Forrester: Apple iOS devices meet many enterprise security needs

Apple’s iOS, in the newer iPhones and the iPad, is now secure enough for many enterprise to deploy, according to a report from Forrester Research. But even the most recent version of iOS, in the iPhone 4, falls well short of the high security offered by Research in Motion’s BlackBerry platform.

Forrester recommends implementing a basic set of iOS-based security features on both company- and employee-owned iPhones, and then layering on additional abilities and policies to meet more stringent enterprise requirements. But the Apple devices still lack a range of features that high-security organizations may need.

[ InfoWorld's Galen Gruman states iOS appears to do less than you may think. | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Nine real iPad alternatives

Nearly one in three companies in North America and Europe currently support the iPhone, according to Forrester. That’s an unprecedented number given that Apple offers nearly nothing in terms of the management and security infrastructure that are hallmarks of both RIM and Microsoft.

But the changes Apple has introduced in iOS 3.1 and this summer in iOS 4 have been winning over IT executives. (See “iPhone winning over some corporate security skeptics”). Today, iPhones and iPads now “satisfy the basic security needs of most enterprises,” writes Andrew Jaquith, senior analyst with Forrester.

The Apple platform implements seven key features that cover these basic requirements, he says:

Encrypting email to and from iOS devices; via Exchange ActiveSync licensed from Microsoft or SSL-enabled IMPA and SMTP over TLS.Remotely wiping data from lost or stolen devices, now able to be done in less than one second.Passcode lock, via numeric-only PIN, or via an alphanumeric password; both can be set to varying levels of strength.After a set period of inactivity, iOS can lock the device to prevent access to information if it’s left unattended.Devices can erase themselves automatically after a specified number of failed unlock attempts.Signed user configuration profiles, which set the security settings for a given user; the signed profile ensures it hasn’t been tampered with.Automatically refreshing security policy settings, but only via ActiveSync and Microsoft Exchange 2007; Lotus Notes Traveler eventually plans also to push updated policies to the device.

The minimum-length PIN, preventing guessable passwords, and the autowipe feature combine to ensure that “cybercriminals can’t easily guess passwords without forcing the device to erase itself,” Jaquith writes. Autolock and remote wipe mean that it’s less likely company data can be gleaned from lost of stolen devices.

These basic features need to be complemented by an updated employee acceptable use policy, Forrester recommends. Among them:

additional resources White Paper

Get the independent advice and expertise you need to support a virtual workforce.

Go inside: The three-step approach to making a virtual workforce a reality. The four flavors of client virtualization technologies. The three key initiatives that solve IT challenges. Download now » White Paper

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now » White Paper

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations select appropriate solutions.

Download now » White Paper

A common misconception is that mid-range storage requirements are dramatically different than that of a bigger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »