(UPDATED NOV. 9, 2010) Although more and more businesses are opening up to smartphones other than the BlackBerry, it's amazing how many people believe that the iPhone in particular doesn't have appropriate security for most enterprises. It does, and iOS 4 for the iPhone and iPod Touch now supports more security and management capabilities than all competitors except the BlackBerry and perhaps (based on what criteria matter to your business) Windows Mobile. "Businesses do seem to be comfortable with BlackBerry, certainly, and also with Windows Mobile. They are increasingly comfortable with iOS, especially with iOS 4," notes Forrester Research analyst Andrew Jaquith.
Why? Because these three mobile OSes use a mobile management server approach that lets IT set and enforce policies across the user base. In fact, Apple added that capability in iOS 4, released this summer. Most management tools support multiple devices; the exception is BlackBerry Enterprise Server (BES), which supports only RIM devices.
[ Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights with the Mobile Edge blog and Mobilize newsletter. ]
But what about the other mobile devices? Google's Android is fast gaining popularity, perhaps now selling more devices than Apple and RIM each. Then there's the new Windows Phone 7 from Microsoft and the new WebOS 2.0 from Hewlett-Packard, both due to ship in a few weeks. Can they safely be brought into your business?
Let's go through the current versions of the seven major mobile platforms and their variants to see how securely they can be managed. The table at the end of this story highlights the capabilities of each mobile platform for the most common security and management needs.
First, a note on Exchange ActiveSync (EAS) policies, Microsoft's protocol for mobile security and device management: EAS is fast becoming the de facto protocol for managing mobile devices, supported to varying degrees by Apple (in iOS and Mac OS X), Google (in Android OS 2.x and in corporate Gmail), Hewlett-Packard/Palm (in WebOS 1.1 and later), IBM (in the latest version of Lotus Notes), Nokia (in some Symbian-based devices), Novell (in a server add-on for GroupWise), and of course Microsoft (in Windows, Windows Mobile, and Windows Phone 7). Only RIM is avoiding EAS, preferring to stick with its BES. It's also key to note that although there are 29 possible EAS policies, some of them don't apply to many mobile devices, such as disabling infrared or disallowing unsigned CAB files (Windows-specific app files).
Second, a note on storage of corporate email, calendar, and contact data: Devices that support Microsoft Exchange, IBM Lotus Notes, or Novell GroupWise wipe out the emails and address books when access to the server is revoked -- or even just disabled, as in the case of iOS -- using protocols such as LDAP to do so. In other words, these servers use the same mechanisms to recall such corporate data from mobile devices as they use for PCs.
Now onto the mobile OSes and their capabilities.
RIM BlackBerry OS: The key to securing a BlackBerry is to use BES 5.0, which provides over-the-air management based on more than 400 security and management policies that IT can use, from password requirements to remote wiping. RIM does offer a free version of BES, but it's limited to Microsoft Exchange environments; it does not support IBM Lotus Notes or Novell GroupWise as the full version does. New to BES 5.0 is the ability to selectively wipe business data and apps from users' BlackBerrys (they must run BlackBerry OS 6.0), which makes it easier to support BlackBerrys owned by your employees and used for both business and personal purposes. Some BlackBerry models support RSA's SecurID second-factor hardware authentication tool, which is required in selected military environments.
RIM BlackBerry Tablet OS: RIM's strategy for securing its forthcoming BlackBerry Tablet OS, to be used in the RIM PlayBook in 2011, is the same as for the BlackBerry: BES. RIM promises equal security on the two operating systems.
Apple iOS: iOS 4 stepped up mobile management significantly by allowing auditable, assured application of EAS policies, as well as iOS-native policies, over the air. It also allows for selective wiping of business data and apps, and it supports complex passwords, on-device encryption, and remote wipe. The previous iPhone OS 3.x version supported 14 EAS policies managed through Exchange, and it used configuration payloads that could be emailed to users or made accessible via a Web link to install additional policies -- but there was no way to audit or assure their use. That number of supported EAS policies has not changed in iOS 4, though they now can be managed via mobile management tools from AirWatch, Boxtone, Good Technology, MobileIron, Symantec, Sybase’s Afaria unit, Tangoe, Zenprise, and others. The iPad will get iOS 4 next month, letting businesses manage it at the same level of a current iPhone or iPod Touch.