPhone gets a RIM-style remote wipe



In March, following Apple's announcement of the iPhone 2.0 release addressing support for enterprise management tools, including remote wipe from Exchange, Gartner's Dulaney quickly issued "An Interim Update on the Apple iPhone," calling it "a technological advance rarely seen in the industry," and noting that Gartner planned to endorse the handset under appliance-level support following the release of the enterprise improvements in iPhone 2.0.



Just days before the 2.0.1 release, Gartner finalized its approval of what it calls appliance-level support. "To achieve this level," Dulaney wrote, "the iPhone would need to support wireless e-mail and PIM for at least one popular enterprise e-mail system and include a minimum of two security policies: the ability to wipe the device of all data if lost or stolen, and a complex user password consisting of a coalpha, numeric and special characters in a pattern that cannot be easily guessed."



Gartner's testing found that the iPhone's remote wipe and strong password policy does work as advertised in a manner similar to Windows Mobile phones. The report explained, "As for setting these parameters, Microsoft uses a confusing approach, assuming that the end device will decide on what type of password will be enforced when the policy is received by the device. There is no feedback to the console that the policy has been enforced. Windows Mobile interprets the alphanumeric parameter as an instruction to force the user to employ a complex password. The iPhone replicates this function in the same manner, despite Microsoft's awkward implementation."



Gartner on iTunes software management



Gartner's approval of the iPhone in the enterprise is not without caveats. The report notes that Apple's iTunes software is required to sync the iPhone, and that it provides IT administrators with registry-level controls to deny users from performing specific tasks, such as downloading iPhone firmware updates prior to their being approved by the company's IT staff.



Gartner recommends companies make use these features, but notes that Apple could "improve the overall deployment scheme for iTunes to make it more

amenable to enterprise needs, such as making the options to turn off certain features an installation option versus requiring direct registry changes."



The report further recommended "that Apple enhance this area long term to optionally eliminate iTunes (that is, as a desktop application) as a necessary component to access business applications and manage the device, as Microsoft and Research In Motion (RIM) have done."



The iPhone Configuration Utility



Gartner was also critical of the iPhone Configuration Utility, used to set up configuration profiles on new phones. "In tests conducted by Gartner contacts, we have discovered that the product works via an unencrypted, distributed XML file which could be changed by the end user," Dulaney wrote. "Apple indicates that the profiles can be signed, warning the user of their legitimacy, but the most trusted management tools don't empower the user to make these types of security decisions."



In reality, signed iPhone configuration profiles (which include Exchange and other mail account settings, password policy, VPN and WiFi settings, controls on what apps can be used, and bundle in local credential certificates) are only marked as illegitimate if the certificate is not known to be trusted by a well know signing authority. If the profile were actually changed by the end user, it would not be marked as illegitimate, but would rather be discarded as a tampered profile.



The iPhone will simply not accept signed profiles that have been tampered with, so Gartner's somewhat sarcastic suggestion that Apple's tool 'empowers users to make security decisions,' based on speculative reports performed outside the company, is simply not accurate.



Third party software limits



Garter also criticized Apple for not allowing third parties to install background processes for "firewalling, data leak prevention, and other desirable functions that need multiprocessing, open application programming interfaces (APIs) or operating system (OS) shims to work." This fear reflects the current security situation on the Windows desktop, which Microsoft historically let third parties address with add-on antivirus, firewall, malware scanners, and other tools.



Microsoft is now working to provide all these services itself, in part because of stability and even security issues related to delegating away core operating system security tasks to third parties. This has become a subject of controversy in Windows Vista, as the multibillion dollar antivirus and security industry that grew up around Windows does not want to simply go away just because Microsoft would prefer to now handle its own security going forward.



Despite this, the Gartner report stats that, "A closed environment, where Apple guarantees all software that gets on the iPhone is safe (that is, in lockdown), might work conceptually, but in the past, enterprise attempts to work in this manner have encountered problems." It did not however make any mention of reputable third party mobile security software or compare the problems users and administrators face when trying to parcel their security needs out amongst various parties.



