Analysts Weigh in: How to Prep for Apple IOS Device Flood in the Enterprise

Businesses might long for the relatively simple policies for corporate-owned mobile devices of the BlackBerry age, but today's realities are forcing them to prepare their networks for a continued onslaught of authorized and unauthorized access from a slew of consumer devices, led by iPhones and iPads.

"If I'm this enterprise IT guy, is there any chance I can say 'no' to Apple devices coming onto my network?" says Andrew Braunberg, research director for the Business Technology and Software group at Current Analysis. "These devices are here to stay."

ANALYSIS: Can employee-owned devices save companies money?

Colleague Kathryn Weldon, principal analyst for Enterprise Mobility at Current Analysis, says the situation is complicated, however, by the fact that some companies haven't outlined bring-your-own-device (BYOD) policies.

"There are going to be different constituencies within the enterprise, some of whom are going to bring their own devices because it's fun doing so and others of whom the corporation will want to take control," Weldon says.

Industry research indicates that iOS devices will become ever more prevalent on corporate networks in 2012. For example, 54% of respondents to IDG Connect's iPad for Business Survey reported using their Apple tablet for work purposes, compared to just 42% who cited personal communication.

For IT managers attempting to handle the wave of iOS activity on the network, Braunberg says compromises are needed.

"The choice issue is just impossible to fight," Braunberg says. "If you can provide enough choice to keep the employee happy, and IT can get management control back regardless, then it becomes not so much of an issue in the long term. The question is really about management and control."

Striking a balance between freedom in mobility and reliability in a network means a compromise from every participant, Braunberg says. Those on the business side will need to make the investments in security tools, such as mobile data-loss prevention and remote wipe and lock tools, whereas end users will need to be willing to endure the inconvenience of a corporate client running on their personal phone, Braunberg says. In a perfect world, in which each side was willing to work together, BYOD wouldn't be an issue.

"There's some minimal level that IT can request from end users to allow them to use these devices," Braunberg says. "And I don't think that's a bar that's too high for most employees to understand that there's that requirement."

Maribel Lopez, founder and principal of Lopez Research, sees the potential for tension between users and IT, especially for companies that install remote wipe clients on employees' phones.

"As a firm, you'll need a solution that allows you to remotely wipe the corporate data but keep the personal data intact," Lopez says. "This is pretty new still, as most solutions do a full wipe. Try explaining to your employees that you're sorry that you erased the photo of his child walking for the first time."

Braunberg and Weldon share the same sentiment, stressing that the ability to choose what data will be wiped from a compromised device is essential to managing consumer devices on the network. Citing findings from Current Analysis' survey of enterprise mobility practices, Braunberg says those in the enterprise appear to be clamoring for these tools.

"When we asked about the partitioning capabilities, and the ability to do a selective data wipe or selective lock on specific application data, the popularity of those features went up quite significantly," Braunberg says. "That probably speaks to the fact that there are really some concerns about just doing these blanket wipes on phones, particularly if they're not corporate-owned. When we see the ability to be more selective in what we delete, that will make enterprise IT folks much more comfortable with this broader set of devices."

Adoption will increase once the enterprise can break away from traditional mobility management practices and put in place what Weldon calls a new philosophy around securing the network in the mobile age.

"Everything's been very IT-focused until now, and now everyone's thinking about the person who's paying for this or the person who's using this thing even though the corporation is paying for it," Weldon says.

Weldon, Braunberg and Lopez all expect Apple will begin making it easier for its devices to run more customized client applications for partial remote wipe and other corporate management capabilities.

Braunberg says IT managers should not be concerned by the growing volume of consumer devices in employees' hands as much as they should be relieved by the enterprise-compatible advances that are likely to appear in mobile software.

"Every new version of the OS is kind of enterprise-ready across the board," Braunberg says. "If you think mostly about Apple and Google, neither of them had an initial focus on the enterprise, but they've both taken it much more seriously," he says.

Colin Neagle covers Microsoft security and network management for Network World. Keep up with his blog: Rated Critical, follow him on Twitter: @ntwrkwrldneagle. Colin's email is

Read more about anti-malware in Network World's Anti-malware section.

Copyright © 2012 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline