This content is part of the Essential Guide: Enterprise mobile security smackdown: iOS vs. Android vs. Windows

Essential Guide

Browse Sections

How to restrict iCloud access in the enterprise

Managing Apple iCloud access is important for protecting corporate data that users may access and potentially sync to the cloud from iOS devices.

Managing consumer services in a corporate environment can be a challenge, but Apple's APIs let IT manage Apple...

iCloud access that employees have on their iOS devices.

Apple iCloud is a convenient service that lets iOS and Mac users automate backups and access data from multiple devices. In corporate environments, that is the last thing admins want.

To restrict iCloud access from iPads and iPhones, you’ll need mobile device management (MDM). Third-party MDM products communicate with iOS devices via Apple's application programming interfaces (APIs), allowing admins to push configuration settings and enforce certain policies.

The process of setting devices up with an MDM product is different depending on which MDM vendor you use, but it's done either via an app that the vendor provides or via a Web portal. Once devices are enrolled, administrators can use the MDM server to specify device settings.

Apple's MDM APIs only allow admins to manage and restrict certain functionality on iOS devices. For iCloud, they support management and restriction of the following:

  • Automatic device backups to iCloud
  • Photo Stream  (the automatic uploading of photos from iOS devices to  iCloud)
  • Document synching

The only thing you’ll need to instate these management blocks is an MDM server that supports all of these features.

MDM offerings are still young and many options have come out fairly recently or aren’t yet available, but Apple offers support for managing iCloud access, so it’s likely that your MDM server of choice will too.

MDM support for iCloud is a good start but there isn't a way to fine tune settings, and it's not enough to offer real security for BYOD environments. If you configure the MDM server to completely lock a device from iCloud access, the user can go home and connect the device to his computer, synchronizing everything on his device to his own computer.

Dig Deeper on Apple iOS in the enterprise