Smartphone Corporate Tools

WHITE PAPER Apple iPhone and RIM Blackberry – Consumer gadget vs. Corporate tool?

By John Thompson & Peter Cocks

September 2010

Sponsored by: Neil Davison – Head of IT, Farrer & Co LLP Jan Durant – Director of IT and Operations, Lewis Silkin LLP Simon Earnshaw – Director of IT, Dickinson Dees LLP Mabel Evans – Head of IT Services, Field Fisher Waterhouse LLP James Harrison – Head of IT, Leigh Day & Co Angela McMahon – IT Support Manager, Mishcon de Reya

1 ABSTRACT

This paper considers the advantages and disadvantages of both Apple’s iPhone 4 and RIM’s BlackBerry Torch 9800 (to be released in the UK in October 2010), providing a comparison of key considerations for IT managers, such as the security levels supported, relative hardware costs, remote management functionality and respective device usability. This Paper will not be considering other alternative smartphones in the current marketplace, such as those with different operating systems, e.g. Android (HTC Desire), or Bada (Samsung Wave).

The Apple iPad has however been acknowledged in this research, as it is expected to emerge as a viable alternative business tool, and in the legal sector it was recently reported that Eversheds were due to run an iPad triali. The iPad also faces competition from rivals such as Samsung, Dell and Fujitsu (running both Windows 7 and Android operating systems)ii; and it is widely rumoured that Apple will be releasing a 7” “mini-iPad” in time for Christmas 2010iii. RIM have also very recently announced the launch of a new tablet called the PlayBook which is rumoured to have better overall performance than the iPad.

2 About Consulting Stream

Consulting Stream are firm of independent management consultants that help law firms to articulate the need for technology-enabled change, then help them to successfully deliver the benefits. We have extensive operational business change and outsourcing experience gained from working cross-sector and from advising both vendors and clients – so we know what works. We are specialists in designing, procuring, implementing and improving change programmes.

Established in 2001, Consulting Stream have advised many major private and public sector clients ( www.consultingstream.com ), and have also worked with law firms on assignments as diverse as practice management procurement, case management procurement, programme management and programme recovery, IT strategy and organisation, outsourcing, service improvement planning and business strategy.

AUTHORS

John Thompson has been with Consulting Stream since 2006 and is an experienced technical project manager and service improvement specialist. Contact: [email protected]

Peter Cocks has been with Consulting Stream since 2006 and is an outsourcing and procurement specialist. Peter is also a partner at the firm. Contact: [email protected]

3 INTRODUCTION

Over the past decade, the BlackBerry has become the de facto standard for mobile personal digital assistants (PDAs) in law firms. In November 2009, it commanded a 20.8% share of worldwide smartphone salesiv and has gained popularity through its intuitive interface, simple functions, with a full physical QWERTY keyboard (with the exception of the Storm series). As a result, lawyers have adopted it as their preferred tool when out of the office, surpassing the use of laptop computers for e-mail in many cases. In the past few years, we have also seen an increase in additional BlackBerry applications aimed at lawyers, including mobile time recording, access to documents stored in the document management system and mobile digital dictation, all of which have increased adoption rates further, strengthening its position as an (almost) complete mobile office alternative. However, many lawyers still primarily use their BlackBerry just for email even using another mobile phone for voice calls.

The iPhone has shipped more than 50m handsets globally from its launch in 2007v, and with sales of 5.2 million units in Q4 2008, Apple surpassed those of BlackBerry for the quarter making Apple also briefly the third largest mobile phone manufacturer by revenue, after Nokia and Samsungvi. The iPhone has singlehandedly transformed the way in which consumers use smartphone devices and with the availability of applications, combined with its intuitive, easy-to-use touchscreen interface, has driven a huge increase in the use of mobile data.

With support for e-mail and web access and an increasing number of business applications, lawyers are asking firms to move their smartphone from BlackBerry to iPhone. So as it was in the early days of the BlackBerry, IT managers are now being challenged to ensure that the required level of security and quality of support is maintained for business iPhones. The question then is, ‘How does the iPhone stack up against the widely used Blackberry devices?’

4 DEVICE USABILITY

The BlackBerry is generally recognised as the better email manager of the two smartphones in part due to its QWERTY keyboard. It also synchs with the now mature BlackBerry Enterprise server which has built-in support for nearly every email provider. iPhone has however been rapidly progressing over the last two years to challenge the position of BlackBerry as a business tool but until recently was lacking enterprise support. iPhone is considered as having a much more inituitive interface and better overall device performance. iPhone also supports multiplatform and leading edge ‘activity stream’ applications, such as Socialcast and secure cloud-based file sharing, and collaboration tools such as Dropbox. In this respect, it can now be considered a serious contender in the corporate smartphone world.

