The encryption requirement is set on the Exchange side, and the wording of the message indicates that the device itself is unable to support encryption, period. The problem is, many iPhone owners have been blithely accessing Exchange servers with that requirement since July 2008, when iPhone 2.0 added that capability. One conclusion is that the iPhone has been confirming to Exchange that it supported encryption when in fact it did not, meaning that business users have been toting around insecure data all this time while thinking they were meeing their company's security policies.
At the moment, there are three fixes for the immediate problem: first, have your company remove the encryption requirement from Exchange. Few companies who bothered to establish that requirement in the first place are likely to remove it just to support old iPhones. Second, replace your iPhone with a new iPhone 3GS -- a great solution from Apple's standpoint, but not so great for a cost-conscious business. Or third, downgrade your iPhone to version 3.0 of the OS if you still have it. That'll restore access to your Exchange server, but if that access was enabled by false confirmation from the iPhone, this approach won't solve the security problem.
So far, Apple has not addressed the issue, so we don't know whether the OS can be modified to support encryption on older devices, or indeed whether those devices can manage encryption at all. This episode highlights in a dramatic fashion the headaches that come with the consumerization of business technology, particularly the addition of personal smartphones to the workplace systems mix. Even more, it raises issues of trust for Apple. As a booster of Apple solutions for small and midsize businesses, I'll be watching closely to see if the company acknowledges and addresses the issue.
Don't Miss: Help Arrives to Secure Mobile Devices