Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Prepare Your Enterprise for the iPad

The initial response from many industry analysts on the release of the iPad was unsurprising, if disappointing. As expected, they cited a litany of reasons Apple's latest creation is completely unsuitable in the enterprise, firmly branding the iPad as nothing more than a consumer toy. The usual complaints were trotted out: security concerns, manageability, and lack of support for existing enterprise applications. These criticisms rolled off their keyboards and tongues as if from a well-rehearsed script.

They are wrong.

The iPad is a fundamentally transformative computing experience that will meet the needs of many business users far more effectively than their existing Macs or PCs do. Although initial business adoption will start slowly due to some of Apple's design choices, adoption will pick up over time, and businesses will find themselves increasing both support and use of iPads to meet employee demand and business needs.

While I don't expect the iPad to displace the inventory of enterprise laptops and desktops completely, it (and its eventual derivatives) are well designed to fulfill certain business needs underserved by existing solutions.

Filling a Technology Gap -- Although businesses often need some sort of a mid-size device for their users, the offerings have never really suited the requirements. Existing tablets either bolt a tablet interface onto a desktop operating system, or expand a PDA-based user interface onto a larger display. Tablets that use desktop operating systems still suffer from the battery life and usability problems of their desktop brethren, while the PDA-based devices start instantly, work longer, and cost less, but with severely limited displays and application performance. And neither of these options is designed for the form factor and usage scenarios they inhabit.

Many organizations, especially larger ones, struggle to strike the right balance for mobile computing. Certain types of users, such as healthcare, service engineers, and other on-the-go job roles have long sought a portable device to support their work in the field. Having used, supported, and even designed some of these throughout my IT career I can honestly say the vast majority are poorly suited for field work. They are clumsy, non-intuitive, and often both slow and unreliable.

There are also many business users who travel regularly, but who don't need the full desktop computing experience when they are out of the office. I rack up 50,000 to 100,000 air miles each year, but on most of my trips I need access only to email, the Web, my calendar, and a few productivity applications (the Microsoft Office suite). It's also nice to have some video entertainment options and a game or two to while away late nights in the hotel. Don't believe me? Next time you are on a plane, in an airport, at a hotel, or in a conference, take a quick look at the screens around you - it's likely that 95 percent of what you see are email, movies or games, a spreadsheet, a PowerPoint presentation, Microsoft Word document, a Web browser, or perhaps a PDF file.

But we road warriors have never really had a viable option other than a full-sized laptop. Even with all the advances in mobile computing design, we either have a full desktop user interface on a netbook's tiny screen and cramped keyboard, or a larger, heavier device you can't open and use comfortably (or safely, for the device) in the cramped seats of major airlines (in the United States at least). And neither laptops nor netbooks can get you through a full day unless you're on one of the few airlines with power outlets in economy class.

While it's always risky to speculate before a device is actually released, the iPad seems well positioned to meet needs of both the field user and the business traveler - at least eventually. Its size, simplicity, flexible user interface, and likely reliability are an excellent match for vertical and field applications, while its weight, battery life, and application support are well aligned for a certain class of business traveler. It's the first tablet that's designed as a tablet.

But notice I said, "eventually." As is often the case with Apple, the iPad needs a few tweaks before we'll see it formally supported in wide business use.

The Apple Adoption Cycle -- Apple has always had a tepid relationship with the enterprise. Apple is first and foremost a consumer electronics company, and, unlike Microsoft or major PC manufacturers like Dell, has deliberately avoided many of the requirements to sell into the enterprise. Rather than dealing with the sales and support overhead, Apple adds just enough features to their products so they'll work in an enterprise, rather than building out enterprise-specific solutions.

Instead of aiming for the corporate procurement office's specifications, Apple focuses most features on the needs of everyday users, while understanding that certain enterprise-class features, like Microsoft Exchange and Active Directory support, are essential for consumers to be able to use their devices at work. Apple's enterprise strategy is to reduce barriers to entry and then appeal directly to the users, avoiding the tremendous overhead of selling directly to a budget-constrained IT department.

