Apple iOS data protection technology is a tough nut to crack, according to IT professionals who cite its wide range of capabilities.
Apple's iOS encryption has been a major topic of conversation lately, in light of the dispute between Apple and the FBI. Citing its pledge to protect all users' privacy, Apple refused to help the FBI hack into the iPhone of one of the shooters in December's San Bernardino, Calif. terrorist attack. In the eyes of many IT professionals, Apple's handling of the situation confirmed their confidence in iOS as a secure, enterprise-grade platform.
"That is more powerful than any encryption," said Dominic Namnath, CIO at Tri-Counties Regional Center, a nonprofit organization based in Santa Barbara, Calif. "The IT industry values that commitment. That's the biggest benefit to iOS."
All iOS devices have built-in encryption mechanisms in both the hardware and firmware to secure user data. Apple's iOS data protection follows Advanced Encryption Standards (AES), which even the U.S. government uses to protect classified information. Because iOS encryption scrambles data when the device is locked, nobody -- from a hacker to the FBI -- can read it, even if they were able to enter the phone without the password through jailbreaking software or other means. And the device will disable itself if someone enters an incorrect password too many times in a row.
Apple ramps up security
Early on, iOS was not viewed as a secure platform, but that changed after the release of iOS 4 in 2010, said Michael Finneran, principal analyst at dBrn Associates in Hewlett Neck, N.Y. In that update, Apple opened its APIs to allow for third-party mobile device management (MDM).
Michael Finneranprincipal analyst, dBrn Associates
"That was the turning point," Finneran said. "We haven't had any concerns about the iPhone in years ... and they keep making it better. Apple has made it clear it is not slowing down."
In the most recent version, iOS 9, Apple extended the length of device passcodes from four to six digits, which improved secure authentication, said Matt Kosht, an IT director at a utility company in Alaska.
"Apple's ... always feverishly working to close any loophole," he said. "It takes security seriously, which is where enterprises are concerned the most."
Apple's Touch ID, which allows users to authenticate via a fingerprint, is another key iOS data protection feature. Prior to Touch ID, which debuted on the iPhone 5s in 2013, many users opted not to use passcodes, which threatened security, said Michael Oh, managing CTO and founder at TSP LLC, an Apple reseller based in Boston. But with Touch ID and a six-digit passcode, if an iPhone or iPad is lost or stolen, it's extremely difficult for someone other than the owner to access its data.
Apple also opened the Touch ID APIs to third-party apps in 2014.
"Everyone downplays Touch ID, but it's probably one of the biggest things that ever happened to mobile security," Finneran said.
Another feature, per-app VPN, differentiates the network paths for corporate and personal data. IT can configure specific apps to have VPN access and restrict others.
"In the early days of iOS, you had to add extra security on the device, but now the apps are very isolated from each other out of the box," Kosht said.
Still, there is one built-in iOS feature that makes some IT pros nervous: iCloud, Apple's cloud storage service, which offers automatic backups of device data and settings.
"iCloud ... is probably the thing Apple could spend more time on," Kosht said.
An iOS device that automatically backs up corporate data to iCloud could raise concerns around data leakage and regulatory compliance. In addition, hackers could gain access to iCloud accounts without even accessing a device.
How iOS fits into the enterprise
Fight against the Masque attack on iOS
Explore iPad MDM
Read up on the SAP-Apple iOS development partnership