LUCAS JACKSON/Reuters
When Apple launched the iPhone in 2007, information technology experts declared it unsuitable for business use - not least because of security concerns.
That's changed. The iPhone and more recent iPad are now credible business options, declares Forrester Research.
Recent figures from Apple bear that out. More than 80 per cent of Fortune 500 companies are deploying iPhones or using them in pilot projects. In the first 90 days after the iPad's launch this past spring, half the Fortune 500 deployed or tested it.
"I see more and more companies every day authorizing iPhones on their systems," says Gary Curtis, chief technology strategist with the consulting firm Accenture in San Francisco.
But while security provisions have improved, it's still an issue. Tools are available to address those concerns, says Mr. Curtis, but it's up to businesses to use them and to educate their employees, and that could be the weakest link in the chain.
The top security risk with all mobile devices, Mr. Curtis says, is loss or theft. To illustrate the point he recounts seeing an airline employee at San Francisco's airport carrying a box of mobile phones - more than a hundred, he says. He was told the box contained the phones found on one airline's planes at one airport in one day.
Businesses thus need precautions to keep finders - or thieves - from getting at confidential data. At Accenture, all smart phones and tablets must have passwords, and if the device isn't used for about 15 minutes, it locks up and the password must be re-entered.
Employers need to be able to enforce policies like this, he says. They can do so through facilities like Apple's Mobile Device Management Service, which makes it possible to configure or query an iPhone remotely. This service also makes it possible to wipe out all the data on the iPhone from a remote location - so if a phone is stolen or irretrievably lost, security staff can at least ensure its data won't be compromised.
Of course that will happen only if the device is reported missing, and this is where employee education comes in. Users must notify security staff immediately if a device disappears, Mr. Curtis said.
As with all communication from remote devices, employees should use virtual private network (VPN) technology when connecting from an iPhone or iPad to a corporate network that contains sensitive information, says Mark Tauschek, a research director at London, Ont.-based Info-Tech Research Group. This provides a sort of secure tunnel across the Internet. Businesses can set up their networks to require a VPN connection before allowing a mobile device to log in.
For its larger customers, Toronto-based Rogers Communications Inc. offers what it calls private access point names, allowing data traffic to pass directly from its wireless network to the corporate network without ever travelling over the public Internet. The wireless network itself uses "highly secure" encryption standards in such networks, says Mansell Nelson, vice-president of machine-to-machine communications at Rogers. "I believe it's actually never been compromised to date."
However, Mr. Nelson says, corporate customers generally run virtual private networks on top of this service.
Another precaution, Mr. Tauschek says, is to use "virtual desktop" software such as that from Citrix Systems Inc., that displays data from a central server on a remote device without ever storing the data on the device itself. That way, the data is not at risk if the device is lost.
Keeping up with steady innovations in mobile devices is a challenge even for large organizations' IT departments, so what about smaller businesses?
The good news, Mr. Curtis says, is that there are a range of services out there that can help. For instance, few small businesses run their own e-mail servers today because they can purchase service from outside suppliers, and these can include support for mobile devices and robust security protection.
It also helps, Mr. Tauschek says, that smaller businesses generally require less stringent security than larger ones.
For most small to medium businesses, he says, minimum or basic security is enough. The BlackBerry remains the "gold standard" in security for mobile devices, and organizations with the most stringent security needs still tend to prefer it, Mr. Tauschek says. But "for most other situations, you can secure and make private iPhones, iPads and those sorts of mobile devices."