7 enterprise security improvements in iOS 7

7 enterprise security improvements in iOS 7

Summary: iOS 7 is a major step forward in enterprise mobile security. Apple has institutionalized security techniques for which, until now, enterprises had to go to an independent MDM/MAM vendor.


 |  Image 1 of 8

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • A big step forward for enterprise security

    In most ways, iOS is no more "secure by design" than most other operating systems, and yet, as a practical matter, security problems have been slight in the real world. Apple has gotten away with doing far less than they might have, in no small part because third party security vendors filled in the gaps.

    The deficiencies in Apple's security management spawned the Mobile Device Management (MDM) and Mobile Application Management (MAM) industries. It is in these areas, which allow IT to manage and control the usage of mobile devices, where iOS 7's strongest improvements lie.

    There are features with broader appeal, such as Touch ID, the first usable biometrics in a phone, and remote lock, which protects lost and stolen phones. And there are other important improvements that are even more obscure than MDM improvements.

    In the pages that follow I describe seven improvements that make iOS 7 a much more secure operating system in an enterprise setting than iOS 6.

    Image: Apple

  • Find My iPhone, now with remote lock

    If your phone is lost or stolen, Find My iPhone allows you to locate or wipe it. iOS 7 improves the feature greatly by letting the user provide a message to display on the phone and prevent all other use. Even if the phone is wiped, iOS 7 will still prevent all use until the registered owner logs in to the proper iCloud account.

    This is the one the ones that everyone knows about. For the most part, the same rationale for this feature apply both to business and consumer use. Nobody wants their phone to get lost or stolen. If it's lost they want to make it easy for someone to return it. If it's stolen they want the data protected from access and the phone to be useless to the thieves.

    It's because of this feature and similar ones from Microsoft and Google that I think the incentive for phone theft will diminish a great deal in the next few years.

    If IT wants to, they can manage the Find My iPhone setting through the new MDM interfaces (more about that just ahead), including putting the device in "lost" mode. But in order to make it manageable, the phone's user (specifically, someone with the phone's iCloud credentials) will first need to disable the setting.

    Remote wipe still works on remotely-locked systems, but then a user would still need to enter the phone's iCloud credentials when booting out of the wipe.

    Image: Apple

Topics: Security, Apple, iPhone, iPad, Mobile OS, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And One Enterprise Security Failure in iOS 7

    iOS 7 and 7.0.2 have broken our prior ability to open attachments contained within S/MIME encrypted messages.

    • was this reported in beta?

      With so many enterprises testing it and so many of them using Outlook you'd think a bug like this would stand out
      Larry Seltzer
    • Do you have any other links?

      I checked yours and the links in the tweet gadget to the right - all of those links go back to your page. Or could you possibly post a screenshot?
      • a screen shot of the pulsating attachment?

        It's in the post. Here's the direct image URL: http://snnyc.com/wp-content/uploads/2013/09/pulsating.gif
        Larry Seltzer
        • Exactly!

          I personally do not use S/MIME encrypted messages so I can't say for sure if this is an actual error or not. A pulsating GIF on a website that the OP runs - at least that is my assumption based on his pseudonym's similarity to the website - does not constitute proof that this exists. I would think if this was an actual issue there would be a lot more press on it. That's why I was asking if he had any more proof such as a screenshot for the iOS device.
          • Followup...

            Athynz - A healthy skepticism is appropriate on the Internet, but this S/MIME attachment handling issue in iOS 7 - 7.0.2 is a real problem. If there were anyone at Apple or a high-profile customer who needed proof, I could certainly demonstrate it via a WebEx session using Reflector to mirror an iPad's live screen, or just send them a device configured with test e-mail accounts and certificates.
  • Improvements? Yes. or not....

    Work announced we can now have the 5S.
    Installed work apps and certs.
    - restricted iCloud (no change from 5)
    - restricted Siri (no change from 5)
    - turn off fingerprint use on Lockscreen (can use for other things)
    - some exchange features having issues (some graphics and attachments)
    • Biometrics

      Fingerprint device login was shut off. It fails corporate security requirements regarding biometric login. Seeing as this is predominately hardware, is it an iOS7 improvement.
  • "Find My iPhone, now with remote lock"

    Windows Phone had this long before Apple. Who is follwiong who?
    • I do mention that...

      ... in the article I link to on that page: http://www.zdnet.com/apple-google-microsoft-make-progress-against-phone-theft-7000021171/
      Larry Seltzer
    • Couple of features

      doesn't mean anyone is following. Why does someone always feel the need to keep track of these things? Who cares?!
      new gawker
      • Enterprises

        That is who cares. Or maybe, if your company hasn't been thinking about what a lost cell phone can cost the company, it won't matter to you. We offer employees $35/month to use their own cell phones instead of enterprise phones. Very few takers. They don't want their phone wiped if they misplace it (really should not be a big deal if people back up theuir phones). And they don't want their phones locked by policy. people are way to lazy about corporate security even with a lost laptop garnering over $1.25 million in fines these days (HIPAA for a large government organization).
    • Questionable isn't it.

      It's not the first biometric device either, by a long shot.

      Also MDM is painful if the device isn't work-only. Other platforms have adopted a separate scope for work and personal, or are looking to app launchers or apps like Sencha space for mobile app containers.
  • Apple really should continue patching iOS 6

    iOS 6 is slightly older than a year and support is already being discontinued?
    • Loyalty

      Just goes to show you how much Apple really cares about it's consumers. I'm sure there's a few million 3S owners out there that are perfectly happy with their phone. Now they're being kicked to the curb............
      • ????

        One does not have to upgrade either their phone or their OS and apps. It's not like Apple is holding a gun to anyone's head. I'm still running iOS 6 on my 4S and it works fine. What exactly is your issue?
        • Not Quite Right

          Already starting to see app updates that contain bug fixes and new features. iOS7 is required.
          • security is the other issue

            There are 80 unpatched vulnerabilities in 6.
            Larry Seltzer
        • The issue is there are known vulnerabilities.

          And the only way to patch them is to upgrade to iOS 7. Something I am unable to do as I have business applications which do not work on iOS 7.
        • Security

          Most of the iPhone users I know have extremely confidential email and contacts on their phones. This is a discussion of "enterprise" issues and not who will care about a photo of my GF.