Guest blogger Michael Argast, director of global sales engineering at Sophos, wondered why there aren't any security applications for iPhone. Michael has an iPhone that is not jail broken.
The recent worm that is infecting jail broken iPhones is highlighting the risk of playing outside of Apple's walled garden. Once you pwn your phone, you're on your own from a security perspective. This is a broader problem than just jail-breaking however; Apple has yet to provide businesses tools that allow them to manage security centrally, which leaves the administrators at many Fortune 100 companies ill prepared to proactively secure or deal with threats as they arise.
As Chet mentioned to me, many with iPhones at work tend to treat the devices like personal property - even jail-breaking them. Sure, all this particular worm did was rickroll the device, but the next may well steal confidential data - and the company has no way of knowing the device was even vulnerable.
To be ready for enterprises Apple must provide a suite of tools to ensure security policies are adhered to. For example, RIM provides the ability to centrally administer, monitor, update, delete, encrypt, and configure security settings through their BlackBerry Enterprise Server software.
Mobile security is still an evolving space. Android, with a more open development platform, may allow for more traditional security offerings (although balancing security and performance on these devices will be an interesting challenge) and the ability to run multiple applications at once will allow for more real time protection against new threats. Apple, inside the walled garden is relatively secure from malware - although there have been apps which have made it through the app screening process only to steal confidential data.
This is a rapidly evolving space, and it is critical that phone vendors work with the security community to prevent these ubiquitous devices from becoming gaping holes.
Update: It has been brought to our attention that Apple does in fact provide tools for managing iPhone usage in the enterprise. We will post a follow up article detailing the capabilities. For more information please see