Youve heard it for years. Its against the rules for them to come in, and its against the rules for them to perform work. But the demand is so high theres just no stopping them.
Im writing, obviously, about those newfangled electronics devices that IT wont (officially) allow onto the corporate network. The new poster child for this problem is the Apple iPhone.
As my colleague David Morgenstern points out, users are going to insist on bringing their iPhones into the corporate network and using them for business. Its not a matter to David of whether this is a good or bad thing, its just inevitable. Hes right, although the degree of the problem is still open to question.
Coming at it from a security standpoint, Im appalled: How could anyone allow these strange, unmanaged things onto their network? Theres point one about it all in my last sentence: If you have a management system of any kind to deal with security, its unlikely to be able to manage an iPhone.
Check out eWEEK.coms for the latest news, reviews and analysis on Apple in the enterprise.
The first requirement is going to be a VPN client, and it seems the iPhone is partly covered there, with the other part on the way. I know at ZD Id be required to have a Cisco VPN client.
The main application people will want and nag IT for is e-mail, and this will be the biggest headache. Were reporting that Exchange will not be directly supported on the iPhone.
Ive seen some disagreement, such as in the user TalkBacks to Davids column, with people saying that the iPhone will in fact support Exchange, but Im suspicious. My guess is that any support it has for Exchange Server is similar to that of Mac OS Xs Mail app, which only supports Exchange Server through IMAP.
This is a problematic configuration for a number of reasons, not the least of which is that its not the default for Exchange Server. Also, because IMAP is such a non-presence in the real world, there are a number of limitations on security for it. Youll find that most Windows anti-virus clients that scan your e-mail if it comes in over POP3 or MAPI dont support IMAP. If youre an IT administrator, do you want to open up that to your users? This isnt the only problem; For example, POP and IMAP clients do not adhere to the storage limitation rules set on mailbox.
The iPhone Enterprise Experience
Ive tried to use IMAP in the past, and theres a reason why it never became very popular: Its complicated and doesnt work very well, especially when you have multiple clients reading messages off of the same server. Synchronizing, if it works at all, works inconsistently. This was my memory from years ago, and some Googling of support forums confirms these concerns.
MAPI handles all these synchronization issues much more smoothly than IMAP. This will make Exchange e-mail a relatively unpleasant experience for iPhone users. Perhaps theyll blame Exchange or their own IT people. Its not like it could be Apples fault. But even to the extent that it works, it will be a second-rate experience compared to, for example, a Blackberry. And its not just the experience; ActiveSynch is actually pretty secure (I hear this from third parties who have no reason to suck up to Microsoft on the matter).
Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.
With IMAP, there is no direct synching of contacts and appointments. Appointments come in as messages in a folder. Yuck! In Outlook you can synch your calendar and look at it. With IMAP on an iPhone, well, you probably use Outlook Web Access.
Since the iPhone has a browser, Outlook Web Access is probably going to be the main corporate mail vehicle. Ive just confirmed that this works in Safari for Windows, as I expected it to. Its probably going to be crowded on the screen on an iPhone, but perhaps its doable, and it should be less of a headache for IT. I just cant imagine doing browser-based e-mail with a touch-screen keyboard.
And now the malware world is speculating whether a massive new population of iPhone users will finally make it worthwhile to write Trojans and worms for Apple products. Presumably these would be iPhone malware, and not necessarily Mac malware, although its possible some could work on both.
Im not going to venture a guess. As far as I can tell, if it made sense for malware authors to target Windows users as much as they have, it made sense years ago for them to try out Mac users. I think theyre just lazy, and I wouldnt expect this to make much of a change for them. Perhaps when someone sells (or even better, gives away) a kit for building iPhone malware with ready-made lure messages and pre-screened Mac user mailing lists, things will be different.
But on the other hand, there has been talk about mobile phone malware for years and plenty of proofs of concept (especially for Symbian). None of it has been a big deal in the real world, but writing a virus that effectively spread on iPhones would bring some major bragging rights. Its certainly possible.
Thats when we need to start building third-party security stacks on our phones, and thats when the fun ends.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers blog Cheap Hack
More from Larry Seltzer