Obscurity on iPhone security



The report also noted that "Apple has indicated that there is an encryption API in the firmware, but we have not yet seen this feature exposed in an application to assess its viability or effect on the iPhone processor and, by inference, battery life."



All applications on the iPhone manage their own files in their own sandboxed arena, so there is no provision for dumping unencrypted files into an open file system that can be accessed by any app, leaving encryption an issue for third parties to address in their own apps. The only way to put unencrypted files on the iPhone is to include them as email attachments. No other smartphones have exposed a mechanism for encrypting emails or their attachments individually, and instead rely on password security for the device itself.



The report also stated, without offering further details, that the iPhone "does not deliver sufficient security for custom applications" and that "the iPhone could lower the overall security footprint. One way to mitigate concerns would be to limit functionality to browser access."



Other iPhone problems and issues



Among the other issues Gartner suggests for IT managers to consider in evaluating the use of the iPhone in the enterprise is the unit's ease of use in accessing data, particularly from the web. This is particularly a problem when roaming internationally, the report indicated. It recommends a "flat-rate International plan" for travelers, but does not note that data roaming services can be turned off as desired.



Gartner also indicates battery life may be an issue, as the new 2.0 software makes it difficult to use the iPhone throughout an entire day. Gartner suggest the problems may lie with Apple's implementation of ActiveSync or WiFi, and that Microsoft's own implementations of push messaging had similar problems, as "protocols such as SSL versus the more optimized UDP were in use, and the signaling methods were inefficient."



The report also cited the iPhone's inability to edit email attachments, the lack of copy and paste system-wide, and the lack of any mechanism to dial phone numbers within a calendar entry, as well as an all day calendar event issue that "may be a problem in Outlook."



Another iPhone issue Gartner blamed on Microsoft's software was the lack of sync between reply or forward flags on email items sent from the iPhone and their display on the desktop email client. "This is a problem with Exchange ActiveSync, and Apple must await improvements from Microsoft to correct this feature. BlackBerry, which uses an alternative method to access Exchange, can support these options."



The iPhone's use of a touch sensitive screen is noted as having trade-offs in common with all full touchscreen devices. The report also highlights the iPhone's relative weakness in providing support for usage profiles that would put the phone into modes geared for specific uses or environments, such as in a meeting.



Pass without the word



Gartner also worries that Apple's password screen might not allow users enough access without entering their password. "The iPhone does permit emergency calls when the password screen is displayed, but there is no access to the contact manager or other advanced telephony features," Dulaney wrote.



"RIM and Microsoft manufacturers provided similar limited telephony operation prior to password entry, but have been forced to greatly expand the telephony functions that do not require password input. We believe Apple must follow a similar path."



Enterprise suitability compared to other smartphones



Dulaney concluded, "Apple has delivered an iPhone that is acceptable for business use at the appliance level. Most prospective iPhone users will judge the device based on consumer appeal. The AppStore applications and the iPhone's excellent browser are supplemented with an e-mail client, which provides acceptable business capability with excellence in some areas."



Gartner now lists the iPhone among BlackBerry and Windows Mobile as devices that meet its required security policies, a definition that excludes Nokia's E class phones targeted at the enterprise. "Despite the popularity of this class of devices," Dulaney wrote, "Nokia has not yet been able to deliver the required two security policies that have been met by BlackBerry, Windows Mobile and, now, the iPhone."
«1

Comments

  • Reply 1 of 25
    nagrommenagromme Posts: 2,834member
    I'd like a Guest mode and an Owner mode, like in OS X.



    The Owner mode would have a passcode. The Guest mode would have the option either way.