Smartphone functions

Both smartphones can provide the following key functionality:

• Shortcuts • Web access • Email management system • Multiple emails (both incoming and “smart” replying - associating the correct email address with which to reply)

The BlackBerry phone also contains the following:

• Macros • Separate QWERTY keypad, in addition to a touchscreen keyboard • Discreet flashing LED to highlight new mail (unlike the iPhone’s notifications, which can pop up and interfere with the current application running).

For both phones, viewing and amending documents can be awkward due to the size of the screen. The iPhone, with its larger screen, may be slightly more comfortable (however, the on-screen keypad does reduce the document viewing area); but neither match the ease and comfort of a computer or laptop screen.

Both phones can show documents in both portrait and landscape modes, by simply turning the device onto its side. The image can also be zoomed in on, to raise the font size of the text for ease of reading and editing. This can improve the reading legibility of both documents and emails. The better experience of the two is currently the iPhone but Blackberry are expected to launch within the next year a new device series that offers similar screen size and performance to the iPhone.

5 In addition to using the smartphones for viewing and amending documents, both devices can also download business Applications such as:

• Mobile time recording (time/expense tracker) • Mobile digital dictation • Secure cloud based file services • Citrix receiver, allowing secure access to virtual desktops, applications and data • Securing critical information using strong encryption and password protection • Spreadsheets, word processors and databases • GPS location / sat-nav • VoIP, allowing free calls over Wi-Fi and 3G

Battery power

The battery life of Smartphones has been an issue with many business users when compared to traditional phones. This is typically caused by functions that need to use the data network, e.g. e-mail polling, web downloads and GPS functionality, although heavy phone use and keeping Bluetooth always switched on will also drain battery life. There are several websites that recommend tips on making smartphones’ battery life last longer between charges, such as:

http://www.examiner.com/ iPhone-in-national/how-to-save-iPhone-battery-life

Due to better memory and power management, and lower screen resolution (requiring less power), the BlackBerry typically lasts longer between charges than the iPhone. (See the End Notes Section for detailed comparisons).

BlackBerry Torch battery life is estimated at 5.8 hours of talk time and six hours of video playback, and also can have its battery replaced with a fully charged one, if necessary. The iPhone’s battery is integrated and cannot be replaced easily.

Management of downloads, updates, etc.

Both devices can be managed remotely via the IT Department’s Enterprise Management System. It is recommended that IT departments “push” Application and IT policy updates during off-peak hours to minimise disruptions to usersvii.

Synchronising requires the user to attach their iPhone/BlackBerry to a computer and access updates via a PC’s browser (as it may need to reboot). It is also preferred for up- or down-loading application updates, music, photos or videos, due to their size.

Quality of iPhone 4

The iPhone 4 is extremely rigid, dense and sturdy. The handset is predominately constructed from two glass panels that make up the front and rear of the phone. The initial reaction is that this may make the phone susceptible to picking up marks, and

6 in the worse case actually breaking. This is no normal glass however, thanks to a special treatment it undergoes during its production. The result is a panel that is approximately 30 times tougher than plastic. To put things in to perspective, it is likened to the glass used on high speed trainsviii.

The biggest known problem with the iPhone 4 is the well-publicised “death grip”, where the holding of the phone in a particular manner causes its antenna to drop its signal, to the point where an airwave connection is lost. Although Apple has released an update to the operating system in September 2010 (OS v4.1), this does not provide a software fix to this hardware problem. Rubber surrounds have proved to help reduce the signal reduction issue. The iPhone 3GS has a different antenna design, does not have this problem and can also be upgraded to OS 4.1 making it a good choice.

Quality of BlackBerry Torch 9800

The BlackBerry is also of excellent build quality, and combines a full touchscreen with a hardware keyboard. The Torch is primarily plastic – with some chromed highlights like the fascia bezel – but it is high-quality and solidix.

There is also a large BlackBerry support community forum, offering support, resolutions and advice on users’ issuesx.

Feature comparison

Multimedia & multimedia attachments – taking photographs, listening to music, playing back voicemails, viewing images – all of these are possible on both devices.

The lower screen resolution of the BlackBerry, and its smaller display, makes images look more washed-out. Text on websites is easier to read on the iPhone: detail is crisper.

Apple is renowned for its applications, including music, and they work very well. BlackBerry’s Applications choices are growing, but the device needs a faster processor and more RAM to match the iPhone for music and video. (BlackBerry’s processor has 624MHz whereas iPhone’s processor runs at 800MHz-1GHz – BlackBerry’s Web browser sometimes pauses to refresh as a result of its slower speed).

Apple also has an easy-to-view method of displaying texts and emails, by keeping threads, or “conversations”, with individuals associated together, allowing easy reading of the content. BlackBerry phones list and display received texts and emails in chronologically-received order.

Neither device runs Adobe Flash (used on many internet websites to display dynamic content). iPhone runs HTML5; BlackBerry doesn’t use HTML5, and so has more problems running dynamic content on the screen.

