Ready or not, the Apple iOS 7 release date is September 10.
During the lead-up to the launch, TechRepublic has worked to keep IT pros informed about the developments.
In this interview, Amtel Founder and CEO PJ Gupta
talks about what CIOs and enterprises need to know regarding iOS 7. Amtel is a
cloud-based mobile device management (MDM) and telecom expense management
provider located in Santa Clara, CA.
TechRepublic: At the enterprise level, what are the
most important changes in Apple iOS 7?
PJ Gupta: The most important change iOS 7 brings
at the enterprise level is the security that enterprises need, especially for
the apps and content management. Some interesting iOS 7 enterprise feature enhancements
include enterprise single sign on (SSO), per app VPN, activation locking,
automatic enrollment in MDM during activation, requiring documents to be opened
with a specified app, and App Store Volume Purchase Program (VPP) license management.
TechRepublic: Based on your conversations, what
features are CIOs most excited about with iOS 7?
PJ Gupta: SSO
allows user credentials to be used across apps. This is big because you can now
implement security without making it too hard for users to comply. By allowing
users to log in without having to re-enter passwords for every app, SSO
encourages secure behavior. Each app configured with SSO verifies user
permissions for enterprise resources, and grants authorized access accordingly.
Per app VPN
gives IT granular control over corporate network access. Apps can be configured
to automatically connect to VPN upon launching. Managed app configuration helps
deploy and manage iPhones and iPads more efficiently in the enterprise.
Activation locking. Turning off Find My iPhone or erasing the device requires an Apple ID and password. When
a device is lost or stolen, the person who got it now won’t be able to simply
erase everything on the phone and start using it. Also, when the device has
been wiped remotely using the Find My iPhone service, re-activation requires
the same iCloud account credentials, making the device useless for thieves.
New MDM configuration options allow IT departments to enroll devices
into existing MDM solutions, ensuring that devices are configured with
corporate settings and are in-line with predefined policies. The MDM protocol
in iOS 7 includes a number of new commands, queries, and configuration options
that allow MDM solutions to set up and manage apps over the air, AirPrint
printers, and white-list AirPlay destinations. Large fleets of company-owned
devices can be automatically enrolled in MDM during activation, fully
configured with corporate settings and policies, and users can be up and
App Store license management. iOS 7 will introduce the App Store
VPP, providing businesses the opportunity to assign apps to Apple devices while
keeping control and ownership over the licenses. IT can purchase app licenses
from Apple and use an MDM solution to assign apps to employees over the air.
App licenses can also be revoked and reassigned to other employees.
Managed Open In. Stricter control will be placed on documents viewed on an
Apple device, by controlling which apps and accounts are used to open documents
and attachments. This can help keep work documents in corporate apps and also
prevent personal documents from being opened in managed apps.
App data protection. Using methods that leverage the
user’s passcode to create a strong and unique encryption key, data protection
provides IT with peace of mind that corporate data is secured without
additional configuration. All third-party apps now have data protection enabled
automatically, so information stored in App Store apps is protected with the
user’s passcode until they unlock their device after each reboot.
TechRepublic: What kind of opportunity does Apple
have in the enterprise mobile market with this month’s launch of iOS 7?
PJ Gupta: Apple is known for design excellence
and ease of use. It has been a popular consumer device, but with the iOS 7
release, Apple devices become easier to use, secure, and can be managed in
enterprise applications. With the promise of more cost-effective devices, large-scale
deployments may now become feasible.
TechRepublic: How do enterprises need to prepare for
the changes coming with iOS 7?
PJ Gupta: Mobile operations in enterprise IT
departments should form a team to evaluate how they can make full use of the
enterprise security enhancements coming in iOS 7. For example, how do you plan
to use SSO? What users will get what permissions for resource access? What apps
will automatically initiate VPN access? Do you have an MDM solution in place to
take advantage of the new features?
devices could use some planning. iOS 7 is supported on iPhone 4 and iPad 2 or
later devices, so the newer devices will be easier to upgrade. It’ll be prudent
to analyze the inventory of devices and decide the upgrade plan for new
devices. Encourage automatic upgrade for eligible devices and migrate users
with older devices.
Then there is the
operational planning required to evaluate the internal LAN and external WAN
network bandwidth to handle the OS upgrades, since most of the devices use
Wi-Fi to get the new OS on the devices.
The new look and feel
may cause some user shock, so you may have some user training and hand-holding
in store. Get your help desk trained and ready, and plan your upgrade rollout.
TechRepublic: Apple iOS has enjoyed a strong
reputation in the security community. Why in your view is this the case?
PJ Gupta: At first blush, a security breach is
associated with malware threats and virus attacks. Apple has already done a
good job protecting the App Store from malware infiltration, hence some of the
stronger security perceptions of Apple devices and apps.
But there’s a lot
more to security than malware intrusion. Authentication, access control, and
data protection are critical in enterprise applications. With iOS 7’s security
enhancements, Apple comes so much closer to an enterprise-ready mobile OS.
TechRepublic: Let me ask about a functionality that
Amtel provides. What is mobile Geofencing?
PJ Gupta: Geofencing is a key location-based
security feature that Amtel pioneered in its MDM solution and was later adopted
by many vendors. After defining geofence areas, security policies can be
implemented when the mobile device enters or exits the geographic boundaries of
the area. Such policies can implement access control restrictions, pre-defined
security profiles, or alerts to management upon policy or threshold violations.
As a use case
example, you can define work location as a geofenced area, and then you can
restrict certain enterprise apps to be run only within the work location. Some
other apps like games can be blocked at work location during working hours. The
visibility of apps on user screens can be controlled based on location. For
example, some mandatory apps appear when the user enters a geofenced area,
while blocked apps disappear from the screen. When the user exits the geofenced
area, the blocked apps reappear.
Let me add
there are certain features that are not part of iOS 7, and CIOs would like to
have them in future releases to make the devices more enterprise-centric:
1. The ability to
provide multiple user support, which would allow enterprises in both the public
and private sector to re-use devices by different personnel. This feature makes
even more sense in educational use cases.
The ability for enterprises to unmount or hide the pre-installed apps on the
iOS devices. Some of these apps are consumer-focused and are distractions for
iOS products use in the enterprises.