Tips and tricks for ensuring mobile data security
A comprehensive collection of articles, videos and more, hand-picked by our editors
Apple's iOS 7 is on its way to an enterprise near you, and it comes with several new features of interest to IT admins.
Many exciting consumer-focused features were shown at Apple's Worldwide Developer's Conference, but some of the real benefits of iOS 7 come from Apple's efforts to be the mobile enterprise manufacturer of choice. From mobile device management options to per app VPN access, iOS 7 offers quite a few enterprise features that IT should get to know.
MDM in Apple iOS 7
Open in management. This Apple iOS 7 feature gives IT the ability to control which apps workers can use to open and share documents and attachments. For example, if a user receives a Microsoft Word attachment in his email and wants to open it in a third-party app, IT will have approved certain apps -- such as Quickoffice -- that can open that document.
Open in management is a solid enterprise feature, but to ensure that workers only use the apps that IT approves, it's important to select apps that employees will want to use. Open in management is still a better option than most mobile device management (MDM) tools because if an employee uses an unapproved app to share files, MDM forces the user to delete the app or face a remote wipe of his device.
More MDM configuration options. IT administrators have new commands and configuration options available to them in iOS 7's MDM protocol. Admins can set up managed apps wirelessly, whitelist AirPlay destinations, and configure accessibility options and AirPrint printers. How IT will use these Apple iOS 7 features depends on security policies and the media and peripheral setup, but giving users access to AirPrint may help solve some mobile printing problems.
Easier MDM enrollment. IT can set up corporate-owned iOS 7 devices with all their MDM requirements right away, rather than sending out the devices to the employees and having them set them up. The less time and money it takes to set up devices, the more devices that IT can procure for the workforce.
Enterprise SSO. Single sign-on (SSO) allows workers to log in only once and gain access to all their apps, including corporate-developed and App Store apps. As the years go by and companies switch to being mobile-only, users will appreciate not having to enter their username and password everywhere.
More Apple iOS 7 features
Per app VPN. This feature configures apps to connect to the virtual private network (VPN) upon launch. It's another tool that should make IT happy, but there are questions around how per app VPN works in conjunction with an MDM system.
Many company-developed and third-party apps need to have code within them to be managed by MDM. The per app VPN feature may allow IT to manage iOS 7 devices without any special code, or perhaps every time users open an app, they'll be prompted to sign into the VPN. Plus, there may be differences in security measures; some MDM tools sandbox and encrypt data in different ways, and most VPN applications just protect a URL or path for data to travel over securely.
Maybe this feature will only be useful to companies that build their own apps but don't have MDM. For now, we just don't know how per app VPN and MDM will work together.
App Store license management. In iOS 7, Apple's Volume Purchasing Program (VPP) lets companies assign apps to users but retain ownership and control over application licenses. Businesses can buy the licenses through the VPP and use their existing MDM tools to associate apps to employees over the air. All workers have to do is enroll with their personal Apple IDs, and the apps either download automatically (depending on their company's MDM settings), or they show up in the users' purchase history for manual download.
This is a nice improvement to the VPP, but getting employees to download apps that the company has purchased as part of the VPP can be difficult. Workers who see value in certain apps will likely have paid for and downloaded them by the time IT makes them available through the VPP.
Third-party app data protection. Data protection uses workers' passcodes to build a strong encryption key so data is secured without any additional configuration by IT. Apple says that all third-party applications have data protection enabled by default, which means that data stored in applications downloaded from the App Store is protected by users' passcodes until they unlock their iOS 7 devices. This Apple iOS 7 feature could ease the security fears of some IT departments, but questions remain about the level of encryption of data stored in the cloud.
Improvements to Mail. The native Mail experience keeps getting better. With the Mail app in iOS 7, users can view PDFs, sync notes with Outlook and organize smart mailboxes -- that is, group messages that meet a certain criteria, such as those from a specific email address. But if the note syncing happens through iCloud, that could create a point of concern for IT.