7 Microsoft Exchange Server 2003 or 2007 can wirelessly push email, calendar events and contacts to iPhone. Time-saving features are incorporated, such as searching inboxes and server, creating calendar invitations directly from iPhone, and dialling out from calendar events on iPhone. iPhone can synch with IMAP mail servers and search a mail server from the iPhone. It also integrates with common CalDAV-compliant calendar servers (e.g. iCal Server, Oracle Beehive, Kerio, Zimbra). Subscribed calendars can be synched. Searching LDAP servers from either the mail or contacts App on the iPhone allows fast retrieval of colleague details.

The results of numerous data transmission tests carried out are available on the Web; notably “live” comparison tests on YouTubexi xii xiii. Data speeds are dependent on various factors: the relative location of the phone mast; indoors/outdoors; signal strength; thickness of walls; other users, etc.

Newer BlackBerry devices use the proprietary BlackBerry Messenger, which allows for instant messages to be sent internationally without the costs of regular text messaging. BlackBerry Messenger also allows for display names, display pictures and personal messages, and deliver and read notifications.

Figure 1: iPhone 4

8 Figure 2: BlackBerry Torch

9 REMOTE MANAGEMENT TOOLS

General

There are Enterprise management tools now available for both iPhone and BlackBerry smartphones which allow corporations to remotely manage the maintenance, security policies, provisioning and day-to-day working of the devices (such as email management).

Although BlackBerry have had many years of developing corporate remote management tools, only the most recent Apple operating systems (iOS v4.0 and v4.1) have allowed Apple to also have equivalent enterprise management capabilitiesxiv developed for iPhones (and iPads in Autumn 2010).

The operating system of the previous model to the iPhone 4, the iPhone 3GS, can also be upgraded to v4.0. This handset is not affected by the “antenna issue” besetting v4 (telephone calls dropping when the handset is held in a particular way). A Comparison Table in the Endnotes section highlights the specification differences between the two Apple devices.

For both parties, these Enterprise tools act as an e-mail relay (“push”) for business e- mail accounts so that users always have access to their mail. The software in each case monitors the user's local Inbox, and when a new message comes in, it picks up the message, relays it to the user's wireless provider, which in turn delivers it to the user's device.

Installing the remote management tools and the server setup in both cases is straightforward and experienced IT staff should not have any problem with the step- driven setup applications.

Apple remote management tools

Apple provide an iPhone Configuration Utility (IPCU), which lets you easily create, maintain, encrypt, and install configuration profiles, track and install provisioning profiles and authorized applications, and capture device information including console logs.

Several firms also provide Apple mobile management tools, including AirWatch, Good Technology, MobileIron, Sybase, Tangoe, and Zenprise.

The server-based tools integrate with Microsoft Exchange, LDAP, and Active Directory to enforce Exchange ActiveSync (EAS) policies, track access, and validate user permissions, and they all install EAS policy profiles and certificates directly onto iPhones and iPads without user intervention.

The tools also track which devices have what profiles and Applications installed, so IT has an audit trail for compliance monitoring.

A company’s IT department can install security and policy profiles onto Apple devices without user intervention, and can also monitor and audit policy adherence. The

10 corporate IT department can selectively wipe information (for example, leaving users' personal email while wiping corporate email) and to provision a catalogue of recommended App Store Applications. By October 2010, the server will support several new iOS v4.0-specific capabilities, in addition to the ability to install policy profiles without user intervention and deploy in-house Applications without going through the Apple App Store.

Selectively wiping data from the calendar, such as corporate items, but leaving personal ones, is another facility.

Software can manage and enforce policies around access to in-house corporate Applications, so IT can manage App deployment as it does on the desktop.

Software can also inventory all the Applications on each user's device - including those installed by users via the Apple App Store - and compare the inventory to a whitelist of approved Applications or a blacklist of forbidden Applications. If a user's device has Applications that violate the corporate approval policy, the system can prevent that device from accessing corporate resources - in essence, restricting the device to personal use.

The Apple operating system iOS 4 lets businesses provision their own iOS Applications without going through the Apple App Store, as long as these in-house Applications have a valid signature from Apple (so they still have to go through Apple's approval process).

It lets iPhones and iPads support multiple Exchange accounts, and also allows "sandboxes" (a security mechanism for separating running programs), such as for email clients, Applications, policies and VPN data, that encrypt these blocks of information separately from the device-wide encryption on newer iPhones and iPads.

All in all, the Apple tools provide adequate functionality to allow business iPhones to be managed and secured; recent conversations Consulting Stream held with two large corporates who both have a mixed estate of Blackberrys and iPhones seemed to indicate no apparent issues with the iPhone.

BlackBerry remote management tools

BlackBerry handhelds are integrated into an organisation's e-mail system through a software package called BlackBerry Enterprise Server (BES).

Versions of BES are available for:

• Microsoft Exchange, • Lotus Domino, • Novell GroupWise, • Google Applications.

Organisations with multiple users usually run BES on their own network. Some third- party companies can also provide hosted BES solutions.

