On corporate security and the iPhone

I’m trying to catch up on the news (and, again, there are altogether too much iPhone-related news, non-news and rumors), but I have to take my (imaginary) hat off to Apple – they have an amazing Marketing machine.

Their ability to ride the hype and generate fresh tidal waves of it1 by releasing tidbits of information every few days or so (making the iPhone one of the most desirable gadgets ever) is unparalleled. Release dates, YouTube support, battery life, and now… The movie.

Without wanting to add to the insanity regarding the device, I find it interesting that IT managers in the US have stated they won’t support the iPhone because it would entail (in their eyes) opening their IMAP servers to the Internet.

I had to read that twice to make sure they meant that, and I couldn’t believe IT (if you’ll pardon the pun).

Haven’t these people heard of operator managed services? There’s no need to open your servers to the Internet!

My company3 has been selling secure mobile data access to corporate networks for years now, and in a way that does not require any sort of VPN client installed on your PC or mobile – you just need to have a different APN provisioned on your profile, and be able to terminate a secure tunnel at your company premises.

Basically, you get an IP address from your corporate LAN, and the whole thing is secured using 3G (or, of course, GSM) encryption over the air and shunted directly to a secure IP tunnel terminated on a router that sits on your LAN – if you want to access the Internet, you use another APN (on the handset side) or go through your corporate gateway (which a lot of companies prefer).

And that’s it. Secure access to your corporate e-mail with any standard IMAP client, including the iPhone.

I did it for years on SonyEricsson phones until the BlackBerry came along, and many people today use ActiveSync and custom corporate applications over such a connection

IT managers love it because they don’t have to manage VPN clients (it’s just a dial-up connection), works on any platform (from laptops to the dumbest possible phone), and they can manage it centrally (either via a self-care web site or by delegating/cascading authentication to their own systems).

Of course, you do need to set up the service, but it has been working for us here in Portugal for several years now, and with all sorts of different authentication databases and mechanisms (including secure tokens).

I would suggest those folk look into the AT&T Business Services portfolio. It was the first thing I did, and it’s not rocket science2.

It is ironic to consider that I’m across the Atlantic in a country slightly smaller than the state of Indiana, probably a year away4 from being able to walk into an Apple store and buying a 3G iPhone, and we’ve been doing that kind of thing for years (and so well that it’s pretty much a staple product for SMEs).

Oh well.

1 Of course, that is also being done by the “blogarazzi”, those praying mantises that pick up on any hint of speculation (no matter how unrealistic, unfeasible or just plain stupid) in order to drive up their sites’ page views (and yes, I’m talking about the blog networks, who just have to be thriving on iPhone-seeking eyeballs). 

2 AT&T apparently sets up separate APNs for each customer, which is not – if I’m reading things right – as sophisticated as our solution, but it should provide essentially the same thing as far as connectivity is concerned. 

3 Full disclosure: I work at Vodafone Portugal, and have nothing whatsoever to do with (or against) AT&T (here’s my Disclaimer, too). 

4 I have absolutely no idea if it is (or isn’t) a year away for me. If I knew anything about it, I wouldn’t say so. Again, here’s my Disclaimer.