igor - Fotolia


Apple iOS 8, iPhone 6 improve IT security and control

The expansion of passcode protection, Touch ID and device management features make Apple's latest devices and OS worth the enterprise upgrade.

Apple's release of iOS 8, iPhone 6 and iPhone 6 Plus brings advancements in functionality, security and IT control, but there are also corresponding challenges.

The device management and security improvements include app-specific passcode protection, the expansion of Touch ID and new content management features. These advances are a boon for the IT crowd, but administrators will have to step up to support all this new technology -- and to decide what limits to place on users. The better you understand how these features can affect your organization, the better you can prepare for and take full advantage of all that they have to offer.

It's all about security

When it comes to security, those in IT should be feeling pretty good about iOS 8 and the iPhone 6. Apple has built on what it started in earlier versions of the operating system by expanding data protection in iOS 8 and its apps. The new OS has added passcode protection to Mail, Calendar, Contacts and Messages, as well as to third-party apps. It also supports individual email encryption through the use of Secure/Multipurpose Internet Mail Extensions technology.

In addition, iOS 8 supports certificate-based single sign-on (SSO), which means users can authenticate to enterprise apps without having to re-enter their credentials each time they switch between apps. Plus, the OS supports always-on virtual private networks (VPNs) so users don't have to constantly reconnect.

Apple now allows third-party developers to integrate Touch ID into their apps. When Touch ID debuted in iPhone 5s, its only uses were to unlock the device or make App Store purchases. The new Touch ID application programming interface lets developers build enterprise apps that take advantage of its biometric security features.

Managing iOS 8 devices

Since the release of iOS 7, Apple has demonstrated a serious commitment to mobile device management (MDM). The company expands on these features in iOS 8 with a number of new IT policies that give administrators better control over devices. They can set device names remotely, disable and wipe or restore features when necessary, and lock apps on the fly. Additionally, they can prevent users from enabling their own restrictions. Administrators will also find a new monitoring feature that shows them when users last backed up their devices.

Apple has refined the data management and content filtering capabilities in iOS 8. Administrators can now control which apps can open documents from iCloud Drive -- Apple has expanded iCloud and now calls it iCloud Drive, but we'll address that in the next section -- and which apps can open documents downloaded from enterprise domains via Safari. In addition, they can push content such as an e-publication or PDF file to iOS 8 devices and remove the content when it's no longer needed.

You will have to update your MDM software to take advantage of these new capabilities. Most MDM vendors are working on updates to support iOS 8, if they haven't already released them. Once those updates are ready, IT will have to apply and configure them and take any other steps necessary to support the new OS and phones.

If an organization is using Microsoft Exchange ActiveSync, administrators will also have to prepare for the new features in iOS 8 that take advantage of its capabilities. For example, iOS 8 now supports auto-reply messages, out-of-office settings and meeting availability information, all of which could affect your Exchange setup.

Sharing and storing data

Apple's new OS takes data sharing and storage to a new level, and its Continuity features provide seamless integration between iOS and Mac OS X devices. One of these features, Handoff, lets a user start a task on one device and pick up right where they left off on another. For example, the user can begin an email on an iPhone and complete it on a MacBook Pro. Apple has also expanded AirDrop to let users transfer docs between their iOS devices and Macs without an Internet connection. In addition, a user can send and receive phone calls on a Mac paired with an iPhone running on the same Wi-Fi network.

Although the Continuity features emphasize Apple's commitment to integrating devices more completely, their full effect on the enterprise is yet to be seen. IT will have to determine whether it will be necessary to lock down any of these features and, if so, how.

Apple has also enhanced iCloud to bring it more in line with services such as Dropbox and Microsoft OneDrive. Now called iCloud Drive, the service lets users save, retrieve and edit any type of file from a Mac OS X, iOS 8 or Windows 7 device while keeping files synced across all devices. Integration with iCloud Drive might represent another security issue for your organization, although administrators should be able to disable its use on managed devices and filter the way enterprise apps use the service.

Apple Pay and NFC technology

Apple has added near-field communication (NFC) support in iOS 8 and iPhone 6 as part of a new mobile payment platform, Apple Pay. Over 220,000 merchants in the U.S. have already signed on to Apple Pay. To support the new platform, iPhone 6 includes a secure element chip, which encrypts and stores the payment information. The payment process uses the Touch ID sensor to authenticate each transaction. Users can also suspend all payment activity if a device is lost or stolen.

Organizations will likely have to address whether employees will be able to use Apple Pay on corporate devices and how to remove payment information when an employee no longer uses the device.

For now, the NFC technology is restricted to Apple Pay. As with Touch ID, Apple is expected to eventually loosen the reins, which opens up a wide range of possibilities. For example, the technology makes it possible to replace security badges, access data embedded in business cards or read product identifiers that can include everything from shipment dates to contact information. It's not known when this technology might become available or how pervasive it could become.

IT's wake-up call

Apple's release of iOS 8, iPhone 6 and iPhone 6 Plus brings with it multiple features that can benefit the enterprise. Security and device management has been enhanced and application development made more flexible and extensive. As good as all this sounds, IT administrators will have to contend with all the implementation and management considerations that come with any new technology. They'll also have to vet any of the new consumer apps that are likely to show up on these devices. On the surface, a new mobile OS and a couple new phones might not seem a big deal, but when you dig into the specifics, you can see that IT administrators have plenty of work ahead of them to fully acclimate to iOS 8 and the iPhone 6.

Next Steps

IT prepares for with new Apple iPhone 6, iOS 8

Dig Deeper on Apple iOS in the enterprise