11 The latest version of BES (version 5.0.1, April 2010) sports a new, simplified Web- based administration interface and groups for easier management of roles, IT policies, and software configurations. BlackBerry Enterprise Server 5 also promises better reliability through server failover features and system health checks.

An experienced IT department should be able to manage the server management systems for the phones; however, there may be some unintuitive settings, as well as configuration problems with the Web server that may cause delay in the set-upxv.

IT Policies

The BlackBerry Enterprise Server comes with over 200 IT policies that allow administrators to customise and enforce device-side security settings. IT policies are delivered and enforced wirelessly. They are digitally signed to ensure integrity and cannot be changed or disabled by BlackBerry device users.

BlackBerry Enterprise Server Express

There is a free package called BlackBerry Enterprise Server Express, which provides small and midsized businesses with many of the same security, management, and push technologies of BlackBerry Enterprise Server – but at no cost beyond their existing Microsoft servers.

From the BlackBerry user's perspective, BES and BES Express are the same. Both let users wirelessly synchronise email, calendars, and contacts, as well as access files stored on the server. The two products even work well together in large organisations. Express can be used to manage personal BlackBerry phones that employees purchase and bring to work, while BES can handle the heavy lifting of corporate BlackBerry devices that are deployed in large numbersxvi.

Both BlackBerry Enterprise Server and BlackBerry Enterprise Server Express 5.0.1 provide new administration roles that can be used to spread out IT management tasks more efficiently, for example, assigning one person to serve as a senior help desk administrator and others to administer a particular server or group of users.

The BES Express turns over a lot of control to users - self-service that can reduce the work for help desk staff. The Web Desktop Manager (subject to policies) allows users to activate and configure their smartphone settings, backup and restore data residing on the phone, and install applications.

Roaming internationally can also be detected automatically, and users can get a minimum of a warning of the possibility of being subject to very high roaming fees (see Costs Section). Data roaming could be set to switch off automatically when the device goes abroad (yet still allowing voice services), with the onus placed on the user to switch it back on, if it is required (a simple setting change).

NB: UK operators have recently noted that there are faults with switching off Data Roaming, suggesting that the cause is the Visual Voicemail service that O2 provide to the iPhone – so it is advised to check for this issue and request a refund of costs if it is duexvii.

12 BlackBerry Administration Service

Additionally, the BlackBerry Administration Service, a Web-based console that only works with Microsoft Internet Explorer, provides options for creating and assigning IT policies.

The BlackBerry Administration Service provides options for managing users and groups, handling operating system upgrades on the handsets, and dealing with applications on smartphones. Administrators can also manage the server from this console.

COSTS

Device costs

The UK mobile market is one of the most competitive in the world with more choice of network provider (5 networks) than in most countries. As a result, handset subsidy in both the consumer and business markets is common meaning that in many cases there is no initial device cost for business users who sign up for a term commitment contract. Initially as a consumer focused device and with the restricted availability ( O2 network only ) the iPhone attracted initial costs for business users however as this is more widely available, all 5 providers now offer contracts with new iPhone devices at no initial cost. Blackberry devices have long been available on a similar basis. The list price for both devices however are similar and range between £299 and £599, dependent on specification.

Corporate device management software costs

Apple’s website provides a free downloadable iPhone configuration utilityxviii, allowing easy creating, maintaining, encrypting, and installing configuration profiles, as well as the ability to track and install provisioning profiles and authorised applications, and capture device information including console logs.

Additional management software provided by third party software houses (e.g. AirWatch, Good Technology, MobileIron, Sybase, Tangoe, and Zenprise), are available at a cost.

Likewise, RIM offers free BlackBerry BES Express management software, as described earlier. Newer BlackBerry devices use the proprietary BlackBerry Messenger, which allows for instant messages to be sent internationally without the costs of regular text messaging. BlackBerry Messenger also allows for display names, display pictures and personal messages, and deliver and read notifications.

Data costs

The key issue for the operators in recent years has been the growth of mobile data. Prior to the highly functional smartphones such as the Blackberry and IPhone, the

13 average useage in the UK per device, per calendar month, was less than 40 megabytes of data (MB). In 2010 smartphone network useage has been averaging in excess of 550MB per month ( Source: TEN Sept 2010 ) with video accounting for 42% of all mobile data traffic. As a result of these trends, it is expected that so called ‘unlimited’ data tariffs for both business and consumer customers will shortly no longer be available as operators are expected to revise their data pricing.

In terms of relative differences between the efficiency of the devices, networks charge based upon the total MB used and not the time connected to the network so any data / network handling differences between the devices do not affect the cost.

Data tariffs are based upon the number of MB of use per month and typically vary between 500MB and 1GB packages and as with fixed line broadband services fair use policies will apply. To put this into context, O2 state that a 1GB package will allow 1 million e-mails ( less if they have attachments ) to be sent/received over a month. Data packages even for business users are generally combined with voice minutes.

Once a user exceeds the data commitment then the typical additional cost of data in the UK (this month) ranges between £1 per MB ( Vodafone ) to £ 2.55 per MB (Orange).