    Just keep it simple: a checklist of what to keep separate between the two (like email and voicemail), but let eveything NOT checked (such as the arrangement of icons) be the same.
  • Reply 2 of 25
    haggarhaggar Posts: 1,568member
    Apple says they built "full Exchange support" into iPhone 2.0, but it still cannot synchronize Notes and Tasks on Exchange server.
  • Reply 3 of 25
    dypdyp Posts: 33member
    All aspects of the Passcode must be protected when Passcode is turned on. Currently, the time interval of when Passcode becomes active after inactivity is left open. So as long as a thief has your phone within the interval, he/she can extend the time before Passcode lockout is initiated. This should be Handset Security 101.
  • Reply 4 of 25
    Quote:
    Originally Posted by Haggar View Post


    Apple says they built "full Exchange support" into iPhone 2.0, but it still cannot synchronize Notes and Tasks on Exchange server.



    Couldn't agree more.



    I think what everyone is seeing is Apple showing it's true colors here.



    It's obviously not about putting out a superior product anymore.



    2.0 - Buggy and unstable as is 2.01



    Mobile Me - Advertised as True Push and can't deliver



    20x More countries this month - Cha Ching for Steve



    3g Coverage in the USA - AT&T poor coverage, they went to Verizon first & they cover most of the USA.



    App Store - Give me a break, if an app like "I am Rich" can make the list for $999.99 and is 1 screen. Hello... Wake up Apple, you look Stupid for even allowing this to pass your rigourous QC check to make the store with the other 237 tip calculators.



    GPS - Why put it on the phone if you are going to make someone pay for Turn by Turn directions.



    Voice Dialing - On the cheapest phones and a safety hazard without it.



    I could go on but I'm upset I paid for a plastic piece of crap that is going to crack with lousy coverage and voice quality.



    I'm amazed this phone is even considered in the category of "Smart Phones". Because out of the Box it's really DUMB!



    One last note. Give us fricking Video and not QuickTime and YouTube. Flash, Windows Media, Real Networks.



    It's a joke I have a full browser and can't view 50% of the web pages because they aren't built like Apple wants.



    Get rid of the Square and give the phone some video viewing capability and I'm not talking Video Conferencing, I'm talking viewing web pages I'm tired of looking at that dumb square that says "I can't play your video becuase I'm not smart enough".
  • Reply 5 of 25
    The iPhone 3G will be Enterprise ready when users can disable the camera in the user restriction settings menu, be able to edit documents, view flash enable sites/video, remote lock/data wipe via SMS without the need for Microsoft Exchange and the ability to run apps in the background to allow multitasking.
  • Reply 6 of 25
    foo2foo2 Posts: 1,077member
    Quote:
    Originally Posted by Imagine Engine View Post


    The iPhone 3G will be Enterprise ready when users can disable the camera in the user restriction settings menu, be able to edit documents, view flash enable sites/video, remote lock/data wipe via SMS without the need for Microsoft Exchange and the ability to run apps in the background to allow multitasking.



    How does Flash support enter the definition of Enterprise-ready? I thought Flash was for advertisements, draining batteries, and security breeches.
  • Reply 7 of 25
    landylandy Posts: 12member
    Quote:
    Originally Posted by Foo2 View Post


    How does Flash support enter the definition of Enterprise-ready? I thought Flash was for advertisements, draining batteries, and security breeches.



    Yes indeed. And for websites who's content is not interesting enough to attract visitors without 'special effects'. Think cheesy action flick... also think about the name, Flash, for a second.... But, if some your enterprise applications somehow managed to end up being written in Flash, fire your doodling script kiddies and hire some developers. I've written a few 'enterprise applications'.. some GUI based, some web based, some middleware. None of them required anything more sophisticated than some AJAX on the client side (for the web apps) to satisfy the business requirements.



    Please provide 5 good examples of 'Enterprise Applications' that require Flash.
  • Reply 8 of 25
    Quote:
    Originally Posted by Imagine Engine View Post


    The iPhone 3G will be Enterprise ready when users can disable the camera in the user restriction settings menu, be able to edit documents, view flash enable sites/video, remote lock/data wipe via SMS without the need for Microsoft Exchange and the ability to run apps in the background to allow multitasking.



