Will the consumer-focused company introduce enterprise-class connectivity and security options for the iPhone? Will the SDK enable third parties to bridge the consumer/business divide?
Until Thursday (6 March), when the SDK is officially released, the fog of rumour will only get thicker. In the meantime, one thing is clear; the iPhone's popularity has executives, salespeople and even members of your IT staff hot to connect theirs to business resources.
Whatever the impending iPhone SDK, the fact is that most IT organisations can bring the iPhone into their operations easily and with acceptable risk.
Yes, instinct and analysts such as Forrester Research caution against such a move. After all, the iPhone is not designed for the enterprise and does have deficits IT should be concerned about.
But a strict "no iPhone policy" is likely to drive users to perform more dangerous hacks, such as setting up Google and Yahoo accounts as way stations to connect to enterprise assets – contacts and e-mail, in particular.
Instead, investigate what is possible before establishing your iPhone policy. Remember, too, that Apple updated the iPhone software several times in its first six months, fixing some significant deficits that early reviews highlights. While no panacea, such updates may mean the iPhone has fewer business-oriented caveats than you initially thought.
So, where do you begin preparing the iPhone for business? How can you satisfy executive demands to make the iPhone fit for corporate essentials? For those looking to get a headstart, here's a handy guide on what's possible, even before the SDK, and how to get it done. (Note that everything here applies to the iPhone's voiceless cousin, the iPod Touch with the January 2008 software update.)
Accessing corporate e-mail
IBM's promise of a Lotus Notes client for the iPhone remains unfulfilled. Although it may be announced with the SDK, at the time of writing, an Exchange client from Microsoft has yet to appear. But, if your business uses either system, you can provide email access via POP3 or IMAP, popular protocols that many businesses already support.
In either case, the iPhone's Mail setup is where to begin configuring host addresses, user names, passwords, and SSL authentication.
A tip for Exchange users: even though the Mail setup includes an Exchange pane, don't use it. Use IMAP instead; the Exchange pane doesn't work. (Even Apple's support pages say to use the IMAP pane.)
Many businesses prefer IMAP over POP3 because IMAP provides greater control over message management, such as keeping the mail folders synchronised as mail is moved on any client. The iPhone will connect to the IMAP server and detect most settings automatically.
You can adjust the SSL settings, IMAP path prefix, server port, and other such settings by scrolling down to the advanced portion of an individual mail account's setup area. Note that the iPhone's SSL options have been significantly enhanced from the first iteration's number-only token scheme.
What you can't do with the iPhone – out of the box, anyhow – is to get the BlackBerry's push-based approach to email, where the mail server sends messages to the device, rather than requiring the device to query the server to gain access to new messages. This push-based approach makes it harder for someone to spoof the email server.
To push email to an iPhone (or most other mobile devices), you need a mobile server such as those from Visto and Synchonica; these integrate with your Exchange or Domino server.
The iPhone also doesn't support Microsoft's Direct-Push approach (aka ActiveSync on Windows Mobile and Palm OS devices), which leaves the connection between the OWA (Outlook Web Access) server's mail port and the mobile device open so that new messages are instantly visible. The iPhone does use OWA as its connection to Exchange, just as Microsoft's Entourage email client does for the Mac OS.
Instead, you'll have to live with the iPhone's periodic mail checks; 15 minutes is the shortest period, although you can easily find SSH hacks on the Web to reduce that. Rumours have been flying for months that Apple has licensed ActiveSync from Microsoft; maybe we'll find out on Thursday whether those rumours are true.
Accessing calendars and other shared data
The biggest issue Exchange and Notes businesses will face in business-enabling the iPhone is providing access to calendars, address books, and other PIM data beyond email.
Calendars and contacts can be synchronised between Exchange and the iPhone, but this must be done through iTunes, meaning you will need a PC or Mac to act as an intermediary.
For Windows (XP or Vista) businesses tapping Outlook 2003 or 2007, synching is straightforward through iTunes. Connect the iPhone to your intermediary PC and select it in iTunes' devices list. Open the iTunes device info pane and choose the calendars and contact sources you want to sync. If you have problems, consult Apple's common fixes.
