Enterprises should consider instituting provisions to acceptable-use policies, he added, including the requirement that employees back up their devices using iTunes. Certain enterprises, such as health care, demand more stringent security policies. For those companies, Jaquith recommends additional configuration profile settings: seven-character alphanumeric passcodes for stronger protection, hardware encryption with an AES-256 symmetric key, certificate-based authentication, and the application encryption supported by iOS4.
Those more-stringent requirements would also demand new policy provisions, including a company right to emergency device confiscation, and a requirement that users scrub their address books of sensitive information such as social security numbers.
Even with Apple’s more robust security measures, the report suggests that the iPhone and iPad “still lack some key security and management refinements that enterprises require.”
These include the iPhone’s inability to automate installation tasks, even as it generates configuration profiles; a lack of mature enterprise device management tools and support for smart-card authentication; no compliance with FIPS 140-2; and zero capability for logging and archiving SMS messages.
http://www.eweek.com/c/a/Security/Apple-iPhone-iPad-In-Enterprise-Needs-Security-Policies-Forrester-578909/