Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How IT should prep for iOS 8

Ryan Faas | Sept. 18, 2014
Although Apple has incrementally improved business and enterprise functions with every iOS release, three releases were particularly significant for business users and the IT professionals that support them: iOS 2 (called iPhone OS 2 at the time), which introduced support for Exchange ActiveSync and configuration profiles; iOS 4, which introduced Apple's mobile management and app encryption APIs and helped launch the MDM/EMM industry; and last year's iOS 7, which ratcheted up enterprise security and management capabilities.

While Apple offers an option to disable Handoff on managed devices, it appears that option will be an all-or-nothing choice.

Per-message S/MIME

One useful security option in iOS 8 is Mail's ability to enable S/MIME encryption for individual messages. This is particularly helpful for organizations operating in regulated industries, though many companies may find it attractive as a general security enhancement. The feature is relatively easy to use, but IT departments that implement it will want ensure that users understand it's there, its advantages and how to use it.

Apple Pay

Apple Pay will be less of an issue for techies. It uses the Secure Element in Apple's A8 chip, meaning IT staffers won't have access to any financial data belonging to a user. Beyond that, Apple's approach of not storing actual credit/debit card information on the device — instead, there's a device-specific account number that can be used with the payment service to generate one-time payment tokens or card numbers — provides a high level of user privacy.

Although this limits the technical liability issues associated with Apple Pay on managed devices, it's important that this be spelled out in privacy, mobility and BYOD policies. It is also important that this be clearly conveyed to users of managed devices.

Additional EMM options for iOS devices

In addition to the major changes noted above, Apple added a handful of new EMM commands to iOS 8. As in iOS 6 and 7, these are divided into two categories. The first applies to all iOS devices enrolled in EMM — company-owned and BYOD — and include the following:

  • Allow or prevent Internet search results from being included in Spotlight searches.
  • Allow or prevent iCloud sync for managed apps.
  • Query device to see which managed ebooks are installed (personal ebooks don't get included in the query results).
  • Query device to see when it last backed up using iCloud. (As in previous iOS releases, EMM can block iCloud backup.)
  • Query device for iTunes account. This option doesn't provide details about a user's account for privacy reasons, but by comparing hashes, an EMM console can let an administrator know whether an account has been removed/replaced on a managed device. That information can dictate whether a device should be cut off from licensed apps and ebooks. (It'd be wise to follow up with the device owner before revoking them.)

The second set of EMM commands applies to supervised devices. These are devices that have been purchased and configured by an organization using Apple's Device Enrollment Program or Apple Configurator and, therefore, support additional restrictions.

  • Allow or prevent access to the Erase all Settings and Content function that effectively restores an iOS device to its factory default state.
  • Allow or prevent users from setting up app and device restrictions using the Settings app. (If a device already has restrictions in place with a passcode, an administrator can clear the passcode and the disable restrictions.)
  • Set the name of the device

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.