On the Mac, use the built-in iCal and Address Book software as the waystation, and then configure Entourage to sync with them (using the Sync Services pane of the Preferences dialog box). In iCal, you must create and use a calendar called Entourage for any entries you want synched to Exchange. (And Exchange calendar items will be placed in iCal in the Entourage calendar as well.) Then, with your iPhone physically connected and selected in iTunes' Devices list, open the Info pane to choose the calendars and contact sources to be synced. All three programs – Entourage, iCal, and iTunes – must be set up properly for this ménage à trois to work.
A tip for Mac users: in Entourage's preferences, choose whether to sync your server's calendar or your local calendar. If you change this setting, it's very likely that your calendar will stop synching. It turns out the issue is in iCal. You'll see multiple Entourage calendars listed (one for each time you changed the setting in Entourage). Delete all but the "real" Entourage calendar (you can right-click on a calendar and choose Delete from the contextual menu).
Likewise, for Notes on the Mac, iTunes is the go-between, as described for Exchange – and you will need a separate application such as Information Appliance Associates' PocketMac GoBetween to make iCal and Address Book sync with Notes. Ironically, there doesn't appear to be a way to get calendar and address book data from Notes to the iPhone in Windows. If IBM follows up on its promise to ship a Notes client for iPhone, there'll be no need for a third-party app or other work-around.
You can, of course, access calendar and contact data without connecting through the desktop by tapping Exchange or Notes web access via the iPhone's Safari browser. Unfortunately, navigating those desktop-oriented pages even in the iPhone's fairly large screen makes this a somewhat frustrating experience.
Another access issue to consider is that the Safari browser in the iPhone does not support Java or ActiveX, so web pages that use these applet-delivery technologies won't run on the iPhone. ActiveX is a Microsoft technology available only on Windows, so the iPhone's lack of support mirrors the Mac's lack of support, but the lack of the cross-platform Java technology on the iPhone is less justifiable for Apple.
Securing the iPhone
The biggest issue for IT when it comes to the iPhone is security, even with the availability of SSL authentication for securing email connections. Make sure your Exchange or Domino server requires SSL and one of these SSL options: MD5 challenge-response, NTLM, or HTTP MD5 digest. The iPhone also supports password-based SSL authentication, but that can be more easily spoofed than the other options.
All SSL does, however, is help validate that the user is legit. It doesn't encrypt messages – neither do POP3 and IMAP – so there is risk of interception over the internet. Typically, you would mitigate this concern by using a VPN client, or a BlackBerry or Motorola GoodLink server and its proprietary secured network as the conduit.
Although the iPhone supports VPNs (if you have the most recent iPhone software update installed), email travelling via POP3 or IMAP doesn't go through the VPN tunnel. Furthermore, using a webmail application in the Safari browser is painful, even with the iPhone's wide display and gesture-based navigation. So realistically, email will be no more secure than any other IMAP or POP3 connection would make it.
For network access, the iPhone's VPN capabilities are solid – comparable to Windows Mobile and Palm OS devices. It offers a choice of L2TP and PPTP protocols and support for EMC RSA Security's SecurID key-based authentication. You access those through the General preference pane's Network option. However, the iPhone VPN client does not work with all VPNs; Cisco-based VPNs in particular are incompatible unless they are set specifically for Mac OS X and iPhone.
And there are three security issues for which the iPhone decidedly falls short against Windows Mobile, Palm OS and BlackBerry…
Firstly, the iPhone does not provide device encryption, meaning that any data stored on the iPhone can easily be obtained by a thief. With nearly 16GB visible to PCs as an external drive when connected over USB, the iPhone can store a lot of could-be precious corporate data.
Secondly, password protection on the iPhone is scant. More than providing a four-digit maximum for passwords, the iPhone provides no way to enforce password use or policies, as users can simply turn the password feature off.
Thirdly, the iPhone's lack of a remote lock or kill feature leaves IT in the lurch if the device is stolen or lost.
Until Apple adds these capabilities to the iPhone, or third parties find a way to add them, IT will have to decide whether these three security shortfalls justify banning the iPhone from the enterprise.
A good way to judge that is to make an honest assessment: Are you as tough on USB thumb drives, smartphones, and work-at-home users' PCs as you want to be on the iPhone?