Main
Posts
Links
Guest Book
|
Home
JohnWargo.com
|
Tuesday, 09 March 2010 20:30 |
|
A colleague asked me a while back to provide my comments on InfoWorld’s Enterprise iPhone Deep Dive Report. I found it to be an interesting read and I was convinced when I finished that you should never allow a bigot to write an article if you’re going to pretend that you’re impartial.
I could be wrong on this, and as usual my comments below do not reflect the official position of AT&T, but here’s my take on the report:
I’m not sure the iPhone is capable of satisfying the enterprise and the different articles in the report highlight many of the issues, but not really the root cause behind them. Apple historically has never really ‘understood’ the enterprise and until now it hasn’t really been an issue. Now that these organizations have all of these remote devices accessing corporate data, it’s even more important that Apple understand the enterprise. Buried deep within the report was the following statement:
“Apple designed the iPhone as a consumer device, so it’s heavy on convenience and light on security. If you want protection, you have to accept some pain”
No enterprise is going to be interested in hearing that unless they’re willing to forgo security in order to have the cool device (which is currently the case with many enterprises).
If you think about the platform, it was designed under the premise that users would not run any application other than the applications provided by Apple or a select few of very trusted partners. The web browser, being a desktop browser in a small package rather than an actual mobile browser, was deemed to be sufficient for all user needs. The tradeoff they got by making this assumption was that they could build the platform allowing all applications to run with root level access within the Unix security model. They wouldn’t need a security model since they weren’t planning on allowing anything but their applications to run. All applications run with the same level of access and each and every application can do anything it wants to anything else on the device. No sandboxing, no varying levels of access (Apple applications running with the most access, other applications running with less), nothing. Everything runs as root. No system administrator on any unix system in the world would allow that for any end user computing device, but that’s what Apple did with the iPhone.
After Apple decided that end-users did want to have access to applications, Apple quickly ‘patched’ the environment to allow third-party applications. They took a system designed with no security and added a security model (of sorts) on top of it. Now, third party applications could be created and Apple reserved access to some API’s for itself – most likely over security or performance concerns. What I believe, unless Apple has done a complete rewrite, is that the iPhone platform doesn’t have the foundation enterprises need to feel that the device is secure in their environments.
I believe that Apple’s prohibition of background applications is another offshoot of this design. Since they didn’t build the necessary security restrictions in the original platform, they have to worry about applications running in the background, gaining access to all sorts of information and data the enterprise would otherwise not want accessed. By not allowing background applications, they can avoid any security concerns over inter-process communication.
Apple’s getting there with regards to support for ActiveSync policies. More and more policies will be added over time. What’s clear from the article is that if you’re on ActiveSync, many of the enterprise security features you need are there and I believe more and more will continue to appear with each release of the platform. If you’re not on ActiveSync, then your choices for enterprise management are:
1. Buy a third party product
2. Use the free tool Apple offers, the iPhone Configuration Utility
The problem with the iPhone Configuration Utility is that while you have the ability to configure all sorts of settings, there’s absolutely no way to ensure that these settings are deployed and correctly maintained on the affected mobile devices. None. The user has to act to implement the security feature you have created for them. Enterprises security departments will not accept that as an option. The report later says:
“But a big IT issue remains: you can’t easily manage iPhones through a central console wirelessly, even though you can do some management (profiles and remote wipe) via email, the web and/or Exchange 2007. IT Pros rightfully complain that Apple essentially forces them to use a local PC as a management workstation and physically connect user’s iPhones to it”
The conclusion correctly reached in the report is that ActiveSync good, anything else bad. Since the majority of enterprises are running Exchange, most organizations should be OK.