    What are you talking about? Flash for enterprise-readiness? Why? What enterprise requires Flash sites/video? Doesn't sound very work releated to me. Most enterprises don't even need you to have a decent browser on your phone - Windows Mobile, Blackberry?



    Remote lock/data wipe with SMS. That sounds like fun! Why not wipe my device as a prank. Yeah, really enterprise. The enterprise will do it via Exchange - that's what makes them an enterprise, they have enterprise level tools. Run apps in the background, well, you'll be able to get your notifications in release 2.1, which is probably what you want, and how does this make it enterprise. In my experience, most people in the enterprise, can't do one thing at once, let alone two.



    I do agree with the camera control though. I suspect lots of enterprises simply reject the iPhone on that basis though, plenty of companies I work with don't allow camera phones on their premises, so to have it turned off probably wouldn't make much difference... how could I, the security guard, know it was?
  • Reply 9 of 25
    zunxzunx Posts: 620member
    Sadly, the iPhone is NOT prepared for the enterprise or even the higher education market because it is NOT compatible with essential solutions like this:



    http://www.impatica.com/showmate



    Besides, opening (and if possible editing) full NATIVE Office files is a must as well. No exporting as static slides or as a movie, but true NATIVE file support for wired and wireless presentations from NATIVE Keynote and PowerPoint presentation files.



    A shame!
  • Reply 10 of 25
    jon tjon t Posts: 131member
    iPhone will never have Flash and I for one hope it disappears completely.



    This will help - it's the cause of some serious malware promulgation:



    http://www.macworld.co.uk/education/...S&NewsID=22323
  • Reply 11 of 25
    Quote:
    Originally Posted by zunx View Post


    Sadly, the iPhone is NOT prepared for the enterprise or even the higher education market because it is NOT compatible with essential solutions like this:



    http://www.impatica.com/showmate



    Besides, opening and even editing Office NATIVE files is a must as well.



    A shame!



    Ridiculous. I work in Higher Education as a senior IT manager, and have for many years. Quite frankly plugging a phone or PDA into a projector, is a gimmick at best. Not really very useful. Heck, most organisations haven't even moved to supporting DVI on their setups. Whilst I cannot be certain, the iPod allows for connection to projectors via a special cable, or the Universal dock, so i would imagine the iPhone does too. Clearly the possibility exists, albeit rather useless.



    The iPhone can open many Office native (2007/8 XML based included), but again, having used a Windows Mobile based phone for years, I can honestly say I NEVER even contemplated editing a document on it. The screen is TOO small, even on the iPhone.



    Frankly, the emergence of new "minibook" type laptops has hastened most of my University senior management team to hand back their "smart phones" and move to have a regular candy bar phone and their minibook with 3G cards for best productivity. In my experience, real users want only to read their email, and maybe browse the web on their PDA type devices. Those that have bought their own iPhone have increased significantly the use of the browser, and love the email client (much better than the horrid Blackberry one that doesn't actually display HTML email - which so much is these days) - they love Maps, and that's about it. Many of them use the iPod function, but not all.



    I think we must think about what real people use, rather than what IT people believe they should, or want to use themselves. IT and "real" people are completely different crowds.
  • Reply 12 of 25
    Since the original iPhone feature-set was made public, this or that "expert" postulated that the iPhone was not enterprise-acceptable because it lacked certain features-- one of those "must have" features is remote wipe.



    I never had a company-supplied phone, so I just assumed that remote wipe was (aside from an odd mental image):

    1) a need security feature

    2) implemented on "IT-Approved" devices



    Now, the iPhone has implemented remote wipe--so it should pass that hurdle to joining the exclusive "IT-Approved" club.



    But. wait! As this article pointed out, most of the "IT-Approved" phones have limited memory (64-128MB) that is used to hold the basic phone OS & programs. Most of the sensitive corporate data and programming is stored on removable MicroSD cards.



    Expandable memory is touted as a advantage... but is it? When your "IT-Approved" phone is lost or stolen, the precious corporate data can be easily popped out of the phone-- where it is immune to remote wipe (and can be analyzed at leisure). A thief could easily steal the corporate "jewels" in a few seconds!