Thus, nearly every Apple technology follows a typical adoption cycle that starts with high-end consumers, then business travelers and specific vertical markets (education, creative professionals), and finally expanded verticals (healthcare, financial services). Initially IT departments ban or fight the adoption of Apple's technologies before testing pilot support and eventually offering broad support.

Requests to support the iPad in the enterprise are inevitable, from both individual users and business units with particular needs. It's also inevitable that users will bring iPads to work even if they aren't supported. Although it isn't my place to tell you whether or not to support the iPad, it's important to understand that if you work in IT you will see these requests, and you should have a plan in place to handle them, especially once your CEO plays with one at the next executive conference.

As with the iPhone, the pressure will start slowly and increase over time. Since the iPad is a new product category, and not tied to the normal 18 to 24 month cell phone refresh cycle, adoption will start slowly over the first year or so, eventually ramping up with the second and third revisions of the iPad platform. The timing might be different, and could possibly be slower, but it will eventually follow the same cycle as other Apple technologies. It's a matter of when and how loudly, not if, users will start asking for iPad support.

Security and Management -- Assuming the iPad includes the same base feature set as the iPhone (and that is an assumption, since Apple hasn't yet released full details), security issues will be similar. The iPhone OS is relatively secure, and far more secure than any desktop operating system. It supports strong passwords, code signing, VPNs, remote wipe, basic encryption, and wipe on passcode failures. Despite all the theoretical attacks out there, the iPad is likely more secure out of the box than any existing laptops.

The more difficult problem is that the iPhone does not support security and management software. Although there aren't any iPhone viruses, corporate compliance requirements may still mandate additional security controls like antivirus, real device encryption (it's trivial to circumvent iPhone encryption), and user monitoring. This isn't often an issue on the iPhone, since, for better or worse, compliance policies don't treat phones the same as laptops. But the iPad is a new device class and may be subject to more stringent requirements. It's an open question, and one that your IT, security, compliance, and risk departments will need to work out... possibly in cooperation with your auditors.

You may be able to mitigate some of these concerns by managing support for the iPad; specifically by allowing access only to certain applications and services. For example, you could support connections to Microsoft Exchange (where all email messages can still be scanned for viruses), and limited corporate Web applications. (Again, this assumes that the iPad has the same Exchange support as the iPhone, which may not prove to be true.)

Until some new attack appears, the biggest security risk is that of a lost device. Unless you purchase and enable 3G connectivity on all iPads, remote wiping will be far less reliable than with an iPhone. Although the iPad is likely encrypted using hardware, if it uses the same technique as the iPhone 3GS, it will be extremely vulnerable to even a moderately skilled attacker with physical access to the device. Hopefully Apple has plugged this hole, but if not, the iPad will represent a slightly higher level of risk than an unencrypted smartphone. We'll need to evaluate this vulnerability closely when the iPad is released.

In terms of management, you don't have many options, just as with the iPhone. Apple supports over-the-air or tethered (via iTunes) deployment of configuration profiles for security and other settings, including application restrictions, and we can expect to see these on the iPad. The biggest issue is the requirement for iTunes for all system updates, although Apple does support restricted iTunes deployments so users can't use it as media management software.

As the iPad increases in popularity we may see additional management tools appear that support iPad management with other enterprise endpoints, especially those that currently offer iPhone support. Most of these tools leverage the same configuration profiles that Apple supports, but until Apple allows alternative update mechanisms, we're still beholden to iTunes, an awkwardly repurposed consumer media management tool.

Application Support -- One of the biggest obstacles to deploying any Apple device in the enterprise is application support. Even if we ignore custom desktop applications, there is still a massive base of Web-based corporate applications that requires Internet Explorer with ActiveX controls enabled. Worse yet, many of these applications require Internet Explorer 6, making migration even to current versions of Microsoft products difficult.

In practice, this shouldn't hinder potential iPad deployments since we are not trying to replace employee PCs, but instead want to add an additional device option. I highly doubt we'll see any organization rip out the sales team's laptops in exchange for iPads any time soon.

Unless you plan on banning iPads, those of you in IT might want to start testing to see which major applications work before your users start trying them out themselves. Even if you don't plan to offer formal support, publishing a list of usable applications will reduce support calls. The key is to manage expectations; because the iPad lacks Flash, Java, and ActiveX support, it simply won't be able to access many enterprise applications initially, no matter how much you might want to support it.

