There they go again, those Neanderthal IT folks who use security as a reason to resist change. A recent Computerworld story cites unnamed analysts as giving the iPad an "F" for its security features, then quotes Gartner analyst Ken Dulaney on why iPhones shouldn't be used in the enterprise:
Despite Apple's updates and the inclusion of the Cisco VPN, Dulaney said Gartner concludes that the iPad is "not enterprise ready ... and Apple would have no problem with Gartner saying this was not enterprise ready. ... We don't endorse use of netbooks, and the iPad is in the same category. ... We don't think it has the security and manageability capabilities for offline applications and, more importantly, the support of Apple for the enterprise."
[ Stay up on tech news and reviews from your smartphone at infoworldmobile.com. Or download our free InfoWorld iPad app. | Get the best iPhone and iPad apps for pros with our business iPhone apps finder. | See which smartphone is right for you in our mobile "deathmatch" calculator. ]
Dulaney is a smart guy, and Gartner tends to be conservative in its recommendations; it was one of the first analyst firms to backtrack on promoting Windows Vista, for example, and it traditionally tells IT to avoid major operating system updates until 18 months or so after the initial version ships. Thus, I know he's being honest in his cautious approach. It's clear his standard applies to a broad range of devices, not just iPads.
The flawed premise behind the knee-jerk no
But there's a flawed premise that Gartner shares with many IT managers: that mobile devices must meet military-grade security needs or, at least, financial-services-grade security needs. Why? After all, most laptops deployed don't come with the hard-to-break (if, indeed, any) encryption, remote kill capabilities, and application management that analysts and vendors say mobile devices should have.
The fact is most companies are not defense contractors, financial service providers, or similarly highly regulated entities. So why should smartphones meet those industries' special requirements?
One reason is Neanderthal IT thinking: that IT's job is to control information and process by preventing users from doing much of anything. That ship sailed years ago, and IT leaders who stake themelves to that approach are doomed. IT's job is to enable the business and minimize risk where reasonable.
If information is so critical that it needs to be tightly controlled on a iPad or other mobile device, you have to ask why that information is so accessible in the first place. The best way to control highly sensitive information is to not make it available, or at least keep it on the server and never let it be stored on an external device. That's what many hospitals do with their wireless tablets and laptops, so patient information doesn't leave the grounds even if the hardware does.
The hypocrisy of Neanderthal IT's mobile expectations
If the IT department that insists on military-grade security for mobile isn't doing the same for its laptops and other computers, you know the issue is not security but resistance to change -- a reluctance to accept new technologies that are user-oriented.