It's a refrain I've heard more and more from IT managers in my travels in recent months: Yes, we can secure devices using Exchange or mobile device management tools, but what we really worry about is the support burden that iPads and iPhones will put on us. I'm happy to say that the IT support burden should not increase meaningfully -- or at all -- as employees bring in iOS devices.
But first, a caveat: Android is a different story due to all the permutations in the OS from vendor to vendor and the uncertainty over which apps are legitimate, though some principles I describe here for supporting iOS devices such as the iPad and iPhone should apply as well. And unlike with iOS, you'll get calls from employees who can't connect to your secured wireless network due to the lack of support in Android 2.x and 3.x for PEAP-secured Wi-Fi networks. Ditto for those Android 2.x smartphone users whose devices can't support many of your Exchange ActiveSync policies such as on-device encryption and complex passwords. I can't help you there.
[ Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]
First, a recent study shows that iOS devices require the least support of the major mobile platforms. The device that IT prefers, the Research in Motion BlackBerry, is more difficult to support, but as they continue to fade from the business environment, the IT mobile support burden should decrease. In fact, aggressively replacing BlackBerrys with iPhones is probably the quickest way to lighten the IT mobile support load. Android devices require the most support, but their current lack of basic enterprise security and manageability means you're not likely to allow their use for business purposes and, thus, don't need to support them. (Motorola Mobility's crop of business-savvy Androids are the notable exception.)
That study points to an unsurprising reason: The iOS user interface is easier for users, so they tend to need less help. Reports from Forrester Research and Aberdeen Research shows that users who choose their own devices (no matter who pays for them) are more self-supporting. Plus, if the device is a personal possession, even if also accessed for business, users are much more careful about not losing and not damaging the item. All of this explains the lower support overhead for iOS devices.
But at some point, IT will have to deal with iOS devices directly. When that happens, here are ways to keep the effort low while meeting users' needs.
Use security policies and certificates
iOS supports more Exchange ActiveSync (EAS) policies than any other modern mobile OS; only the long-dead Windows Mobile still used in government and some businesses supports more. When anyone tries to access email from Exchange or corporate Gmail (if EAS is enabled), the email server validates the policies immediately, forcing users to comply in return for access. Because iOS uses standard EAS policies, you merely need to set them up, without regard for whether the user has iOS -- it can be the same policy set you use for desktop access.