    So, haven't the "experts" and "IT security people" just been deluding themselves-- what value is remote wipe if the wipee is unavailable?



    Now, comes along the iPhone, with non-removable, non-accessible memory and remote wipe.



    This gives IT a much better chance of protecting the corporate jewels (something to wipe).



    Ironic, that iPhone has a better remote wipe than many of those other "IT-Approved" phones!



    Apple Marketing should highlight this feature-- a remote wipe that really wipes!
  • Reply 13 of 25
    jeffdmjeffdm Posts: 12,951member
    Quote:

    Pass without the word



    Gartner also worries that Apple's password screen might not allow users enough access without entering their password. "The iPhone does permit emergency calls when the password screen is displayed, but there is no access to the contact manager or other advanced telephony features," Dulaney wrote.



    "RIM and Microsoft manufacturers provided similar limited telephony operation prior to password entry, but have been forced to greatly expand the telephony functions that do not require password input. We believe Apple must follow a similar path."



    Does anyone else know what they mean? From a business perspective, I really can't think of anything, but I haven't used a competing smartphone platform. From a "fun" perspective, I don't think I should have to enter the passcode to deal with operating the iPod. I do think the passcode is necessary, but mostly for phone usage and contact/email privacy. I don't think entering a passcode for media functions should be necessary even when locking down private data..
  • Reply 14 of 25
    zunxzunx Posts: 620member
    Quote:
    Originally Posted by henryblackman View Post


    Ridiculous. I work in Higher Education as a senior IT manager, and have for many years.



    Even the MacBook Air is too heavy and too large for us. THE EDITING IS NOT essential, since the important is to use the handheld device (iPhone or iPod Touch or whatever) for full blown presentations from NATIVE Keynote and NATIVE PowerPoint files (including therefore transitions, animations, video, etc) using technology like this or similar:



    Spectec Office On-The-Go http://www.spectec.com.tw/sdv.htm

    Video-Out Adaptor for Handheld Devices:

    SDV-841 http://www.spectec.com.tw/sdv841.htm

    SDV-84 http://www.spectec.com.tw/sdv842.htm



    AnimationTechnologies-LifeView http://www.lifeview.com.tw

    LifeView FlyPresenter-CF http://www.lifeview.com.tw/html/prod...esenter_cf.htm

    FlyJacket i3800 http://www.lifeview.com.tw/html/prod...cket_i3800.htm



    In short, the same quality as with a true laptop or ultra-mobile computer like:



    OQO model e2 http://www.oqo.com



    Is there a way to do it now with Mac OS X or OS X instead of Windows?
  • Reply 15 of 25
    auxioauxio Posts: 2,717member
    Quote:
    Originally Posted by zunx View Post


    ...

    the important is to use the handheld device (iPhone or iPod Touch or whatever) for full blown presentations from NATIVE Keynote and NATIVE PowerPoint files (including therefore transitions, animations, video, etc) using technology like this or similar

    ...



    Not quite a full solution, but try this:



    Apple Composite AV Cable

    (I prefer the component video cable, but composite input is more common)



    Export your presentation as images (both Keynote and PowerPoint can do it), put them into an album in your photo management software, sync them to the phone, then use that cable to display them as a presentation via your projector (ie. a photo album slideshow).



    You can also find software to convert and format videos for the iPhone, then show them the same way.



    You lose the fancy transitions and animations, but those won't save you anyways if you're not a good presenter (ie. monotone and reading a script). I think you can separate the different stages of a slide into multiple images (at least in Keynote anyways), so that helps.
  • Reply 16 of 25
    zunxzunx Posts: 620member
    Quote:
    Originally Posted by auxio View Post


    Not quite a full solution, but try this:



    iPhone Composite Video Cable

    (I prefer the component video cable, but composite input is more common)



    Export your presentation as images (both Keynote and PowerPoint can do it), put them into an album in your photo management software, sync them to the phone, then use that cable to display them as a presentation via your projector (ie. a photo album slideshow).



