The Hidden Cost Of Upgrading Your iPhone

Authenticating with a new phone

Millions of people have already bought the new iPhone 5 which was launched last week (they sold 5 million in the first three days) – and many millions more have it on order. For many others, the new iPhone 5 will bring down the cost of the 4 and 4S, so even if they’re not going to the very latest version, they’re still upgrading their phones.

For iPhones, the upgrade process has always been fairly straightforward – plug them into iTunes and the software pretty much does the rest, copying over your data, photos, contacts and apps to the new phone.

But what about businesses whose employees use their iPhone, or indeed any personal device, for work? Or what if they are upgrading their employees’ business phones? What does the new round of upgrades mean for them?

There is a checklist of things for the IT manager to remember:

  1. Have you taken two copies of the iPhone system using iTunes – in case the restore fails?
  2. Have you documented all procedures – in case you need to refer to Apple’s business support operation?
  3. Have you remembered personal iPhone users? There are a significant set of BYOD security and governance issues associated with the iPhone
  4. Have you obtained explicit written permission from employees before upgrading their personal iPhones for them?
  5. Have you thought about your two-factor authentication tools? The 2FA apps will not migrate easily as they are fingerprinted to the old handset, meaning time and effort to re-install and reset all the required settings.

I would bet that for most companies out there, they haven’t considered the last point and they aren’t prepared for the influx of requests from users to migrate the two-factor authentication apps, such as soft tokens from RSA or SecurEnvoy’s SecurAccess, to their new phones.

The reality is that most soft token apps require you to log a support call to request a new soft token seed record. And for the majority of providers you might be shocked to find that it is actually going to cost you one or two help desk calls, plus the cost of a new token (averaging £10) to get that user set up on their new device. You can’t just migrate the existing licence, you have to buy a new one, get it set up and also ensure the old one is disabled.

For companies such as SecurEnvoy you simply login to your companies “manage my token” portal, authenticate with your old phone and scan the QRCode on your new phone which both provisions the new phone and deletes the old phones seed record from the server.

It’s not just with the iPhone 5 of course – you have to consider the life cycle management of devices used for generating one-time codes as a typical user may change their phone every 1 to 2 years or need it replacing if lost, stolen or broken.

If switching between devices is a costly business then the true running costs haven’t been fully understood! With the exception of SecurEnvoy, other vendors require your company to purchase additional soft tokens and man helpdesk response teams. Therefore you might want to investigate your contracts with your current token providers more thoroughly to ensure you have the flexibility to re-use a token across all devices, and don’t get stung every time a new phone comes out.