• United States



by John P. Mello, Jr.

Apple’s iOS 7 gives security pros a lot to like

Sep 10, 20134 mins
AppleData and Information SecurityMobile Device Management

New mobile OS, launched with its iPhone 5S and 5C and a free update for iOS 6 users, should strengthen Apple's appeal in the enterprise

Fingerprint reading isn’t the only sign that Apple is upping the ante in mobile security. It’s new operating system is full of goodies that should boost its security appeal in the enterprise.

“Before iOS 7, Apple already had a secure operating system, with many options available to enterprises to lock them down,” said SilverSky CTO Andrew Jaquith.

“Only the BlackBerry had more options,” Jaquith said. “With iOS 7, companies will find many of their remaining needs addressed. Its clear that Apple is listening to their enterprise customers.”

Following the security lead of BlackBerry, and Samsung with its Knox platform, Apple has added features to help segregate personal from professional information on a device.

“They are doing this with a few different features, including restricting company apps from talking to personal apps, as well as offering a per-app VPN. which can selectively route only enterprise traffic,” said Jonathan Dale, marketing director of Fiberlink..

“In my opinion, Apple appears to have significantly improved the controls which help separate work and personal information,” Dale said. “Users and companies should feel more secure that their data will not go to unintended places.”

The new iOS also has better support for Mobile Device Management (MDM) systems. The potential lag between initializing a device on the network and enrolling it in an MDM. Now the two tasks can rolled into one for more efficient and easier operation.

“There will be more mobile security policies available to lock down devices,” SilverSky’s Jaquith said.

“These include additional options for restricting Siri, AirDrop file sharing, and which apps can open particular files and attachments,” he said. “Admins should be able to restrict documents in company email, for example, from being opened in DropBox.”

Apple has also enhanced containerization in the OS. Its “Open In” management separates personal and corporate data so business content will be opened only in specific apps approved by the enterprise.

“Single Signon” is another attractive security feature of the new iOS. It allows a device to communicate with the backend of a system without each of its apps generating usernames and passwords for themselves. “It makes things much easier for the end user,” PJ Gupta, CEO of Amtel, said in an interview.

Senthil Krishnapillai, head of mobile security for SAP, told CSOonline: “It tremendously improves the usability of the application, and combined with fingerprint reading, it gives you true two-factor authentication.”

[Also see: Apple’s iPhone 5S presents more questions than answers for businesses]

With the new iOS, Apple is also giving administrators the power to reuse app licenses. Prior to iOS 7, when an app was issued to an employee, its license stayed with the employee. Now that license can be recovered by the organization. “There was no way to reclaim the license,” Fiberlink’s Dale said. “It was a big deal because it was a big pain.”

Gupta noted that Apple has also modified the application lock feature in the new iOS. Prior to iOS 7, if a phone was lost or stolen, whoever recovered the handset may not be able to get past the application lock to access the phone’s data, but they could do a system reset and use the phone as their own.

That can’t be done with iOS 7. If the application lock is activated, a system reset won’t allow the phone to be reused. “It becomes a brick,” Gupta said.

With its new security features, iOS is keeping pace with security stalwart BlackBerry, and Samsung’s Knox security platform. “With the introduction of Knox, Apple has had to play catchup with Samsung in the enterprise market,” Gupta said.

However, SAP’s Krishnapillai said that because of the way the Android ecosystem works, Apple has a leg up on Samsung. Knox is limited to a specific model of Samsung phone.

“Developers writing for Knox have to make an app for Knox and one for the rest of the Android market,” Krishnapillai said. “App developers for iOS only have to write for iOS.”