Coleman also said that despite the VPN and over-the-air encryption, apparently there is still not encryption or a firewall capability on the device itself. Dyer said Yankee analysts have been told that the Cisco PIX (Private Internet Exchange) firewall will be used, although it is not clear if that firewall will satisfy all users.
Jack Gold, an analyst at J Gold Associates, said today that the biggest security concern is how Apple plans to provide true data encryption of all data on the device. "Is it currently good enough?" he asked. "What if you download a patient file or a financial statement to the device and store it locally?"
Password protection on the device is fine, but Gold added, "that is usually insufficient for regulated industries" such as banks, hospitals and utilities. "Mission critical security is something that no enterprise wants to compromise on," he said.
In response, Gartenberg said data encryption on the iPhone is "not much of a concern" because data can't be loaded onto it via a tiny SD card, as with many phones, simply because there is no SD card slot.
Gold and Dyer said the iPhone 2.0, as announced, still does not appear to have the same level of security as a BlackBerry, Windows Mobile or Symbian device. They said that the iPhone SDK will allow for third parties to build beefed-up security, but it could take some time to see what security applications are most effective.
"My advice to most enterprises would be to wait for better protection on the device before moving to endorse this as an enterprise ready, mission critical device," Gold said.
Beyond security, Dyer said there are many other factors that will limit enterprise adoption, including Apple's reliance on a single carrier, AT&T, for cellular service. While the iPhone works on AT&T in the US and several European carriers in Europe, Windows Mobile devices function on 170 operators' networks, and BlackBerry devices work on 300 operators' networks in 120 countries.
"Granted, it is the early days for iPhone, but it takes years to cultivate these carrier relationships, so you question if Apple is willing to put out that effort," Dyer said.
The inexperience with multiple carriers is an indication of a broader concern Apple faces with the iPhone in the enterprise, he added. Simply put, Apple doesn't have broad experience in IT shops. It also doesn't have a full set of explanations or examples of its ability to improve productivity and to provide a return on investment in order to be used by hundreds or thousands of users within a company, he said.
"It's still not seen as a legitimate solution by IT, which faces a steep learning curve in supporting it," Dyer added. "The lack of a cost of ownership story means it is a tough sell, in the near term, when compared to other platforms."
But Gartenberg had the last word on that issue, noting that the iPhone 2.0 will probably be bought by enlightened consumers who bring them to work and will want to use them for work tasks and then get paid back through an expense account rather than relying on IT to distribute them.
"They'll be asking, does it fit into the enterprise infrastructure? And the answer is, yes it does," he said.