It must be said finally that of course both iPhones and Blackberrys have Wi-fi capability and so when connected to an existing office or home Wi-fi network effectively there are no data costs as the mobile network is bypassed.

Roaming costs

A major concern for firms with smartphones has been the cost of roaming. This occurs when users are outside their ‘home’ network and additional charges for data apply. Prior to July 2010 charges were complicated to understand as they depended on many different variables and in some cases could mean a bill of several hundred pounds for a single business trip into Europe.

Since 01 July 2010, new EU regulations cap mobile data roaming fees to €50 per month – but only if this price cap has been pre-agreed with the service provider. This regulation has had the effect of simplifying charges between the various operators and so, in turn, the charges to business users also. For example, Vodafone now charge £1 a MB for data roaming within Europe and £3 a MB rest of the world.

Some operators, such as Vodafone also cap everyones roaming charges at £34 a month after which business users need to contact their administrator who can then instruct Vodafone to raise the limit selectively. Consumers have the same cap, but just need to simply text Vodafone to lift it.

Two important points to make are that the regulation won't be in force when travelling outside the EU and that not all operators offer a single rest of world roaming tariff.

To prevent roaming overcharging, the simplest step is to disable the 3G setting on the device when travelling abroad. The smartphone will then default to trying for a

14 local Wi-Fi connection first, before trying to connect via roaming. Inexpensive hotspot access can also be found in several countries by purchasing cheap wireless accounts. Many European hotels offer free Wi-fi access.

However, 3G access is preferable; and most carriers offer prepaid 3G data plans, where one can sign up for a certain number of MB (the carrier's local Wi-Fi hotspots can usually be used as well – but note that Voice over IP and other streaming usage is typically prohibited on 3G prepaid plans).

To reduce roaming costs, an operator-specific micro-SIM can be purchased for a BlackBerry to access a 3G network abroad (note that iPhones do not have an available card port). Pre-paid data vouchers can then be bought at a local phone store.

SECURITY

There has been much debate surrounding the security of both applications and data with iPhone and BlackBerryxix devices, with concerns ranging from how best to secure lost devices to how to prevent snoopers or organised corporate thieves from stealing sensitive client information.

Securing smartphones and data is no different to any other security problem a firm faces, from computers being hacked into or, indeed, offices being broken into and confidential client files physically being stolen.

There are ways to minimise security risks which can be carried out, such as ensuring:

• Appropriate company security policies are in place; • Smartphone users are educated and understand the key risks, e.g. accessing corporate systems using ‘’jailbroken’’ phones or downloading unsafe applications; • All smartphones have basic security measures in place, e.g. PIN-locking interfaces when idle; • Enterprise remote management tools are implemented so that IT departments can then limit users’ ability to install forbidden applications, etc.; • Any applications used are approved and managed to help reduce security risks and threats.

A range of applications (known as “Apps”) can be downloaded for both the iPhone and BlackBerry from their respective website “stores” to assist in security. These can be installed onto users’ smartphones remotely by an IT department over the air using remote device management tools, as well as by users themselves.

15 Security Feature Comparisons

Data Encryption - iPhone

For the iPhone, data is protected through SSL encryption of information in transmissionxx, hardware encryption for data at rest on the device and data is also encrypted when backed up to iTunes.

Network communications are kept secure by using: • Cisco IPSec VPN • WPA2 Enterprise Wi-Fi • SSL/TLS on iPhone. Exchange

Configuration profiles make it easy to install device restrictions and certificates on iPhone for authentication to: • Cisco IPSec VPN servers • 802.1x-based wireless networks • Exchange Servers • other corporate services

For email connections, by default, the iPhone uses SSL (Secure Sockets Layer) encryption for POP, IMAP and SMTP.

Data Encryption - BlackBerry

There are several encryption options for any data transmitted between BlackBerry Enterprise Server and BlackBerry smartphones:

• Advanced Encryption Standard (AES); • Triple Data Encryption Standard (Triple DES) • Secure gateway to HTTPS sites • RSA SecurID authentication (see below)

Private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Each secret key is stored in the user's secure enterprise account and also on their BlackBerry smartphone and can be regenerated wirelessly by the user.

Data sent to the BlackBerry smartphone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the user's mailbox. The encrypted information travels securely across the network to the device where it is decrypted with the key stored there.

RSA SecurID

This authentication provides organisations with additional authorisation when users access application data or corporate intranets on their BlackBerry smartphones. Users are prompted for a username and Token Passcode when navigating to a site or application requiring authorisation.

16 Data remains encrypted in transit and is never decrypted outside of the corporate firewall (see Figure 1).

Figure 3: BlackBerry Encryption

Supported Email Servers

The iPhone supports Microsoft Exchange and other standards-based servers.

The BlackBerry supports Microsoft Exchange server and Microsoft Live Communication Server 2005; IBM Lotus Domino, IBM Lotus Sametime and Novell GroupWise and Novell GroupWise Messenger.

