10 ways Apple really has changed the (tech) world
The same concept also extends to a mix of public apps and enterprise apps. IT departments can work with business divisions to create a mix of apps that interoperate in the best possible way to accomplish tasks easily and efficiently. IT may not be creating the workflows, but it can inform the discussion and, perhaps more importantly, test and troubleshoot them. That represents a new user-focused way to approach enterprise mobility, though as Rege pointed out doing this will likely mean that "you have to put a lot of things you've away" in order to embrace this new concept.
It's also important to remember that users are likely to begin using extensions to create these workflows, whether or not IT steps in to aid or steer the process. The more involved an IT team is in the initial adoption of iOS 8, the better the opportunity to encourage best practices and educate users on the security risks of sharing business data too liberally.
That brings me to the challenges that this new free flow of data presents. The sandboxing of iOS apps has always inherently offered a level of access control simply because moving data from one app to another was a cumbersome process. Although multi-app workflows have been possible for years under iOS, they have generally been labor-intensive. and this has encouraged many users to seek a single best-in-class app for many tasks. With the ability to access, edit, and share data much more easily, there is a greater concern than ever about data migrating outside of an organization — intentionally or not.
One solution to this challenge, as I discussed previously when looking at iOS 8 from an IT perspective, is Apple's de-facto containerization functionality known as managed open in. Introduced in iOS 7, this allows apps to designated as managed if they were installed via an enterprise mobile management (EMM) suite or enterprise app store and unmanaged if a user installed them from Apple's App Store. The concept also extends to user accounts, including email account, which are designated as managed if configured by EMM enrollment and unmanaged if configured manually by a user.
Under this system, managed apps and accounts can be restricted to sharing data only with other managed apps or accounts. Likewise, unmanaged apps can be restricted to only interacting with other unmanaged apps (see my IT guide to iOS 7 for more details). According to Apple's enterprise-targeted sessions at WWDC in June, apps that include extensions should be subject to these same restrictions. If even more security is required, containerization and other mobile content management solutions included with many EMM products can also be employed.
Sign up for CIO Asia eNewsletters.