There’s no doubt mobile technologies are quickly becoming part of the employee toolset as many organizations roll out BYOD initiatives or distribute corporate-owned devices. In many cases, management and executives are choosing iOS devices, as enterprise initiatives or even by executive users’ demand. Personal technologies deliver tremendous flexibility to your workforce but also present various control and security concerns. If you decide to go mobile, you’ll need to change your approach to delivering services, managing support, and protecting your assets. What’s more, Apple—and more specifically, iOS devices—are traditionally thought of as consumer products, separate from traditional enterprise technologies. But we can see that perception beginning to change. Are those devices truly ready for business? Read on for insights into iOS features and integration feasibility.
The standard practice for IT departments has been to image PCs with a standard list of software and settings, and then to completely control client machines in order to provide sufficient management and support. With iOS devices, corporate data lives alongside personal data on the same device and is managed with a MDM (mobile device management) solution. Now IT departments must securely manage corporate data on a variety of mobile devices, in a way that doesn’t create more work for them, while at the same time meeting expectations of end users. In other words, an IT person stopping by an employee’s desk to enter an admin password on a dated PC is quickly becoming an antiquated method of service and support—and not even an option with mobile workforces.
There are several mobile platforms on the market today which operate quite differently than traditional desktop and notebook operating systems. Apple has created a secure ecosystem with iOS that makes it easy to manage and integrate with existing enterprise technologies. You may not have known it, but previous versions of iOS already had a number of business-ready features and technologies, such as:
- Encryption: Hardware encryption is always enabled and cannot be disabled, while software encryption is enabled with use a passcode.
- Application Sandboxing: Data cannot be exchanged between multiple apps, which is built into the operating system.
- iOS Restrictions: These can be created and applied using configuration profiles, containing settings called payloads. An MDM typically compliments iOS restrictions in enterprise deployments and provides wireless configuration profile distribution.
- PKI Infrastructure: iOS uses a series of keys for system security.
- Code Signing: All iOS apps are tested and approved by Apple before they are made available on the App Store. A process occurs during app launch on an iOS device and during runtime to check that the app hasn’t been modified during its journey from the App Store to the device. If it has, the iOS device will erase the app. Moreover, iOS requires all code to be signed with an Apple-issued certificate.
- Selective Wipe: Selective Wipe works very well for BYOD deployments. iOS supports Selective Wipe, which provides the ability to remove corporate data from a personal device, leaving personal data on the device. Any data contained in corporate issued apps is also removed. MDM solutions offer the Selective Wipe feature, whereas Exchange ActiveSync only has the ability to execute a total wipe of an iOS device.
- VPN: iOS supports VPN out of the box, including VPN on Demand.
- WiFi: iOS also supports many WiFi protocols, including WPA2 Enterprise with 802.1x authentication and RADIUS.
These features, in conjunction with the fact that 93% of users are currently standardized on one OS (see figure), creates a strong argument for iOS as a superior choice for a mobile business platform.
Apple recently released iOS 7, which includes even more features that make iOS devices perfect for business deployment:
- Managed Open In: Provides IT the ability to configure the apps available in the sharing panel. Managed apps have the ability to share data between each other, which is separated from personal apps and data.
- Per App VPN: Apps can be configured to automatically connect securely to VPN when they are launched, ensuring data transmitted by managed apps travels through VPN. This gives IT control over what data flows over a corporate network.
- App Store License Management: Apps can be revoked at any time and reassigned to other employees, in addition to offering businesses the ability to keep full ownership and control over app licenses.
- New MDM Configurations: New commands, queries, and configuration options for MDM solutions. This includes wireless configuration of managed apps, Apple TV and AirPlay Mirroring, as well as restrictions for features such as AirDrop and Control Center.
- Streamlined MDM Enrollment: Corporate-owned devices can be automatically enrolled in MDM during activation.
- Enterprise Single Sign-On: User credentials can be used across apps and URLs, including apps from the App Store.
- 3rd Party App Data Protection: All 3rd party apps have data protection enabled automatically, so information stored in App Store apps is protected with software encryption until users first unlock their device after each reboot.
- iBeacons: Micro-location technology built into iOS 7, which leverages Low Energy Bluetooth (BLE). This is an alternative to near field communication (NFC), which is available on competitors’ mobile platforms.
It’s clear that mobility is here to stay—and iOS is your best option to get users on their way in a secure manner. For more information, our Mobility Services are a great place to start.