These email servers provide users with secure over-the-air push email, calendar and contacts.

Secure VPN

To protect all connections made from an iPhone, it is recommended to use a secure VPN connection to the private corporate network. Certificate-based authentication enables iPhone to connect with corporate servers via Exchange, as well as VPN On Demand, which makes network communications seamless and secure.

With configuration profiles, businesses can remotely configure the company’s VPN, email and wireless network settings, ensuring that each iPhone is secure and ready for business.

Out of the box, iPhone supports Cisco IPSec, L2TP over IPSec and PPTP: no additional network configuration or third-party applications are required to connect iPhone to a corporate VPN if the organisation supports one of these protocols.

Further details of VPN deployment can be found here: http://images.apple.com/uk/iPhone/business/docs/iPhone_VPN.pdf

There is no need to install a secure VPN for BlackBerry devices: BlackBerry smartphones use mutual authentication and transport encryption to secure the

17 connection to the BlackBerry Enterprise Server. These features provide the confidentiality, integrity and authentication of a VPN.

Lost/Stolen Device Management iPhone provides secure methods to prevent unauthorised use of the device through passcode policies and restrictions.

In the event of a lost or stolen iPhone, all data and settings can be cleared by issuing a remote wipe command from Exchange after several failed passcode attempts. This is a key deterrent against brute force attempts to gain access to the device. By default, iPhone will automatically wipe the device after 10 failed passcode attempts. As with other passcode policies, the maximum number of failed attempts can be established via a configuration profile or enforced over the air via Microsoft Exchange ActiveSync policies. iPhone also supports remote wipe. If a device is lost or stolen, the administrator or device owner can issue a remote wipe command that removes all data and deactivates the device. If the device is conﬁgured with an Exchange account, the administrator can initiate a remote wipe command using the Exchange Management Console (Exchange Server 2007) or Exchange ActiveSync Mobile Administration Web Tool (Exchange Server 2003 or 2007). Users of Exchange Server 2007 can also initiate remote wipe commands directly using Outlook Web Access.

For the BlackBerry, a password must be entered to unlock and use the devicexxi. This can be enforced with the IT policy on the BlackBerry Enterprise Server. The device can be set to automatically lock at specified time intervals (e.g. every 30 minutes) and set to lock when the device is holstered.

User data on the BlackBerry device can be stored encrypted using AES-256. Thus, even if someone reads user data directly from the device hardware, there is no way to decrypt the data without the device password.

Users with the BlackBerry Smart Card Reader have an additional level of protection: the device can be configured to automatically lock when the BlackBerry Smart Card Reader is outside of Bluetooth communication range (normally around 30 feet). This gives proximity access control for the BlackBerry device.

A lost or stolen BlackBerry device can also be remotely locked or even erased by the BlackBerry Enterprise Server administrator, provided that the server can communicate with the device. The administrator can also remotely change the device password and delete applications from the device.

Each time a BlackBerry device boots up, the Boot ROM checks the authenticity of the Java Virtual Machine and the Operating System. The Java Virtual Machine then checks the integrity of the BlackBerry software. If any of these checks fail, the device does not boot up.

18 In order to successfully change the BlackBerry software, an unauthorised user would need to change the Boot ROM, which is non-trivial and requires access to the device hardware. Thus, the device software cannot be changed without access to the hardware. In addition to requiring proprietary knowledge, accessing the hardware leaves behind evidence of a tampered device.

Ease of corporate security set-up iPhone

Company network configuration and deployment across the corporation is straightforward..

For users, installing a configuration profile is as easy as tapping a secure web link or receiving an email with the configuration profile attached. Configuration profiles can be signed and encrypted — and once installed, individual users can be restricted from removing these profiles from their iPhones. iTunes, the user’s associated software package for uploading and downloading Apps, music and images, can be tailored to a Company’s needs. It can restrict or disable network services, such as the iTunes Music Store or shared media libraries, and control access to software updates.

The iPhone can be set up to connect directly to a corporate network; however iTunes is required for activation, software updates and encrypted backups. The iPhone activation process can be centralised by putting iTunes in activation mode. iTunes can be deployed using centrally-managed desktop software deployment tools.

BlackBerry

Standards-based protocols and development tools help ensure that practically any enterprise application, infrastructure or system can be wirelessly enabled without being rebuilt or replaced.

With the BlackBerry Enterprise Solution, organisations can benefit from deployment and management features that simplify its administration:

• Role and group-based administration capabilities: help reduce security and operational risks and administrative overhead by delegating permissions by role and creating administrative user groups.

• Over-the-air wireless IT policy enforcement: Provides fast, cost-effective method for supporting users and managing corporate policies remotely so users don't have to go without their devices and IT does not have to have devices in hand to make changes.

• Track key device statistics: easily monitor third party applications loaded, IT policies applied, device models, PIN numbers, software versions and serial numbers.

