By John Gruber
Kolide — User focused security for teams that Slack.
From a story by Poonam Khanna for IT Business, titled “Companies Should Prepare for the iPhone”:
To guard against such eventualities, IT departments should begin drafting policies forbidding executives from connecting their Apple iPhones to company networks, said Rob Enderle, a principal analyst with the Enderle Group based in San Jose, Calif.
“The device isn’t secure enough, nor is it designed to run with corporate systems,” he said.
A few questions:
What exactly does Rob Enderle know about the iPhone other than the tech specs on Apple’s web site? (Hint: Nothing.)
What isn’t secure enough about the iPhone?
What “corporate systems” is he referring to, other than Exchange Server?
Who are the non-principal analysts at The Enderle Group?
Before the iPhone is as secure as the BlackBerry and Treo, it needs a product such as Good Technology Mobile, which is designed to securely deliver enterprise applications to mobile devices. But now that Good Technology has been bought by Motorola, it’s unclear whether it’d be interested in creating a product for Apple’s iPhone, Enderle said.
And even if third-party developers were interested in making applications for the iPhone that would turn it from a consumer toy to a business tool, it’s uncertain whether Apple wants to go that route. The phone is currently a closed platform, which means Apple hasn’t invited independent software vendors to develop applications for its platform.
This is a really funny argument if you think about it. Enderle and Khanna are arguing that the iPhone is insecure because it doesn’t (at least yet) allow for third-party software, which means you can’t install third-party software designed to let you securely install additional third-party software.
One would think that if the problem is “insecure third-party software”, then not allowing for any third-party software at all is a relatively secure solution to the problem.1
If executives insist on connecting iPhones, then the IT department has a duty to report the violation since it could mean that Sarbanes-Oxley or other compliance rules have been broken, Enderle said.
Or perhaps the IT department could declare that these iPhones have “cooties”, and have the devices quarantined.
(Via The Macalope.)
I am, of course, very much hoping that Apple opens up iPhone development to third-party developers. I’m just saying that one benefit of a closed platform is better security. Pretty hard to run a Trojan horse if you can’t run any third-party apps at all. ↩︎