The Apple iPhone lacks encryption, robust central management capabilities and the ability to integrate with localised infrastructure making it an unlikely choice for most businesses, according to analysts at the Burton Group.
In an online panel discussion, the analysts said the device is suitable for consumers to access e-mail, browse the Web and access Web-based, Ajax-enabled applications. But cheaper devices that mimic many of the iPhone's features may win out in the enterprise marketplace of the future.
"The iPhone is unquestionably cool, but the Mac has always been cool," said Jamie Lewis, CEO and research chair of the Burton Group. "It's clear that the lines between work and life and the devices you use in the different roles that you have will continue to blur."
The iPhone was released in June and since then security researchers have been clamoring to crack the smartphone's security features. Since then, flaws were discovered in the Safari browser, used by the iPhone. In July, a team of security pros at Baltimore-based Independent Security Evaluators discovered simple ways of taking complete control of the Apple iPhone. Other security experts said that iPhone popularity could increase mobile phone attacks.
From a security perspective, the iPhone's lack of a centralised management capability – it currently relies on the iTunes interface for user management – takes the control of patching and configuration updates out of the hands of enterprise IT pros. Users can download security updates from a site provided by Apple.
"There's no way to force a patch or configuration change from a central place," said Diana Kelley, vice president and service director at the Burton Group.
Kelley said that the lack of centralised control coupled with the iPhone's lack of encryption makes it an unlikely choice for security-conscious enterprises, such as organisations in the government, healthcare, and financial markets. While Apple makes it difficult to store files on the iPhone, new software called the iPhone Drive is available, and indications are that storage could be made available in the future, making encryption even more important for the device, Kelley said.
"There are a lot of issues with data leakage and organisations are saying 'we don't want files being carried on a small device that we can't control,'" she said.
Many enterprises have been trying to address issues related to data leakage in the wake of many high profile data breaches and stolen laptops containing sensitive information. Some IT shops are deploying file encryption on laptops and even full disk encryption to address the issue, Kelley said.
Still, some analysts believe the iPhone's limited features could be ideal for many enterprises. Since the phone lacks the ability to store enterprise data via cut and paste and download features, the device currently doesn't need encryption, said Bob Blakley, a principal analyst at the Burton Group.
The iPhone also lacks the ability to enable a user to store local applications. This could benefit enterprises since end-users could connect to Ajax-based Web applications, keeping sensitive data stored on local servers, Blakley said.
"Any Ajax application that an enterprise chooses to develop is going to be able to present rich information density and interactions dialogue with the user," he said.
Blakley admitted that future software updates, driven by consumers, could make the iPhone more prone to data leakage.
Still, Burton Group senior analyst, Richard Monson-Haefel, an iPhone user, said he is hesitant to recommend use of the iPhone by most enterprises. The need to store resident applications is important in some job roles, he said, including field technicians and service professionals. Even with a fast Internet connection, downloading schematics and other large amounts of data could be burdensome, he said.
"Technicians working in the field may need a massive amount of data … and can't afford to spend time downloading without a fast pipeline," he said. "I would love it if our organisation ran the iPhone for a standard device but there's just enough missing pieces that it doesn't make sense for us at this point."
This was first published in August 2007