19 • Remote BlackBerry Enterprise Server and network management: manage the BlackBerry Enterprise Solution and network infrastructure from wireless devices with available third-party applications.

User device management

For the iPhone, users can enforce complex passcodes, camera restrictions and other policies on iPhone to protect corporate data.

Corporate passcode policies and settings can be established with configuration profiles created and distributed via USB or over the air.

Safari browser provides access to corporate resources anytime. iPhone also includes other easy-to-use, innovative applications and business tools (e.g. Maps, Voice Memos & Voice Control).

Details on the BlackBerry Enterprise Solution security set-up can be found on this link: http://docs.blackberry.com/en/admin/deliverables/16650/BlackBerry_Enterprise_Server- Security_Technical_Overview--1153051-0615043613-001-5.0.2-US.pdf

Security of device Applications (“Apps”)

Both smartphone companies allow third-party developers to write Application software. Any application that makes use of certain restricted functionality must be digitally signed so that it can be associated to a developer account. This signing procedure guarantees the authorship of an application but does not guarantee the quality or security of the code.

The iPhone's operating system is designed to only run Apps software that has an Apple-approved cryptographic signature. This restriction can be overcome by "jailbreaking" the phone (replacing the iPhone's firmware with a slightly modified version that does not enforce the signature check). This may lead to a circumvention of Apple's technical protection measures, as well as Apple’s refusal to support the device (as it raises support costs). Jailbroken iPhones may therefore be susceptible to computer viruses or malware, but few such incidents have been reportedxxii.

There are several instances of security breaches by worms hitting jailbroken iPhones, where a route in has been caused by the user not changing their password for their iPhone’s root account – the worm can change phone settings and also steal dataxxiii.

Typically, a smartphone’s remote management tool (such as MobileIron) can detect "jailbroken" iPhones, and block the phones from accessing corporate resources.

The BlackBerry curtails viruses by containing malicious programs. The BlackBerry software and all of the core applications are digitally signed to ensure integrity and control access to the Application Programming Interfaces. Thus, the core BlackBerry functionality cannot be directly accessed by other applications.

20 In addition, BlackBerry Enterprise Server comes with 19 application control policies that allow the administrator to limit which applications can access internal or external domains, make network connections, access the phone, access email messages, etc. The administrator can also prevent the downloading of third-party applications, the use of the device ports or the storing of data on the device.

BlackBerry users can access confidential data and sensitive applications from their mobile device according to the policies and security regulations defined by their company by having their phones installed with a fully-functional smart card that is integrated with the phone’s operating systemxxiv. The benefits of this are listed in the End Notes Section.

The UK BlackBerry website has a useful, detailed knowledge basexxv on BlackBerry security aspects, including frequently asked questions, articles, white papers, how-to guides and support issues.

There are also many third-party Apps which have been developed that can be used to ensure data security. These include:

• Secure cloud file service (Soonr; Dropbox); • Citrix receiver, allowing secure access to virtual desktops, applications and data; • To avoid sensitive data loss in case of phone theft, Apps that safely store information such as website logins and passwords, personal IDs, credit cards, membership cards, bank and financial account information and any personal notes want to keep safe and securexxvi.

Other security methods

Security policies can be supplied and managed by corporate remote management tools: these are detailed in the Remote Management Tools section.

21 CONCLUSIONS

Today, both Smartphones can be considered serious tools for the business marketplace. They both have the secure enterprise management systems in place to ensure that they are a viable choice for any business to manage for their employees, and both allow users to conduct business on the move, edit calendars, send and receive email, and allow entries to automatically synch with office computers. A range of business applications are readily available for both devices, from creating and editing spreadsheets and word documents to surfing the web and iPhone in particular supports a range of new cloud based productivity tools.

Device and data security needs have largely been met by both manufacturers; BlackBerry tools are the more mature, but in the past six months Apple has released significant additional support for Enterprise users. Apple and BlackBerry’s operating systems both allow their respective devices to separately manage corporate and personal information and assetsxxvii.

Both manufacturers offer free associated remote management tools, and additional software and “Applications” are also available in the marketplace to assist in remote management as well as for business purposes.

Both devices can be used as business support tools, with Apple currently providing higher quality, better performing devices, a unique user experience, as well as a greater range of Applications. The BlackBerry also stands out, having its own external keyboard, also utilising touch screen technology, a modern HTML5-capable browser, and experience for being a sturdy business tool.

The cost of ownership for each device is also now very similar with recent changes to tariffs meaning that most operators do not distinguish between smartphone types for business use.

Overall, the preference of one smartphone over the other may end up simply being down to each individual user’s preference; as can be seen from the detail in this document; both have clear benefits as corporate business tools. Where a firm is looking to consolidate applications into the ‘cloud’ or make use of social networking applications then currently the iPhone would be the choice, other than that, the Blackberry provides an excellent e-mail platform and also has its own ( and free to use ) dedicated messaging as standard.