There’s still the issue where any iPhone prior to the 3GS would report to ActiveSync that it was capable of encrypting or was actually encrypting the local data when it actually lacked the capability it said it had. That’s got to have many enterprises scared to death and I’m waiting to see what lawsuits make it into the courts over that one. Take for example the Massachusetts law that goes into effect in March requiring any organization to encrypt data regarding any Massachusetts resident any time it’s stored:
http://www.27001.com/massachusetts-data-protection-law.aspx
http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1347836,00.html#
http://www.alertboot.com/blog/blogs/endpoint_security/archive/2009/01/06/massachusetts-data-encryption-law-201-cmr-17-00.aspx
In the case of the iPhone, enterprises would believe it’s encrypted and they’re in compliance with the law when on older iPhones it won’t be the case even though the device is saying it is. Not good for enterprises.
I learned a little from some other topics in the report. I’ve always wondered why Apple forces everyone to go through them for application approval. I always thought that developers should be able to do whatever they want on the platform. That won’t work for Apple. Since the fundamental security platform isn’t there, Apple has to analyze and approve all applications because they have to make sure that the application isn’t doing anything it’s not supposed to be doing. What was most telling was Apple’s prohibition of downloading any code from the internet. Apple even forced one vendor to remove the eval function from their JavaScript library. This is because a developer could download dangerous code and execute it within the context of the application – without the needed security model, Apple can’t allow it. The BlackBerry and Android platforms can both allow this ‘feature’ because the requisite security features needed to protect the user and/or enterprise were built into the platform from the very beginning.
The last thing I noticed was that several of the articles were laced with inaccuracies. It’s clear that the authors are enamored with the iPhone platform and didn’t take the time to validate the things they said about the other platforms. I was able to update the author that indicated that the BlackBerry platform supported WebKit in newer devices (not true) but the iPhone vs. BlackBerry article was chock full of falsehoods and it’s clear that the author didn’t care about being accurate. |
|
|
Monday, 08 March 2010 15:35 |
|
Just got my Motorola Backflip. So far I like it. It's a consumer device, but has support for corporate email and policies. I'll be playing with this over the next couple of weeks and I'll write a review. I'm really excited about the device - all signs point to Android exceeding the iPhone in the Enterprise Market (which is where I work).
Here's a couple of things I learned as I played with the device for a few minutes:
MotoBlur is pretty cool. In a matter of minutes I had my account created and setup Twitter, Facebook and personal email. Limiting that you can only define one Twitter account (I have two). Supposedely MotoBlur provides better Exchange ActiveSync support than what is available in Android 2.1.
The device has a touchpad on the back of the screen. When you're holding it open in your hands with the keyboard exposed, you can navigate the screens by swiping on the back of the screen. The front is a touch screen, but the back gives you a different sort of navigation. Different. Interesting. Time will tell how useful/fun this is or how much it enhances the usability. |
|
Monday, 08 March 2010 15:09 |
|
One of my college Physics professors said something one day that stuck with me. Someone in the class said 'back and forth' and he stopped them and said that it was physically impossible to go back and forth. You can go forth then come back to the initial state, but you can't go back then forth. It was a very literal interpretation, but it stuck with me all these (many) years.
I made the mistake of using that on my boss a while back and he's not let me forget it yet. Of course, he reminded me, you can go back then forth if you're talking numerically - start at zero then go back to -3 then forth to 6. I agreed, but I'm sure he'll find other examples and ply me with them.
He mentioned a good one and I promised to write about it. He said - think about all of those products that are new and improved. Think about it, they can't be both new AND improved. That have to be one or the other.
Thanks Jim! |
|
Friday, 05 March 2010 09:08 |
|
When you get a chance, take a look at a recent article from InfoWorld: Where Android beats the iPhone. The author writes about his experience with the Google Nexus One and the Android platform from a developer's standpoint. What's interesting is his very accurate and honest comparison of Android development against Apple iPhone development - especially targeted at the Enterprise.
