How CIOs should prepare for iOS 7

Amtel Founder/CEO PJ Gupta speaks with TechRepublic about the enterprise-level changes and implications of the September 10 release of Apple iOS 7.


Ready or not, the Apple iOS 7 release date is September 10. During the lead-up to the launch, TechRepublic has worked to keep IT pros informed about the developments.

In this interview, Amtel Founder and CEO PJ Gupta talks about what CIOs and enterprises need to know regarding iOS 7. Amtel is a cloud-based mobile device management (MDM) and telecom expense management provider located in Santa Clara, CA.

TechRepublic: At the enterprise level, what are the most important changes in Apple iOS 7?

PJ Gupta: The most important change iOS 7 brings at the enterprise level is the security that enterprises need, especially for the apps and content management. Some interesting iOS 7 enterprise feature enhancements include enterprise single sign on (SSO), per app VPN, activation locking, automatic enrollment in MDM during activation, requiring documents to be opened with a specified app, and App Store Volume Purchase Program (VPP) license management.

TechRepublic: Based on your conversations, what features are CIOs most excited about with iOS 7?

PJ Gupta: SSO allows user credentials to be used across apps. This is big because you can now implement security without making it too hard for users to comply. By allowing users to log in without having to re-enter passwords for every app, SSO encourages secure behavior. Each app configured with SSO verifies user permissions for enterprise resources, and grants authorized access accordingly.

Per app VPN gives IT granular control over corporate network access. Apps can be configured to automatically connect to VPN upon launching. Managed app configuration helps deploy and manage iPhones and iPads more efficiently in the enterprise.

Activation locking. Turning off Find My iPhone or erasing the device requires an Apple ID and password. When a device is lost or stolen, the person who got it now won't be able to simply erase everything on the phone and start using it. Also, when the device has been wiped remotely using the Find My iPhone service, re-activation requires the same iCloud account credentials, making the device useless for thieves.

New MDM configuration options allow IT departments to enroll devices into existing MDM solutions, ensuring that devices are configured with corporate settings and are in-line with predefined policies. The MDM protocol in iOS 7 includes a number of new commands, queries, and configuration options that allow MDM solutions to set up and manage apps over the air, AirPrint printers, and white-list AirPlay destinations. Large fleets of company-owned devices can be automatically enrolled in MDM during activation, fully configured with corporate settings and policies, and users can be up and running fast.

App Store license management. iOS 7 will introduce the App Store VPP, providing businesses the opportunity to assign apps to Apple devices while keeping control and ownership over the licenses. IT can purchase app licenses from Apple and use an MDM solution to assign apps to employees over the air. App licenses can also be revoked and reassigned to other employees.

Managed Open In. Stricter control will be placed on documents viewed on an Apple device, by controlling which apps and accounts are used to open documents and attachments. This can help keep work documents in corporate apps and also prevent personal documents from being opened in managed apps.

App data protection. Using methods that leverage the user's passcode to create a strong and unique encryption key, data protection provides IT with peace of mind that corporate data is secured without additional configuration. All third-party apps now have data protection enabled automatically, so information stored in App Store apps is protected with the user's passcode until they unlock their device after each reboot.

TechRepublic: What kind of opportunity does Apple have in the enterprise mobile market with this month's launch of iOS 7?

PJ Gupta: Apple is known for design excellence and ease of use. It has been a popular consumer device, but with the iOS 7 release, Apple devices become easier to use, secure, and can be managed in enterprise applications. With the promise of more cost-effective devices, large-scale deployments may now become feasible.

TechRepublic: How do enterprises need to prepare for the changes coming with iOS 7?

PJ Gupta: Mobile operations in enterprise IT departments should form a team to evaluate how they can make full use of the enterprise security enhancements coming in iOS 7. For example, how do you plan to use SSO? What users will get what permissions for resource access? What apps will automatically initiate VPN access? Do you have an MDM solution in place to take advantage of the new features?

Migrating existing devices could use some planning. iOS 7 is supported on iPhone 4 and iPad 2 or later devices, so the newer devices will be easier to upgrade. It'll be prudent to analyze the inventory of devices and decide the upgrade plan for new devices. Encourage automatic upgrade for eligible devices and migrate users with older devices.

Then there is the operational planning required to evaluate the internal LAN and external WAN network bandwidth to handle the OS upgrades, since most of the devices use Wi-Fi to get the new OS on the devices.

The new look and feel may cause some user shock, so you may have some user training and hand-holding in store. Get your help desk trained and ready, and plan your upgrade rollout.

TechRepublic: Apple iOS has enjoyed a strong reputation in the security community. Why in your view is this the case?

PJ Gupta: At first blush, a security breach is associated with malware threats and virus attacks. Apple has already done a good job protecting the App Store from malware infiltration, hence some of the stronger security perceptions of Apple devices and apps.

But there's a lot more to security than malware intrusion. Authentication, access control, and data protection are critical in enterprise applications. With iOS 7's security enhancements, Apple comes so much closer to an enterprise-ready mobile OS.

TechRepublic: Let me ask about a functionality that Amtel provides. What is mobile Geofencing?

PJ Gupta: Geofencing is a key location-based security feature that Amtel pioneered in its MDM solution and was later adopted by many vendors. After defining geofence areas, security policies can be implemented when the mobile device enters or exits the geographic boundaries of the area. Such policies can implement access control restrictions, pre-defined security profiles, or alerts to management upon policy or threshold violations.

As a use case example, you can define work location as a geofenced area, and then you can restrict certain enterprise apps to be run only within the work location. Some other apps like games can be blocked at work location during working hours. The visibility of apps on user screens can be controlled based on location. For example, some mandatory apps appear when the user enters a geofenced area, while blocked apps disappear from the screen. When the user exits the geofenced area, the blocked apps reappear.

Let me add there are certain features that are not part of iOS 7, and CIOs would like to have them in future releases to make the devices more enterprise-centric:

1. The ability to provide multiple user support, which would allow enterprises in both the public and private sector to re-use devices by different personnel. This feature makes even more sense in educational use cases.

2. The ability for enterprises to unmount or hide the pre-installed apps on the iOS devices. Some of these apps are consumer-focused and are distractions for iOS products use in the enterprises.