The iPhone didn't originally support VPNs, but Apple added that capability via a software upgrade in late 2007. The iPhone’s VPN capabilities are solid -- comparable to Windows Mobile and Palm OS devices -- with a choice of L2TP and PPTP protocols and support for EMC RSA Security’s SecurID key-based authentication. (You access those through the General preference pane’s Network option.) But the iPhone VPN client does not work with all VPNs; Cisco-based VPNs in particular are incompatible unless they are set specifically for Mac OS X and iPhone compatibility.
And there are three security issues for which the iPhone decidedly falls short, when compared with Windows Mobile, Palm OS, and BlackBerry.
First, the iPhone does not provide device encryption, meaning that any data stored on the iPhone can easily be obtained by a thief. With nearly 16GB visible to PCs as an external drive when connected over USB, the iPhone can store a lot of could-be precious corporate data.
Second, password protection on the iPhone is scant. More than providing a four-digit maximum for passwords, the iPhone provides no way to enforce password use or policies, as users can simply turn the password feature off.
Third, the iPhone’s lack of a remote lock or kill feature leaves IT in the lurch if the device is stolen or lost.
Until Apple adds these capabilities to the iPhone, or third parties find a way to add them, IT will have to decide whether these three security shortfalls justify banning the iPhone from the enterprise. A good way to judge that is to make an honest assessment: Are you as tough on USB thumb drives, smartphones, and work-at-home users’ PCs as you want to be on the iPhone?