721 iPhone OS 3.0 for IT Nathan Clevenger iPhone Life 1528-5456 2009-06-17 Summer 2009 1 3 74 Work iPhone

When Apple launched the iPhone 3G and OS 2.0, it brought many enterprise-significant improvements to the platform, including Exchange ActiveSync support and the ability to remotely wipe devices. The enterprise-related enhancements associated with OS 3.0 and the iPhone 3G S are not as numerous. But they are nonetheless extremely significant when it comes to iPhone adoption and support within the enterprise.

Over-the-air profiles

Configuration profiles can now be deployed over the air from a Web server, simplifying deployment and enabling self-service provisioning. And because the profiles are a standards-based XML, enterprises can build their own custom mechanisms to facilitate the authentication and creation of configuration profiles for the provisioning of iPhone OS 3.0 devices.

Profile encryption

Configuration profiles for OS 3.0 can now be encrypted, making their contents—including VPN, Wi-Fi, and other settings—secure from prying eyes. Additionally, the backups of the iPhone created in iTunes can now be encrypted.

Policy enforcement

With OS 3.0, Policies can be enforced and required, preventing users from disabling controls. Additionally, the new Parental Controls can also be enforced. These include restrictions on Safari, YouTube, iTunes, the App Store, and Camera. IT organizations may find this extremely valuable.

Wi-Fi auto log-in

The iPhone now has the ability to detect captive networks (i.e., Wi-Fi access points that require additional authentication) and automatically log into them using saved usernames and passwords in the device keychain. This significantly improves the experience of connecting to corporate or commercial Wi-Fi hotspots.

LDAP and CalDAV

The iPhone now supports the LDAP and CalDAV protocols, and the ability to configure these OTA.

Certificate-based authentication

Certificates can now be used to authenticate Exchange, VPNs, and Wi-Fi, and certificates can be provisioned OTA using Simple Certificate Enrollment Protocol. This dramatically improves the process of configuring a specific user’s device. By providing these new tools it is now possible to create very simple self-service enrollment and configuration processes for users.

VPN on demand

Rather than forcing the users to specifically connect and disconnect the VPN in order to run certain applications, OS 3.0 can detect certain pre-configured domains that require VPN connectivity and automatically connect to the VPN in the background without any user involvement. This is a huge step forward in increasing the usability of VPN-based applications.

Password policies and auto-wipe

While OS 2.0 provided basic password enforcement policies through Exchange ActiveSync, iPhone OS 3.0 takes that to the next level with additional password policies, including complexity requirements and limits to the number of failed password attempts. The iPhone OS 3.0 even allows for automatic wiping of device data after a certain number of failed logins. This goes a long way to meeting the security needs of many IT departments.

Hardware data encryption

When Apple built hardware encryption into the iPhone 3G S, they were providing a way to overcome probably the single most common roadblock to iPhone adoption within the enterprise—the lack of encrypted storage. Organizations faced many regulatory and compliance requirements, including SOX to HIPAA or PCI, and having data encryption was simply a must-have for them. The lack of it forced IT to prevent users from connecting their iPhones to the enterprise data systems.

The long road ahead

Forrester Research recently made a 180-degree turn and acknowledged that the iPhone is actually quite enterprise-friendly. They stated that iPhones make mobile collaboration easier and ultimately can save organizations money because employees prefer them and require less hand-holding. In addition, Osterman Research reported that while only 20 percent of mid-to-large corporations supported the iPhone in 2008, 44 percent said they would support the iPhone in 2009. Add to that the enterprise-related enhancements found in OS 3.0 and the iPhone 3G S, and it’s almost certain that the adoption of the iPhone by the enterprise will continue to grow.

Third-party security and management tools from vendors like Trust Digital also help enterprises feel more comfortable about adopting and deploying iPhones. But even with them, the platform has a ways to go before it can compete with the more mature enterprise platforms from RIM and Microsoft.

The ball is in Apple’s court!