What IT Departments Ought To Know About iOS 6

What IT Departments Ought To Know About iOS 6

While the iPhone 5 is unlikely to have a significant impact upon enterprise mobile management strategies (apart from perhaps a difficulty at keeping up with the demand), IT departments concerned with the security of their mobile fleet should be paying attention to the new features in its OS.

iOS 6 offers a range of impressive new features that will be attractive to business users and consumers, but will also pose some issues for enterprise security. Before you go ahead and boycott iOS 6 from being used in your business environment, there are ways to circumvent these new security concerns through security measures Apple have included specifically for its Enterprise customers.

In an article published on CIO, Ryan Faas outlines what enterprises should focus on when implementing iOS 6 in regards to maintaining security. While he concedes that Apple didn’t deliver a huge range of new features in iOS 6 for business customers, favouring instead incremental updates for specific features, he also admits that they have delivered on some long-standing enterprise and education customer requests.

Based on Faas’ article, we have put together a quick guide on managing the new features of iOS 6 and the new mobile management features Apple have included, which you can check out below!

Handling Shared PhotoStreams

PhotoStream was launched last year by Apple, which allows users to synch photos across all of their Macs and iOS devices with iCloud. However, PhotoStream functionality has been extended by Apple in iOS 6, by letting users create shared PhotoStreams, essentially letting a user pick specific photos and share them via iCloud with one or more iOS or Mac users. Shared PhotoStreams, which are very similar to the old MobileMe PhotoCasts, let family members build a library that includes all of their digital photos and makes it easy to share a large number of images with friends and relatives. This, of course, increases the security implications of PhotoStream, as now not only can business data or images be synced to devices and computers outside the corporate network, they can also quickly and easily be transmitted to specific people. Apple have made concessions for the enterprise by allowing IT staff to disable PhotoStream syncing across an employee’s devices as well as Photostream sharing.

Securing Passbook For Mobile Pros On The Go

Passbook is one of the more talked about features of iOS6. This app is essentially a digital wallet, which provides a clean, unified payment system on your iPhone that keeps track of your various loyalty cards and respective balances. In partnership with a variety of brands, Passbook allows you to store things like boarding passes, movie tickets or loyalty cards, and thanks to location awareness, Passbook will display the relevant information based upon your location e.g. boarding passes will pop up when you arrive at the airport. While on the surface this is a lifesaver for the busy professional, it also poses a security concern. Because things stored in Passbook will display on the lock screen when relevant, there is the possibility that sensitive business information may be seen by someone

Certainly a security nightmare. Thankfully Apple have accounted for the enterprise, by including a safeguard for IT departments: iOS 6 mobile management includes an option to prevent Passbook from displaying data while the iPhone is locked.

Keep Personal Email Off Corporate Servers

The separation of personal and business use in emails is Faas’ next suggestion in managing iOS 6. iOS 6 features a ‘frequently emailed contacts’ element, which essentially builds a list of recent/ frequent email contacts. If you regularly correspond with someone, you’ll notice that Mail will auto complete his or her address as you begin typing it, even if the person isn’t listed in the Contacts app. Because Microsoft Exchange supports automatically syncing such recent contact data from devices and applications, recent contacts can end up popping up in Outlook or another application on your work PC. This essentially will remove the separation between personal and work contacts. Apple have included this feature as a mobile management option. As a result, IT can automatically prevent recent contacts on an iPhone or iPad from syncing to the server, ultimately keeping a stricter separation of personal and business use in addition to increasing employee privacy.

Automatic Unenrollement

While generally configuration and security settings implemented by IT departments or businesses are implemented with the intention of keeping it active at  least until the user leaves the company, sometimes a specific configuration or restriction needs to be in place for a specific period of time. Faas gives the example of an employee at a conference who will need remote access to the corporate network as a once off. For this to happen, a VPN configuration will need to be set up to give them access, which will then need to be revoked by the IT department once the user is back . The best way to handle this would be to have that VPN configuration or time sensitive setting automatically expire when it is no longer needed. iOS 6 enables this for any configuration profiles. This means of course, that all security and management settings (or specific settings related to temporary needs) can be removed automatically, reducing the need to keep track of users and what settings they currently have. This feature in mobile management in iOS 6 offers IT staff the option of setting a specific expiration date or setting a more general time period (e.g. five days from now or three months from now). This presents a great benefit for IT workflows, as the risk of forgetting to remove or change the configuration settings when it is no longer required is reduced, which also consequently improving security.  

Supervised Devices

Apple has extended the Supervise functionality of Apple Configurator (and the tools that integrate with it), by including a set of more stringent options that can be configured. The Guided Access restriction allows IT to “lock” an iPhone or iPad into using just one app. Essentially, this feature disables the iOS home button and locks the iPhone or iPad into a single app. The feature is especially useful for iPads being used in a retail setting as a kiosk or as a digital menu in a restaurant. Furthermore, iOS 6 offers restriction options that can be used to limit which apps work on an iPhone or iPad, which will increase security and reduce headaches for the IT department. This feature can be manually enabled via the Accessibility option under settings > general. Along  the same vein, supervised devices can disable or block the use of Apple’s iMessage system and Game Center.    

Preventing outside certificates and configuration profiles

Another mobile management feature in iOS 6 aims to increase overall security through the blocking of security certificates and configuration profiles (beyond those deployed by IT) from being installed on a supervised device. Outside security certificates, including root certificates can’t added, while this feature also stops users from adding a configuration profile that isn’t from a trusted source. This feature helps improve security by helping ensure that compromised or malicious credentials can’t be used to attack the device or the network resources it uses

 

 

 

 

 

 

 


Do you think these mobile management features in iOS 6 help IT staff improve workflows and security in managing iOS devices? Is it a step forward for iDevices in the Enterprise?