The other big issue is productivity applications, where Apple has an answer now: iWork. Based on the information on the iPad Web site, iWork will be able to read Microsoft Office file formats, but output only PDF or iWork files, which is clearly unacceptable for many business users.

Apple also hasn't released many details on file management, which may require an iTunes-enabled Mac or PC to place iWork files on the iPad (and possibly to manage file conversions). I use iWork heavily in my company (the advantage of being the CEO), and although it does a reasonable job of working with basic Office files, it's still fairly limited in complex situations. This could be a deal breaker, for example, for the sales executive who needs to manage expenses in an Excel spreadsheet with macros enabled.

Broadening the Application Horizon -- So far we've discussed only translating the existing enterprise application ecosystem to the iPad, which ignores the potential for completely new applications written for the device.

Years ago, when designing an electronic medical records application to enable doctors to collect patient data more easily during exams, my biggest struggle was creating a user interface to fit the physician's workflow. Existing touchscreen computers and laptops were poorly suited for the task, and all competing applications were clumsy and non-intuitive. Around the same time I faced the same form/function issues while working with a major hardware vendor to design a mobile application to support field service engineers at client sites. In both cases the iPad would easily have bested existing options, thanks to its physical form factor, battery life, multitouch support, and user interface.

As apps like SalesForce Mobile and Cisco WebEx Meeting Center show, the iPhone OS platform is capable of supporting major enterprise applications. Some sacrifice feature completeness to improve usability based on the deployment circumstances. In others, especially some of the medical examples we've seen during Apple's announcement events, the multitouch user interface enables application interactions previously difficult or impossible on a full workstation operating system.

The best enterprise iPad apps won't merely translate the Web or desktop client user interface to a slightly smaller screen but will take full advantage of the new user modalities and the device's portability to increase employee productivity. Key opportunities include customer relations management, sales and service support, expenses and billings, and vertical applications like my foray into healthcare applications.

Deployment Options -- There are four ways you can manage iPads in the enterprise.

  • Ban the iPad. Offer no support, and do not allow access to the corporate VPN, wireless, or email servers. If necessary, block the iPad from connecting to corporate workstations via USB using a port control solution.
  • No support, but no ban. Allow users to connect their iPads to corporate workstations to synchronize contacts and calendar entries, but don't offer direct Exchange support, assuming the iPad supports it at all. Allow connections to a wireless guest network, but only if the user figures it out.
  • Pilot or limited support. Allow advanced users to enroll in a pilot program, and use them as your test group. Enable Exchange support, VPN connectivity, and wireless access as possible. Depending on your environment you can require full device management using the iPhone Configuration Utility (assuming it's updated for the iPad), or allow users to self-manage devices. Require iTunes on their day-to-day computer, and send out reminders to keep them updated with the latest security patches.
  • Full support/adoption. Allow any user to bring an iPad into work and connect with enterprise systems. Formally support device registration and management. Write corporate iPhone apps for use on employee iPads and iPhones.

The one thing you can't do is underestimate the iPad's appeal and assume users won't start bringing them to work. It's also key that you not treat the iPad like a small Mac or a large iPhone - it's a new class of device that shares characteristics of its bigger and smaller family members, but one with a unique (for now) set of design elements and use cases.


READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <>
Special thanks to Keith Stone, Geoff Friend, Rainer Lanz, and Mike
Wilson for their generous support!

Comments about Prepare Your Enterprise for the iPad
(Comments are closed.)

