iPhone insecurity leaves sour taste for enterprise IT

iPhone insecurity leaves sour taste for enterprise IT

Summary: Not being able to use Exchange on your iPhone is not what enterprise reluctance is all about. It's about security. All that jailbreaking, buffer overflows, hardware hacks, and revelations about weak architecture, and proof-of-concept exploits galore leaves a sour taste in IT mouths.

SHARE:
16

In its invitation to the media for Thursday's iPhone Software Roadmap, Apple hints strongly that it's working to get the iPhone into the enterprise. In addition to information about the iPhone SDK, Apple promises "some exciting new enterprise features." The event graphic shows "Enterprise" as a major stop on the SDK highway.

iLounge, which is carrying "confirmed" rumors of the details, says the enterprise features are pretty much limited to announcing iPhone support for Microsoft Exchange and Lotus Notes.

But not being able to use Exchange on your iPhone is not what enterprise reluctance is all about. It's about security. All that jailbreaking, buffer overflows, hardware hacks, and revelations about weak architecture, and proof-of-concept exploits galore leaves a sour taste in IT mouths, Andrew Storms, director of IT security at nCircle Network Security, told me.

This release of the SDK probably won't do much to regain the love of many enterprise IT and security departments. All the attention drawn to the security of the iPhone in the last 9 months has driven too much bad disclosure resulting in lowered trust among IT security groups. In the world of IT security, once trust is diminished, its a steep narrow mountain to climb in order to regain that dependability.

What about the fact that Apple will apparently server as gatekeeper, only allowing apps it approves of to be distributed through the iTunes Store? Rather than building confidence, Andrew said:

Enterprise IT sees this policy as an indicator of lacking good technical security controls on the iPhone. As has it been all throughout the iPhone jailbreak saga, Apple cannot play the demigod of creativity and coolness while enforcing these seemingly unfounded strict controls.

And speaking of Apple's Good iPhoning Seal of Approval, does anyone think there won't still be a vibrant "gray market" in unapproved apps? I asked my friend Damien Stolarz about that:

I'm pretty certain jailbreaking will be popular for the forseeable future. The SDK is better than nothing but a lack of over-the-air purchase/install will leave installer.app in business until Apple lets you buy on the phone.

In any case, the SDK will drive more enterprise apps and integration, which will only make things worse, Andrew said.

This will just continue to widen the chasm between the company executive and the IT security personnel. Instead of playing to the peril of allowing feature-functionality to outpace security, Apple needs to first retrace its steps and spend some face-to-face time with enterprise security teams in order to regain their trust.

When I talked to Andrew about this stuff last fall, when iPhone security holes were all over the headlines, he said this is what Apple needs to do: Provide centralized tools for managing configuration and compliance.

Until then it will continue to be shunned by enterprises. No matter how useful or ingenious the device may be, the enterprise simply cannot consume another device where private data could be leaked."

Topics: iPhone, Apple, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • The glass is half full... and rather sweet.

    "Until then it will continue to be shunned by enterprises. No matter how useful or ingenious the device may be, the enterprise simply cannot consume another device where private data could be leaked.?

    It isn't being "shunned" by enterprises. I see more Enterprise people with iPhones than any other demographic. Perhaps thier IT departments fear work and hate it when something new and awesome come along that interrupts thier WOW game... Especially when that new thing was made by Apple.... Ohhhhh, the word that stikes fear in the hearts of hardcore PC loving morons who are too afraid, lazy, and full of pride to sit down and learn about real technology. It scares them because they are ignorant and they hate anything that makes that fact painfully obvious.

    Fact is.. iPhones are going to replace Palm and Blackberry and all the rest of the phones and devices in the work place. While I hate to see AT&T gain that much power, I do love my iPhone and will take the awesome with the bad.

    My advice to all those cowering in the corner afraid of the apple logo, get over it quickly or get left behind...
    i8thecat
    • Apple fanboys deserved reputation

      is obvious in the post above. Wallowing in the tiny pond of Apple users, who are using exactly the same technology as Windows but lack interoperability with the real business world.

      So are all Apple users fanatical, arty, technically challenged and extremely jealous of Windows? No - just the ones that post on this forum ;-)
      tonymcs@...
      • Apple fanboys?

        "Wallowing in the tiny pond of Apple users..."

        Remember though, it's that tiny pond of iPhone users that
        make up more than 30% of the mobile browser hits on
        Google.

        Small, but influential.
        grail@...
    • I love my iPhone too...

      ...but that doesn't mean there aren't security problems with them.

