Sure, it's possible to change this setting, as AppleInsider explains in a recent blog post, but most enterprises will not. They have that policy in place for a reason, and they're not going to make an exception for the iPhone. (Or other devices -- they're not targeting the iPhone, despite what some conspiracists seem to think.) In many cases, they would face huge costs if they did.
There are a bevy of regulations -- such as Sarbanes-Oxley, FIPS, HIPAA, and the privacy breach notification statutes in most states -- that require many companies to enforce various access and security policies for corporate and personal data. For example, HIPAA (which applies to the health care and insurance industries) requires that patient data be kept confidential and cites encryption as an acceptable method of doing so. The state privacy breach disclosure laws say that if data is encrypted on devices -- laptops, mobile devices, and so on -- companies don't have to notify everyone whose personal information might have been on a lost or stolen device; such notification costs a lot of time and money, and it damages the company's reputation -- remember the brouhaha when a Veterans Affairs employee lost a laptop that had thousands of Social Security numbers on it?
Good luck getting your corporation's legal, security, and/or risk officers to grant iPhone users an exemption to such regulations just because their device can't support the encryption policy. They'd be foolish to say yes. It's like expecting a waiver from obeying speed limits because you drive a hybrid. Sorry, public -- or in this case, corporate -- safety comes first.
If your company doesn't need to follow these regulations, then maybe you can convince IT to drop the requirement for iPhone and/or other devices. But don't be surprised if IT still says no: Even if not required to follow these regulations, many companies choose to do so to reduce their risks.
Myth 2: Encryption can be broken, so it shouldn't be required
Yes, encryption can be broken, and it appears the iPhone 3G S's and most recent iPod Touch's encryption is easily defeated. But legally, if a device has encryption, it satisfies many of the regulations that apply to larger businesses. That gives them a legal pass even if the data is ultimately compromised. Can you really imagine a company not taking advantage of that legal pass just to satisfy iPhone users?
Of course, many organizations -- especially those subject to Defense Department's standards -- must support specific levels of encryption. In those cases, you can bet that your choice of devices allowed onto the network will be very small: likely just some BlackBerry and Windows Mobile models.
And if your data really is supersecret, your company wouldn't allow it on a portable device anyhow, no matter what encryption is in use.
Myth 3: The iPhone supports SSL encryption, so I'm covered
Sorry, but SSL encrypts data as it is sent between the device and the server. Most organizations require such encryption, which the iPhone does in fact support. But SSL does not protect the data stored on the device, so it doesn't satisfy that encryption policy requirement.