The next-gen iPhone may not have adequate security to meet corporate needs


(Computerworld) It has been eight days since Apple Inc. officials publicly described new features and functions of the new iPhone 3G, which is set to be released July 11. However, prominent industry analysts are saying that some of the basic information needed to judge its readiness for use in large companies, including details on security, is still unknown.

Gartner Inc. analyst Ken Dulaney yesterday issued a near-glowing eight-page report on iPhone 3G as it relates to consumers. However, he said IT groups in large companies need to wait until second-generation software is available July 11 before they make a final decision on whether to support the iPhone.

On Friday, analyst Jack Gold, of J.Gold Associates LLC, issued a report citing security and support concerns regarding the iPhone 3G, concluding that it is "still coming up short for the enterprise." Gold said he was particularly concerned about the lack of native encryption to protect data on the device if it is stolen. Research in Motion Ltd. offers encryption of the data on its BlackBerries, and the latest versions of Windows Mobile and some other operating systems offer similar functionality, according to Gold

Dulaney said the new iPhone 3g has neither a firewall nor native encryption, "so banks and federal officials are not going to use it." He said Nokia Corp. has introduced native encryption on its E series devices, and he added that the iPhone 3G could eventually have something comparable, but so far it does not.

Dulaney and other analysts have not been allowed to test the product or examine details behind it, and that has hindered their ability to make recommendations in advance of a release. Meanwhile, Apple has signed up many large businesses to test software and a related software development kit, but none are willing to talk publicly about their experiences because they are bound by nondisclosure agreements.

At Apple's Worldwide Developers Conference last week, top Apple officials asserted that many large businesses, including banks, are enthusiastic supporters of the iPhone 3G, but IT managers at such user companies said they would not consent to be interviewed by Computerworld, citing the nondisclosure agreements, which are widely used in the computing and communications industries.

The analysts acknowledged that they couldn't blame the beta testers for keeping silent, but they said Apple's policies are almost counterproductive. It's also possible that Apple is trying to tease the market to keep up interest, they and several Apple observers on blogs noted.

Apple could not be reached to comment.

Dulaney wrote that because Gartner has been unable to test the iPhone's new features, it is "difficult to say to our end-user base that what Apple promised to deliver to businesses is really there." He said for a business to commit to the iPhone 3G would be a "calculated" risk, but one that is lower than average because the device will have Exchange ActiveSync support.

Dulaney described the BlackBerry as the "gold standard" for security in handheld devices and called comments from market analysts who believe the iPhone will compete with the BlackBerry "premature." He also said the iPhone remains behind devices that use Windows Mobile, especially when it comes to security.

The need to use iTunes as a means of delivering business applications for the iPhone 3G is also undesirable, because it is not a "mission critical" application, Dulaney added. He also questioned what Apple plans to do about hardware and software support, especially in countries outside the U.S.