    You can also find software to convert and format videos for the iPhone, then show them the same way.



    You lose the fancy transitions and animations, but those won't save you anyways if you're not a good presenter (ie. monotone and reading a script).



    Yes, I know, but as said we do not want any "exporting". We need full blown presentations from NATIVE Keynote and NATIVE PowerPoint files (including therefore transitions, animations, video, etc). That is possible with windows handhelds for PowerPoint, but not with Mac handhelds so far, which is what we need (or else, we will be forced to switch to Windows, which I am trying to avoid).
  • Reply 17 of 25
    auxioauxio Posts: 2,717member
    Quote:
    Originally Posted by zunx View Post


    Yes, I know, but as said we do not want any "exporting". We need full blown presentations from NATIVE Keynote and NATIVE PowerPoint files (including therefore transitions, animations, video, etc). That is possible with windows handhelds for PowerPoint, but not with Mac handhelds so far, which is what we need (or else, we will be forced to switch to Windows, which I am trying to avoid).



    Well, until there's a Powerpoint or Keynote viewer app for the iPhone, the only other option would be to record a desktop video of you running through the presentation on your computer, then play that back as you speak (pausing at points as needed).
  • Reply 18 of 25
    landylandy Posts: 12member
    Quote:
    Originally Posted by zunx View Post


    Yes, I know, but as said we do not want any "exporting". We need full blown presentations from NATIVE Keynote and NATIVE PowerPoint files (including therefore transitions, animations, video, etc). That is possible with windows handhelds for PowerPoint, but not with Mac handhelds so far, which is what we need (or else, we will be forced to switch to Windows, which I am trying to avoid).



    Your laptop can't run powerpoint or Keynote? or your phone? I've never seen a presentation given from a phone.. maybe my company isn't cool enough i guess. I rock my MBP but most of my coworkers use their ugly T61p bricks. It sounds cool in theory though to be able to present from your phone... do they sell an adapter for the VGA Dsub connector to plug into the projector?
  • Reply 19 of 25
    zunxzunx Posts: 620member
    Quote:
    Originally Posted by auxio View Post


    Well, until there's a Powerpoint or Keynote viewer app for the iPhone, the only other option would be to record a desktop video of you running through the presentation on your computer, then play that back as you speak (pausing at points as needed).



    Thanks. Well, I guess we should have to wait or eventually purchase a Windows solution, in case Apple does not deliver. For us it is critical to use the NATIVE PowerPoint files (and if possible, also the Keynote ones). No exporting as slides or video either; it is not the same experience as using true NATIVE files. Hopefully there is some hope here with the rumor of an Apple pocket-size ultra-portable based on Intel Atom microchip. As said before, something like the OQO model 2 indicated above (5-inch screen or so), but with full Mac OS X inside.
  • Reply 20 of 25
    auxioauxio Posts: 2,717member
    Quote:
    Originally Posted by landy View Post


    Your laptop can't run powerpoint or Keynote? or your phone? I've never seen a presentation given from a phone.. maybe my company isn't cool enough i guess. I rock my MBP but most of my coworkers use their ugly T61p bricks. It sounds cool in theory though to be able to present from your phone... do they sell an adapter for the VGA Dsub connector to plug into the projector?



    That was his point: he doesn't want to carry a full laptop with him (for one reason or another). So he wants to be able to present off either a mini-laptop (which Apple doesn't have) or the iPhone (which can't present native Keynote or Powerpoint files).



    It is possible to present off of an iPhone using the AV adapter I mentioned (assuming the projector also has a composite or S-Video input -- which most should) and exporting the presentation to image files which are then presented as a slideshow in the photo app (output from the phone via the AV adapter).



    It's not quite the same as a native Powerpoint or Keynote presentation, but it should work for most people. The major downside is that you need to run that AV adapter cable from your phone to the projector (which may not always be feasible). I'd prefer some sort of wireless way to do it myself.
Sign In or Register to comment.