      You're rant makes you look like an idiot.
      MalumRegnat\
    • Lucid Dreaming?

      Once you wake up and smell the coffee have a quick look at the sales figures. Worthy of note here is Nokia's sales figures, they sold more smartphones in the last Quarter than iPhone has sold since its launch. And when the sales figures come in for next Quarter that figure will have risen once again, while iPhone sales are falling off.

      To put things into context for you it took Apple 5 years to sell a 100 million iPods, so if you took every iPod ever sold and added it to the total number of iPhones sold to date, it would still be less than the number of handsets Nokia shifted in the Fourth Quarter of last year.

      Nokia Fourth Quarter handset sales = 133 million units.

      iPhone Fourth Quarter Handset sales = 190000

      Even Motorola managed to shift 40 million handsets in that Fourth Quarter. So frankly iPhone sales are pathetic.

      It seems that when it comes to hype all the Apple shiny stuff is popular, but when it comes to people actually putting there money where there mouth is, the smart money and the sales figures aren't going with Apple.
      Skullet
      • Correction

        Sorry that iPhone Fourth Quarter figure should actually be around the 1.2 million mark I think. Not that it actually makes any real difference, its still a fairly insugnificant number.
        Skullet
        • Not to nit pick, but...

          Skullet, while I do agree that there are security issues with the iPhone and sales don't match Nokia's or even Motorola's. Are you really comparing apples to apples, (sorry for the pun)? You're talking about an expensive device (one model) that is available on ONE carrier in a limited number of countries versus a company that sells hundreds of different models of phones in all countries on all networks in all price ranges, including "free". Even taking just the one Nokia smart phone that might compare to the iPhone (which one is this month the N95?) is not an equal comparison, unless you limit the sales of that phone to just AT&T and the various oversea carriers that the iPhone uses, then you will start to get a better picture of the iPhone's success. And no I'm not a fanboy, I use PCs and don't like my wife's iBook all that much.

          All told, while the iPhone is not perfect and has not dominated the mobile phone market in a short time, less than a year. You must look at it for what it is really is, an expensive device that has generated a lot of sales for the "type" of product without enterprise support. My wife hates her blackberry and her treo before that, but her company buys it, she would never pay for one. Personally, I would never purchase a blackberry or a treo as my personal mobile phone, maybe a blackjack. But at the price difference the iPhone is far better. So if IT security and Apple get past their issue, you'll see the sales dramatically increase as treos and blackberrys are pretty close in price, and while they have the push tech, they don't compare on screen, interface or the ability to read attachments.

          Sorry, but that is just how I see it.
          fhil28@...
          • why your company buying your wife BB

            have you ever consider why her company is buying her at BB? is for work!
            xtrememorph@...
          • ???

            I think I know what you are trying to say...and yes her company purchases the BB for her because 1) it was the only thing available when they started 2) it is currently more secure than the iPhone 3) they are not comfortable with anything other than a BB or Treo. That being said, I would fully expect that individuals within her company to utilize iPhones by the end of the year, IF they security issue is worked out as Apple announce the other day.
            fhil28@...
    • Have you ever work as IT Support?!

      "Fact is.. iPhones are going to replace Palm and Blackberry and all the rest of the phones and devices in the work place. While I hate to see AT&T gain that much power, I do love my iPhone and will take the awesome with the bad."

      Where have you been???? Apple utopia?

      Replacing BlackBerry anytime soon? omg..just show that some of you are really a worm eating on the apple.
      xtrememorph@...
  • RE: iPhone insecurity leaves sour taste for enterprise IT

    Hey Apple, how about adding an audible/repeating message waiting indicator?!!! Hard to believe a 'smart' phone is missing such a basic feature.
    davidwfox
  • RE: iPhone insecurity leaves sour taste for enterprise IT

    Let me get this straight. Enterprise IT that has Windows deployed througout is concerned about iPhone security????


    Hahahahaha.
    bdammann
  • Most Enterprise IT security departments are clueless

    When it takes 3 months to get simple access to a single
    network drive (while on a computer installed within a secure
    location) because IT security does not even understand the
    convoluted mess they, themselves, created....

    Makes me think the majority of Enterprise IT Security people
    really don't understand what they are doing in the first place.
    Bruizer
    • IT is all about

      making sure IT is indispensable.
      frgough
    • And you do?

      and you do?
      xtrememorph@...
  • RE: iPhone insecurity leaves sour taste for enterprise IT

    Why don't they build a business only iPhone?

    R
    leboeufsurletoit