iPhone & The Enterprise


By now, you’ve seen the announcement of the March 6th iPhone announcement (which better be more than discussing a future announcement since that’s already two pointer de-references we have to manage). While I am – and many other and far more capable developers are also – eagerly awaiting the SDK release, the promise of “exciting new enterprise features” has me a bit more than intrigued. As it stands, the iPhone has quite a long way to go before it can weave it’s way – officially – into corporate IT standards. Adding support for third-party applications is one checkbox ticked, but what are the remaining “must-have” features for enterprise adoption?

Exchange, Exchange, Exchange

Microsoft Exchange still dominates the mail & calendar infrastructure of the Fortune 1000 enterprises, though hosted solutions like Google Apps, are making inroads and some data center alternatives are emerging. Apple will need robust support of Exchange messaging, calendaring and address book access before in-house IT will ever consider official support for the device. For wide-scale adoption, Apple must look beyond the most recent version of Exchange and provide support for older and even legacy installations since many organizations have not kept up with the preferred Microsoft upgrade cycle.

Centralized Configuration & Policy Management

Large companies cannot afford to trust users to maintain the correct settings on their desktops let alone their handheld devices. Apple must provide a way to develop a configuration (a.k.a. “policy”) for the iPhone which is pushed from a central authority and enforced by the device. Users cannot be permitted to alter the settings since that would create a support and security nightmare.

Security, Privacy & Integrity

To meet stringent data security requirements that usually accompany the corporate use of mobile devices, Apple will need to kick-up the security features of the iPhone quite a bit. The message, address book and calendar storage areas will need to be encrypted. They will need to facilitate stronger device locking & password policies and provide a mechanism for remotely wiping the device of all data in the event one goes missing or is stolen.

Apple also needs to seriously enhance the operating system protection features to prevent – or at least detect & report – integrity violations caused by either a “jailbreak” attempt or malicious software attack. An anti-malware component would be a requirement for some institutions along with the ability to manipulate firewall rules, both via some local GUI as well as via centralized policy.

While the device already has rudimentary VPN capability, providing full IPsec connectivity with soft-certs would be necessary to enable a large number of shops to allow full internal network access.

A Holistic Solution

My strong guess is that the exciting enterprise portion of the announcement will fall short of these broad sweeping feature requirements and amount to little more than enhanced Exchange compatibility. From my viewpoint, there are two fundamental approaches Apple could take to holistically meet enterprise needs:

  • Release an Xserve-based iPhone enterprise server that connects to Exchange, IMAP, Google apps, etc with the full configuration & policy features mentioned above. The likelihood of this is low given the complexity of developing such a solution and high barriers to entry since most corporations already have either a Blackberry Enterprise Server or Exchange PDA connector and do not have Apple on the corporate standards list;
  • Partner with Research In Motion and possibly a company like Bluefire Security Technologies on integrating policy management features and a secure message store into the device itself. The RIM partnership gets Apple in the door immediately and is not completely out of the question since RIM provides Blackberry Connect software for Windows Mobile devices which does something similar.

Thus ends my enterprising speculation and I now await the arrival of the Ides minus nine with the rest of the Apple iPhone community.



i am hijacking this thread to suggest that we need to have a thread DEMANDING Apple to give us a 12INCH Intel MAC BOOK PRO .. . damm it Apple! Why don’t you listen!! There are many of us who will NOT give up our old 12 inch PowerBooks G4 until new intel ones are made available! Now already…

Bob Rudis

@Goeff – Excellent addition.

@Mark – you know, with the Leopard Server having a decent group calendar and good mail, you may be on to something. But, the corporate market is fairly saturated with RIM BES and MS Sync servers.

We benefit no matter what Apple does, tho, which is A Good Thing.

That Guy

802.1x authentication is why they don’t work on our wireless network. Nice to know the wireless at Cupertino is probably easier to hack than places that use WPA Enterprise or WPA2 Enterprise

Supporting old versions of Exchange (or any old version of MS tech) would be an epic fail.

Mark - Portland - OR

We do know that IBM is soon to officially launch Lotus Notes for iPhone, and that it is likely to be a key announcement at the Special Event.


Could Steve Jobs pull an Apple Groupware rabbit out of his Apple hat at the event as well?… I believe it is coming, and if not at this event, no later than 2009…

Apple only attacks markets MicroSoft is not throughly entrentched in and/or markets Apple believes MicroSoft holds a weak position. The mobile device market, consumer and corporate, is such a market.

Today, Apple made it crystal clear they are moving straight into this corporate mobile platform market (disguised as a device market), which means Apple intends to do one thing – win. Whether they do or not win is another question. Make no mistake, when Apple enters a market the have zero plans of being a niche solution or one of many players, they move into a market to absolutely dominate it, while ensuring a large majority of their users love their solutions.

This new war is going to be a joy to watch.


You forgot 802.1x authentication, which is what I am looking most forward to.

Comments are closed.