Getting Smartphones to Sync with Exchange

Rob Pegoraro from The Washington Post and I were nearly done with our TechTuesday appearance on NPR’s Kojo Nnamdi show on July 20, when we got a call from someone who sounded both frantic and exasperated. What could he do, he wondered, about problems with Apple’s iPhone 4 crashing his Exchange server? Considering that this radio program was really aimed at consumer technology, it was something I hadn’t been expecting.

The caller said that companies around the U.S. were experiencing problems syncing Microsoft Exchange with the iPhone 4, as well as with other iOS 4 devices that needed to connect with their Exchange e-mail, calendar and contact data. This wasn’t a problem that I’d experienced, since I hadn’t tried to connect to an Exchange server with my newly upgraded iPod Touch, but I suggested that the first thing the caller do is set the policies on his Exchange server so that the offending devices couldn’t connect until a fix was found.

Fortunately, a fix does exist. According to Engadget, the fix is fairly simple, and once made, should allow iPhone users to get their Exchange sync running smoothly. But this call, as well as other concerns I’ve been hearing from IT managers, underscores the need to test any device that you allow to connect to your enterprise.

In one sense, the rapid pace of product development, especially with smartphones right now, means that there are more opportunities than ever to find ways to help your workforce be more mobile. But in another sense, you’re also vulnerable to more risks than ever before. As each device that’s capable of connecting to your corporate network hits the streets, you have one more source of potential problems. Ultimately, you have to take control.

The only real solution to avoiding problems with poorly designed or insecure mobile devices is to test them yourself before you allow them on to your network. Not only do you need to make sure that a device can upload and download e-mail, contacts and calendars from Exchange if you’re using that, you need to make sure that the device will accept the policies you impose on access for remote users. Those policies can include anything from requiring a PIN to use the device to allowing support for a remote wipe of the device.

In addition, you have to make sure that the device will function properly with any other software that’s designed to be accessed remotely in your enterprise. While a browser-based Web application may not seem to be a big deal, remember that all smartphone browsers are not created equal. You actually need to make sure that the connection works right, and that the level of security is handled appropriately.

And of course, not every business uses Exchange. But that doesn’t remove the need to test whatever you do have. A smartphone or other mobile device that has access into your network is effectively a security leak waiting to happen. Not only do you have to test every type of device (and their respective updates), but you have to prove that you did, and you have to record the results so that you can meet compliance requirements.

Considering the number of new mobile devices that appear weekly, this could be a tough job. Perhaps it explains why so many companies put out a list of approved devices, and don’t let anything else on their network. But you also need to take one more step, and that’s to make it a policy matter that employees or contractors can’t use unapproved devices, so you have some recourse if someone buys their own device, and figures out how to connect to the company e-mail system without approval. But the bottom line is that before you let anything on your network, you have to test it.