I have an article I haven't published that talks about why the iPhone platform is like it is and I hope to publish it soon (just need to give it another read and clean it up a bit) but what's clear is that decisions that Apple has made are getting ready to bite them in the ass. The InfoWorld article is just one of many that compares the iPhone with how easy it is to do very useful things on other devices. It's not that the iPhone can't do them - it's that Apple just won't let you do them. Here you have an amazing, sexy, capable device and so many of the smart and useful things that consumer and enterprise developers want or need to do on their iPhones are just not allowed.
I've been spending a lot of time lately working with companies and vendors who are building consumer and enterprise applications for the iPhone and other platforms. It's amazing to hear how many times these efforts have been thwarted merely by Apple's refusal to allow common behavior that is possible (I don't like to say allowed but that's basically the issue here) on every other smartphone platform on the market today. Developers are starting to revolt (look at what the developer of the Facebook application for the iPhone did a few months ago: here) and the market is going to turn away from the iPhone platform. This is going to happen only because of Apple's policies and in spite of the fact that it's a very cool, sexy and capable device.
The breadth of things you can do with the iPhone are being limited by the vendor, not by any limitations of the device. That's definitely going to hurt Apple in the market. |
|
Monday, 01 March 2010 21:35 |
|
I was at a meeting before Christmas and someone from Apple was presenting on the application development capabilities of the iPhone platform. What was interesting from the session was that Apple was touting all of these developer-related features that really didn't differ from the capabilities of the other major mobile platforms. For everything that he mentioned (with one exception) I could point to the exact same capability being available on the BlackBerry and other platforms. I'm not sure what was going on here - I guess he assumed he wasn't talking to a Developer audience (he really wasn't) and could get away with it.
The one exception? Background applications. Yep, most other platforms do it (heck, the Palm platform finally does) but the iPhone doesn't. I finally figured out why Apple doesn't allow background applications on the iPhone - I hope I get time to write about it soon. No, it's not for the reasons they say. I was really, really surprised that the guy could explain away the prohibition against background applications with a straight face, but he did. I guess he earned his pay that day.
Anyway, back to the purpose for this post. Apple really doesn't care about the mobile network. As you'll see in a post I'm writing for posting (hopefully) tomorrow, it's in Apple's best interest to have the most compelling application platform (they do). What they want is everyone developing for the iPhone and being upset because the same applications (I'm talking about the web here) just don't work well on other platforms (they don't). They want to be the leaders in the mobile application space (they are) and really don't care how they do it.
So, during this session with Apple, they explained that there's this cool new application you can download from the App Store that allows you to stream video from one iPhone to another. WHAT??? They're promoting device to device streaming video? Imagine being at your kid's school play and streaming the show to your spouse who couldn't make it? Wow, that's cool - but think about the network! The iPhone is already killing AT&T's network and now they're deploying an application that allows even more saturation of the network? Yep, that's it - they really don't care about the network. Someone in the audience raised his hand and asked about the impact this would have on an already saturated network and the guy from Apple rolled his eyes, placed his hands behind his back and refused to answer. He just stood there for a little while until someone asked another question. Is that amazing or what?
Implementing any features that makes better (read 'reduced') use of the network would reduce performance for the user and therefore impact the user's overall experience with the platform. Users would get snappier applications, increased battery life and would ultimately be able to do more with their devices, but that's not 'cool' or market leading. Carriers would get less complaints about the network and more users would be able to get more done at the same time, but it only affects one Wireless Carrier in the US so how bad could that be?
The best thing that could happen to AT&T and iPhone users would be for other US Wireless Carriers to get the iPhone as well. When all Wireless Carriers and users are being affected by this disregard for the network I bet we'd see the market force some changes on Apple to make the iPhone (and soon the iPad) play nice with others.
Disclaimer: Recognizing that I work for AT&T, the content in this article is my personal opinion only and does not reflect the opinion or public voice of AT&T. |
|
|
|
|
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
|
|
Page 1 of 20 |
|
|
Shot a 49, not bad for the first round of the year.
