Apple flubs its improved support for Exchange email security
Apple improved its iPhone support for Microsoft Exchange security and triggered a controversy, but it's impact is limited to sites that have deployed Exchange Server 2007.
For some users of older iPhone models, the change has led to blocking them from corporate email access, if their company's Exchange server requires data on the iPhones to be scrambled. Enterprises apparently will either have to scrub this policy or upgrade users to the new iPhone 3GS, which has the necessary hardware to handle the encryption.
In the recent iPhone 3.1 OS release, Apple decided to support a specific optional security policy in Exchange 2007. This option lets an enterprise "require encryption on the device," so that locally stored data, such as emails, are scrambled. Exchange administrators can use that more granular encryption to quickly target and remotely wipe specific files on devices that are lost or stolen, instead of the more laborious process of wiping all files.
Top 10 must-have iPhone business apps
For this to work as intended, two things are needed. First, Apple (or any other device builder) has to support this option feature in its client implementation of Exchange Active Sync, which Apple licensed from Microsoft in 2007 to let iPhone users access corporate email. Apple turned this option on for the first time in the 3.1 release.
Second, the client device has to have the hardware capability to do the encryption. That's only possible with the new iPhone 3GS and the new higher-capacity iPod Touch models.
"The manufacturer, in this case Apple, decides which [Exchange] policies to implement [in Active Sync client], then document which policies they support," says Ahmed Datoo, vice president with Zenprise, a Fremont, Calif., software vendor that provides multi-vendor device management software, covering iPhones among other platforms. "If the manufacturer never implemented support for that policy, then Exchange can't enforce that policy."
Until now, iPhone users were able to connect to Exchange 2007 servers, even if the corporate policy was to require device encryption. That's because the iPhone Active Sync client in effect was unaware of the server-based encryption policy, and Exchange in effect was unaware that the iPhone was unaware.
With the 3.1 OS, an iPhone becomes aware of this policy for the first time. Because the new iPhone 3GS has hardware encryption, it can encrypt the local data and implement the policy, and it syncs with Exchange 2007.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
iphone
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