Whilst there are no ‘showstopper’ issues with the smartphones reviewed. The most significant issues with each are considered to be as follows:

iPhone

• Poor battery life (iPhone 3GS), • Signal issue (iPhone v4), • Lower security capabilities than the BlackBerry Enterprise Server, • Awkward document editing, • Limitations on adding a memory card or changing the battery,

22 • Less experience and choice of secure enterprise email and mobile data management tools.

BlackBerry

• Poor battery life, • Less advanced screen technology, • Slower processor (although with better power management), • Limited selection of Applications provided, • Perceived by some as less intuitive than the iPhone

Recently significantly cheaper Android devices have also started to ship in volume, and in many countries are now selling more devices than either Blackberry or Apple. With the openness of the platform new applications are also being released at a rapid pace.

The imminent emerging tablet computer market (iPad, RIM’s new PlayBook,Dell, Toshiba, Samsung, to name but a few) may also change smartphones’ future market direction. It will be interesting to see if the corporate use of smartphone devices continues to grow or instead whether firms standardise on tablets and smartphones regress back to the status of simply a telephone.

23 ENDNOTES Smartphone Comparison Tablexxviii xxix

Device iPhone 3GS iPhone 4 BlackBerry Torch Operating System iPhone OS 3.0 OS 4.0 BlackBerry OS 6.0 Display and - 3.5” (89 mm) touch - 3.5” (89 mm) touch - 3.2” (81 mm) touch screen, hardware screen, screen, - 480x360 pixels (HVGA), - 3:2 aspect ratio, - 3:2 aspect ratio, - trackpad, - scratch-resistant - aluminosilicate glass - on-screen keyboard (QWERTY glossy glass covered covered IPS LCD and SureType), screen and fingerprint- screen, - slide-out backlit QWERTY resistant oleophobic - 960×640 pixels at keyboard. coating, 326 ppi, - 144-color LCD, - 800:1 contrast ratio - 480×320 pixels (HVGA) at 163 ppi Storage 8, 16 and 32 GB 16 and 32 GB 4GB storage, microSD slot Processor 833 MHz 1 GHz ARM Cortex- 624 MHz processor (underclocked to A8 Apple A4 600 MHz) ARM Cortex-A8 Samsung S5PC100 Memory 256 MB DRAM 512 MB DRAM 512MB RAM, 4GB storage, microSD slot Connectivity - Wi-Fi (802.11b/g), As iPhone 3GS; - Wi-Fi (802.11 b/g/n), - 3G, additionally: - 3G; - EDGE - Wi-fi (802.11n) - Mini-USB, - USB 2.0/Dock - Penta-band - Tri-band 3G HSDPA networks: connector, UMTS/HSDPA (800, 2100/1900/850/800 MHz, - 7.2 Mbit/s HSDPA, 850, 900, 1900, - Quad-band GSM/GPRS/ EDGE Voice Control, 2100 MHz)7, networks: - Digital compass, - 5.76 Mbit/s HSDPA, 850/900/1800/1900 MHz, - Nike+ sensor, 2.4 GHz, - Bluetooth 2.1 + EDR; - Bluetooth 2.1 + EDR - 3-axis gyroscope, - 3.5mm stereo headset Broadcom 4325. - Dual-mic noise - Earphones with suppression, remote and mic - microSIM Camera - 3.0 MP with VGA Rear 5.0 MP backside - 5.0 MP camera (JPEG video at 30 fps, illuminated CMOS encoding), - geotagging, image sensor - 720p - flash, - tap to focus, HD video @ 30 fps, - 2x digital zoom, - white balance, - LED flash - image stabilization - macro focus & - auto-focus exposure - Front 0.3 MP camera (VGA), - 480p SD video @ 30 fps Power Built-in non removable rechargeable Removable/rechargeable lithium-ion polymer battery lithium-ion battery 3.7 V 1219 mAh 3.7 V 1420 mAh 3.7 V 1300 mAh

Rated battery life - Audio: 30 hrs - Audio: 40 hrs - Standby 18 days (GSM) or 14 - Video: 10 hrs - Video: 10 hrs days (UMTS); - Talk over 3G: 5 hrs - Talk over 3G: 7 hrs - Talk 5.5 hours (GSM) or 5.8 - Browsing over 3G: 5 - Browsing over 3G: 6 hours (UMTS) hrs hrs - Browsing over Wi-Fi: - Browsing over Wi-Fi:

24 9 hrs 10 hrs - Standby: 300 hrs - Standby: 300 hrs - 40% improvement thanks to power management improvements Dimensions 115.5 × 62.1 × 115.2 × 58.6 × 9.3 mm 111mm x 62mm x 14.6mm 12.3 mm (4.5 × 2.31 × 0.37 in) (closed); (4.5 × 2.4 × 0.48 in) 148mm x 62mm x 14.6mm (open) Weight 135 g 137 g 161.1 g Current model Black 8 GB in Both models in BlackBerry Torch 9800 (first in available production production Torch range)