Apple devices are known for having a high level of encryption. In fact, iOS data protection follows the same Advanced Encryption Standards the U.S. government uses to protect classified information.
But that doesn't mean iPhones and iPads are immune to mobile security threats. And with iPhones so popular among enterprise users, IT administrators have their hands full trying to keep those devices -- and the data on them -- safe and sound.
The answers in this iOS data protection FAQ will help admins decide the best way to secure users' Apple devices and sensitive corporate data.
What are some known iOS risks, and how can IT combat them?
Apple security gets better with each iOS update, but there are still plenty of weak spots IT must know about. Hardware is an important part of the equation. For example, devices with an A7 or later A Series have a much more secure boot process to verify the device's operating system.
In keeping with iOS data security best practices, IT should replace older enterprise iPhones and iPads when possible, and encourage BYOD users to do the same. New hardware won't guarantee iOS data protection, though -- mobile security threats also prey on software's weak points. IT should maintain policy controls to block outdated operating systems and apps as much as possible, install Apple's software updates as they're released and likewise urge users to install updates regularly.
How can IT strengthen basic iOS encryption?
There are a few ways IT can take advantage of iOS encryption to enforce data protection. Every Apple device since the iPhone 3GS has built-in encryption, including an Advanced Encryption Standard (AES) 256-bit crypto engine and a unique identifier (UID), which is specific to each device.
Apple's default settings make it easier to encrypt all data stored on an iOS device; otherwise, this level of encryption doesn't provide much protection. IT can use remote wipe if a device is lost or stolen, but they might not be able to do it faster than a hacker can break in and steal sensitive data.
But IT can enable iOS data protection at the software level, which works with the hardware and firmware encryption to create a higher level of security. IT should also require complex passcodes with at least six characters, which could take a hacker years to crack.
What happens if jailbreaking occurs?
There's not much IT can do to prevent jailbreaking, but admins can take steps to deter it, detect it and contain potential enterprise risks.
In this video, filmed at the M-Enterprise Boston conference, mobility experts discuss the evolution of enterprise mobile security best practices and IT's ever-changing role.
Jailbreaking removes manufacturer or carrier restrictions from a device to allow sideloading, the installing of programs that aren't available through the App Store. The intent might be harmless, but jailbreaking can expose a device to malware and other threats.
IT can defend sensitive data from jailbreaking by keeping devices and apps up to date; Apple's iOS updates and fixes attempt to close known vulnerabilities. IT can also use mobile device management (MDM) to detect jailbroken devices.
How can EMM tools help with iOS data protection?
Enterprise mobility management (EMM) tools give IT more granular control over data and devices. Many EMM suites include MDM tools that assess new devices when they connect to a corporate network or access a company's cloud services. IT can then enforce enterprise security policies by rejecting devices that don't meet minimum criteria.
IT can also use EMM tools to containerize business data and prevent users from accidentally leaking it. In addition, many EMM suites offer mobile content management and secure email and browser applications to further protect data.
Protect mobile data in these three steps
New iOS app management features are all about data
IT's guide to managing iOS devices