This article originally appeared in TidBITS on 2010-02-02 at 2:16 p.m.
The permanent URL for this article is:
Include images: Off

Prepare Your Enterprise for the iPad

by Rich Mogull

The initial response from many industry analysts on the release of the iPad was unsurprising, if disappointing. As expected, they cited a litany of reasons Apple's latest creation is completely unsuitable in the enterprise, firmly branding the iPad as nothing more than a consumer toy. The usual complaints were trotted out: security concerns, manageability, and lack of support for existing enterprise applications. These criticisms rolled off their keyboards and tongues as if from a well-rehearsed script.

They are wrong.

The iPad is a fundamentally transformative computing experience that will meet the needs of many business users far more effectively than their existing Macs or PCs do. Although initial business adoption will start slowly due to some of Apple's design choices, adoption will pick up over time, and businesses will find themselves increasing both support and use of iPads to meet employee demand and business needs.

While I don't expect the iPad to displace the inventory of enterprise laptops and desktops completely, it (and its eventual derivatives) are well designed to fulfill certain business needs underserved by existing solutions.

Filling a Technology Gap -- Although businesses often need some sort of a mid-size device for their users, the offerings have never really suited the requirements. Existing tablets either bolt a tablet interface onto a desktop operating system, or expand a PDA-based user interface onto a larger display. Tablets that use desktop operating systems still suffer from the battery life and usability problems of their desktop brethren, while the PDA-based devices start instantly, work longer, and cost less, but with severely limited displays and application performance. And neither of these options is designed for the form factor and usage scenarios they inhabit.

Many organizations, especially larger ones, struggle to strike the right balance for mobile computing. Certain types of users, such as healthcare, service engineers, and other on-the-go job roles have long sought a portable device to support their work in the field. Having used, supported, and even designed some of these throughout my IT career I can honestly say the vast majority are poorly suited for field work. They are clumsy, non-intuitive, and often both slow and unreliable.

There are also many business users who travel regularly, but who don't need the full desktop computing experience when they are out of the office. I rack up 50,000 to 100,000 air miles each year, but on most of my trips I need access only to email, the Web, my calendar, and a few productivity applications (the Microsoft Office suite). It's also nice to have some video entertainment options and a game or two to while away late nights in the hotel. Don't believe me? Next time you are on a plane, in an airport, at a hotel, or in a conference, take a quick look at the screens around you - it's likely that 95 percent of what you see are email, movies or games, a spreadsheet, a PowerPoint presentation, Microsoft Word document, a Web browser, or perhaps a PDF file.

But we road warriors have never really had a viable option other than a full-sized laptop. Even with all the advances in mobile computing design, we either have a full desktop user interface on a netbook's tiny screen and cramped keyboard, or a larger, heavier device you can't open and use comfortably (or safely, for the device) in the cramped seats of major airlines (in the United States at least). And neither laptops nor netbooks can get you through a full day unless you're on one of the few airlines with power outlets in economy class.

While it's always risky to speculate before a device is actually released, the iPad seems well positioned to meet needs of both the field user and the business traveler - at least eventually. Its size, simplicity, flexible user interface, and likely reliability are an excellent match for vertical and field applications, while its weight, battery life, and application support are well aligned for a certain class of business traveler. It's the first tablet that's designed as a tablet.

But notice I said, "eventually." As is often the case with Apple, the iPad needs a few tweaks before we'll see it formally supported in wide business use.

The Apple Adoption Cycle -- Apple has always had a tepid relationship with the enterprise. Apple is first and foremost a consumer electronics company, and, unlike Microsoft or major PC manufacturers like Dell, has deliberately avoided many of the requirements to sell into the enterprise. Rather than dealing with the sales and support overhead, Apple adds just enough features to their products so they'll work in an enterprise, rather than building out enterprise-specific solutions.

Instead of aiming for the corporate procurement office's specifications, Apple focuses most features on the needs of everyday users, while understanding that certain enterprise-class features, like Microsoft Exchange and Active Directory support, are essential for consumers to be able to use their devices at work. Apple's enterprise strategy is to reduce barriers to entry and then appeal directly to the users, avoiding the tremendous overhead of selling directly to a budget-constrained IT department.

Thus, nearly every Apple technology follows a typical adoption cycle that starts with high-end consumers, then business travelers and specific vertical markets (education, creative professionals), and finally expanded verticals (healthcare, financial services). Initially IT departments ban or fight the adoption of Apple's technologies before testing pilot support and eventually offering broad support.

Requests to support the iPad in the enterprise are inevitable, from both individual users and business units with particular needs. It's also inevitable that users will bring iPads to work even if they aren't supported. Although it isn't my place to tell you whether or not to support the iPad, it's important to understand that if you work in IT you will see these requests, and you should have a plan in place to handle them, especially once your CEO plays with one at the next executive conference.

As with the iPhone, the pressure will start slowly and increase over time. Since the iPad is a new product category, and not tied to the normal 18 to 24 month cell phone refresh cycle, adoption will start slowly over the first year or so, eventually ramping up with the second and third revisions of the iPad platform. The timing might be different, and could possibly be slower, but it will eventually follow the same cycle as other Apple technologies. It's a matter of when and how loudly, not if, users will start asking for iPad support.