The iPhone, iPod Touch and other devices have already paved the way for widespread Exchange support in the Enterprise for ActiveSync. The iPad has less of a hill to climb.
David Ferrington  2010-02-03 07:49
This article does not address a separate , but totally relevant issue - the non-use of Wi-Fi in an enterprise. Within my environment (an investment bank), Wi-Fi is banned. There are no wireless access points or routers etc. on our (considerable) network and no sign of them coming. All connectivity is supported by UTP alone.
Rich Mogull  An apple icon for a TidBITS Staffer 2010-02-03 08:15
Yes, that's an issue, and in some verticals there are legitimate reasons why wireless isn't allowed. I hate to say it, but I wouldn't expect it anytime soon at an investment bank- there are a lot of regulations that inhibit adoption of new technologies.
Glenn Fleishman  2010-02-03 09:42
I completely understand that particular industries and segments of industries would ban Wi-Fi for extra security. However, the vast majority of corporations large and small use Wi-Fi, and most exercise due caution by using the enterprise flavor backed by auditing that reveals unauthorized Wi-Fi in use.
Bill Brantley  2010-02-03 06:32
It can't multitask. You are locked into Apple's App Store. There is no USB port. Small memory and the OS is not robust. Why not just give your employees netbooks with touch screens and they can do even more. The only thing transformative about iPad is that it will spur development of the DroidPad.
The lack of a USB port is an interesting choice. Part of me wonders if this is in fact security related: no USB port reduces or eliminates the purloining of data via USB pen-drives, itself a pretty huge plus in the security arena.
Rich Mogull  An apple icon for a TidBITS Staffer 2010-02-03 08:18

I don't believe any of those are issues for the majority of users out there. They just want something simple and reliable that's easy to use for non-techies.
Bob Peterson  2010-02-03 10:21
Lack of USB support actually contributes to security as financial companies do not allow USB drives on anything that connects to their networks.
I would LOVE to see an iPad that supported:
1. Web Conferencing
2. iChat in the background (with video)
3. an iWork that REALLY allows me to interop with MS Office
Robert Morgan  2010-02-09 09:42
The iPad is not a computer and should not be considered a substitute for one, so it does not need the robust IT support that a computer requires. For business environments, the essential issue is how to easily and securely import content in various formats (Word docs, spreadsheets, slide shows, web pages) and export it for sharing with others (e-mail, printers, video projectors). Ability to view and markup documents including pdf files would be essential.
No one has look into or reported about companies who have signed up for Apple's iPhone Developer Enterprise Program. It allows companies with 500 or more employees to deploy in-house applications to their users. That means as far as I know, no need for App review and acceptance from Apple itself. I could easily imagine a developer offering a complete package ( Enterprise Program sign-up assistance + iPads / iPod touches + SQL backend or other inhouse server solutions) to firms ( retail chains, clinics, distribution centers and so on) who need an "electric clipboard". Even small companies who would use fewer than 100 devices could profit from Ad Hoc distribution. All they need is the Standard Program. $99 dollars to be able to deploy to 100 devices is cheap. It also means no 30% cut for Apple. Other advantages for companies is the ability to lockdown the device in house. While not 100% efective it is better than allowing employees to use their own private devices.

I see the iPad as a serious tool for the business world and offers developers who can think out of the box new perspectives.
Judy Jack  2010-02-22 17:12
In my working years as a computer programmer, I enjoyed watching Stewart Chiefet's Computer Chronicles each week on PBS. The iPad is a fulfillment of a vision he had of a handheld device that allowed one to search and view the web, read email, and voice dictate responses.

Not needing constant cell phone connection, I've been an iPod Touch user since gen 1, upgrading each time. I'll keep my Touch to carry with me everywhere, but I'll enjoy the iPad while sitting in my easy chair. I've got a Kindle 2 and expect to continue to use it to read full length books.

If I were still working, I don't know that I would take the iPad into the office, needing to quickly hop from one program to another on the enterprise desk computer. But, for home use and air travel, the iPad will be welcome. My non-techy friends will be amazed.
Jonathan Woolson  2010-02-22 20:46
Existing Business Tools:

PDF markup is available for iPhone/iPod:

Add a stylus, if you like:

I see the tablet form factor as becoming much more important over 2-3 years - as power and capability improve. The tablet form factor is a lovely balance of utility vs. encumbrance, especially if you add VPN + VNC/RDC or a Citrix client. VPN+VNC offers a compelling mix of security, portability, and capability on my iPhone, but I would love to see that work on a larger screen to improve utility.

See Jaadu VNC:

MS Exchange support for iPhone has worked flawlessly for me for the past 18 months. I expect that iPad (iPhone OS 3.2) will also offer that essential business connectivity, as Rich's article suggested.