After three weeks of testing and reviewing Apple's new iPhone 2.0 firmware and an iPhone 3G for use in large businesses, analyst firm Gartner said the device can be supported by IT shops -- but only for a narrow set of uses such as voice, e-mail, Web browsing and the storage of personal information.

The reason for the restrictions? Security concerns.

The newest iPhone "does not deliver sufficient security for [running] custom applications" commonly used on handhelds in enterprise settings, Gartner analyst Ken Dulaney wrote in a nine-page research note. The report, "iPhone 2.0 Is Ready for the Enterprise, but Caveats Apply," concludes: "Enterprises should approach expanded use of the iPhone slowly and with close examination."

Users considering adoption of the device should also be aware that iPhone data usage can incur high international roaming charges, Dulaney said. Also, the iPhone 3G's battery might not even last through a full day of e-mail use, he added.

Dulaney made the security warning despite Apple's inclusion of password controls and a "remote wipe" capability. Remote wipe enables an IT administrator to wipe data on the device from a remote location should an iPhone carrying sensitive data be lost or stolen.

Dulaney noted a concern other analysts have raised: Data apparently cannot be encrypted on the device itself, even though he said Apple officials assured him that there is an API in the firmware to provide encryption. The problem seems to be that third-party software vendors need to write such an encryption application; the vendors have complained about blocked access to the iPhone API needed to build such a product, Dulaney said.

If such an encryption application is available, Dulaney said he has not been able to judge whether it is viable or how much it uses the iPhone's processor or drains the battery.

Apple officials have touted the iPhone 2.0 firmware update and the iPhone 3G, launched July 11, as offering business-ready features, including access to Exchange e-mail. But Gartner's analysis seems to indicate that the device could be business-ready under the right circumstances. In general, the new Gartner analysis is not aimed at small-business users of the iPhone or prosumers who might need both personal and business functions on one device.

Gartner's advice is primarily targeted at IT managers of larger organizations who may be asked to distribute and support hundreds or even thousands of iPhones to workers while following corporate security policies and government regulations designed to keep data out of the wrong hands.

Dulaney also noted that iTunes must be installed on end-user desktops to receive firmware updates for the iPhone. But automatically allowing firmware updates to be installed that way means an IT manager would not be able to verify what Apple has delivered. While Apple offers an iTunes registry update to control the functions the application can perform, Dulaney "strongly" suggested that enterprises instead use existing management tools to lock down the registry and disable firmware updates and file transfers that "could inject unwanted content into the enterprise."