Security and Management -- Assuming the iPad includes the same base feature set as the iPhone (and that is an assumption, since Apple hasn't yet released full details), security issues will be similar. The iPhone OS is relatively secure, and far more secure than any desktop operating system. It supports strong passwords, code signing, VPNs, remote wipe, basic encryption, and wipe on passcode failures. Despite all the theoretical attacks out there, the iPad is likely more secure out of the box than any existing laptops.

The more difficult problem is that the iPhone does not support security and management software. Although there aren't any iPhone viruses, corporate compliance requirements may still mandate additional security controls like antivirus, real device encryption (it's trivial to circumvent iPhone encryption), and user monitoring. This isn't often an issue on the iPhone, since, for better or worse, compliance policies don't treat phones the same as laptops. But the iPad is a new device class and may be subject to more stringent requirements. It's an open question, and one that your IT, security, compliance, and risk departments will need to work out... possibly in cooperation with your auditors.

You may be able to mitigate some of these concerns by managing support for the iPad; specifically by allowing access only to certain applications and services. For example, you could support connections to Microsoft Exchange (where all email messages can still be scanned for viruses), and limited corporate Web applications. (Again, this assumes that the iPad has the same Exchange support as the iPhone, which may not prove to be true.)

Until some new attack appears, the biggest security risk is that of a lost device. Unless you purchase and enable 3G connectivity on all iPads, remote wiping will be far less reliable than with an iPhone. Although the iPad is likely encrypted using hardware, if it uses the same technique as the iPhone 3GS, it will be extremely vulnerable to even a moderately skilled attacker with physical access to the device. Hopefully Apple has plugged this hole, but if not, the iPad will represent a slightly higher level of risk than an unencrypted smartphone. We'll need to evaluate this vulnerability closely when the iPad is released.

In terms of management, you don't have many options, just as with the iPhone. Apple supports over-the-air or tethered (via iTunes) deployment of configuration profiles for security and other settings, including application restrictions, and we can expect to see these on the iPad. The biggest issue is the requirement for iTunes for all system updates, although Apple does support restricted iTunes deployments so users can't use it as media management software.

As the iPad increases in popularity we may see additional management tools appear that support iPad management with other enterprise endpoints, especially those that currently offer iPhone support. Most of these tools leverage the same configuration profiles that Apple supports, but until Apple allows alternative update mechanisms, we're still beholden to iTunes, an awkwardly repurposed consumer media management tool.

Application Support -- One of the biggest obstacles to deploying any Apple device in the enterprise is application support. Even if we ignore custom desktop applications, there is still a massive base of Web-based corporate applications that requires Internet Explorer with ActiveX controls enabled. Worse yet, many of these applications require Internet Explorer 6, making migration even to current versions of Microsoft products difficult.

In practice, this shouldn't hinder potential iPad deployments since we are not trying to replace employee PCs, but instead want to add an additional device option. I highly doubt we'll see any organization rip out the sales team's laptops in exchange for iPads any time soon.

Unless you plan on banning iPads, those of you in IT might want to start testing to see which major applications work before your users start trying them out themselves. Even if you don't plan to offer formal support, publishing a list of usable applications will reduce support calls. The key is to manage expectations; because the iPad lacks Flash, Java, and ActiveX support, it simply won't be able to access many enterprise applications initially, no matter how much you might want to support it.

The other big issue is productivity applications, where Apple has an answer now: iWork. Based on the information on the iPad Web site, iWork will be able to read Microsoft Office file formats, but output only PDF or iWork files, which is clearly unacceptable for many business users.

Apple also hasn't released many details on file management, which may require an iTunes-enabled Mac or PC to place iWork files on the iPad (and possibly to manage file conversions). I use iWork heavily in my company (the advantage of being the CEO), and although it does a reasonable job of working with basic Office files, it's still fairly limited in complex situations. This could be a deal breaker, for example, for the sales executive who needs to manage expenses in an Excel spreadsheet with macros enabled.

Broadening the Application Horizon -- So far we've discussed only translating the existing enterprise application ecosystem to the iPad, which ignores the potential for completely new applications written for the device.

Years ago, when designing an electronic medical records application to enable doctors to collect patient data more easily during exams, my biggest struggle was creating a user interface to fit the physician's workflow. Existing touchscreen computers and laptops were poorly suited for the task, and all competing applications were clumsy and non-intuitive. Around the same time I faced the same form/function issues while working with a major hardware vendor to design a mobile application to support field service engineers at client sites. In both cases the iPad would easily have bested existing options, thanks to its physical form factor, battery life, multitouch support, and user interface.

As apps like SalesForce Mobile [1] and Cisco WebEx Meeting Center [2] show, the iPhone OS platform is capable of supporting major enterprise applications. Some sacrifice feature completeness to improve usability based on the deployment circumstances. In others, especially some of the medical examples we've seen during Apple's announcement events, the multitouch user interface enables application interactions previously difficult or impossible on a full workstation operating system.

The best enterprise iPad apps won't merely translate the Web or desktop client user interface to a slightly smaller screen but will take full advantage of the new user modalities and the device's portability to increase employee productivity. Key opportunities include customer relations management, sales and service support, expenses and billings, and vertical applications like my foray into healthcare applications.

Deployment Options -- There are four ways you can manage iPads in the enterprise.

The one thing you can't do is underestimate the iPad's appeal and assume users won't start bringing them to work. It's also key that you not treat the iPad like a small Mac or a large iPhone - it's a new class of device that shares characteristics of its bigger and smaller family members, but one with a unique (for now) set of design elements and use cases.