7 enterprise security improvements in iOS 7

7 enterprise security improvements in iOS 7

Summary: iOS 7 is a major step forward in enterprise mobile security. Apple has institutionalized security techniques for which, until now, enterprises had to go to an independent MDM/MAM vendor.

SHARE:

 |  Image 6 of 8

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Managed Open-In

    When a user clicks "Share" to specify an app in which a document should open, he creates many potential software problems: Open in makes a copy of the document and the application may not be considered secure.

    In iOS 7, through the MDM interfaces, IT can specify which apps are allowed to handle specific content types, potentially limiting that access to managed apps. They call this "Managed Open-In."

  • Per-app VPNs

    System-wide VPNs on mobiles are considered undesirable, partly as a security measure and partly because the company doesn't necessarily want to run all a user's personal traffic through their VPN.

    For some time, MDM vendors have been allowing IT to specify per-app VPNs: each instance of each managed app gets its own VPN tunnel. Now iOS 7 allows these per-app VPNs through the MDM interfaces.

    The VPN is managed entirely by IT. When the app is launched it opens up a VPN tunnel and when it terminates it closes that tunnel. The user launches and uses the app as they normally would, and should see no difference from it running through the VPN.

    At the company end, the VPN could be any of dozens of VPN products from F5, Cisco, Juniper or anyone else, but the VPN products may need to be updated to support this feature.

    Image: Wikimedia Commons

  • Enterprise Single Sign-On

    Nobody likes entering passwords, and it's all that much worse typing them on glass on a tiny phone. With Enterprise single sign-on, IT can allow users to enter one set of enterprise credentials and be authenticated for any app.

    Previous versions of iOS allowed this for all apps by the same vendor, but in iOS 7 any app by any vendor can be included.

    IT can also specify a set of URL prefixes to be included for single sign-on. If the user visits any site that starts with the prefix (e.g. http://www.zdnet.com/topic-apple/), iOS will send the credentials to the server.

Topics: Security, Apple, iPhone, iPad, Mobile OS, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

41 comments
Log in or register to join the discussion
  • And One Enterprise Security Failure in iOS 7

    iOS 7 and 7.0.2 have broken our prior ability to open attachments contained within S/MIME encrypted messages.

    http://snnyc.com/2013/09/ios7-smime-fail/
    Snnyc
    • was this reported in beta?

      With so many enterprises testing it and so many of them using Outlook you'd think a bug like this would stand out
      Larry Seltzer
    • Do you have any other links?

      I checked yours and the links in the tweet gadget to the right - all of those links go back to your page. Or could you possibly post a screenshot?
      athynz
      • a screen shot of the pulsating attachment?

        It's in the post. Here's the direct image URL: http://snnyc.com/wp-content/uploads/2013/09/pulsating.gif
        Larry Seltzer
        • Exactly!

          I personally do not use S/MIME encrypted messages so I can't say for sure if this is an actual error or not. A pulsating GIF on a website that the OP runs - at least that is my assumption based on his pseudonym's similarity to the website - does not constitute proof that this exists. I would think if this was an actual issue there would be a lot more press on it. That's why I was asking if he had any more proof such as a screenshot for the iOS device.
          athynz
          • Followup...

            Athynz - A healthy skepticism is appropriate on the Internet, but this S/MIME attachment handling issue in iOS 7 - 7.0.2 is a real problem. If there were anyone at Apple or a high-profile customer who needed proof, I could certainly demonstrate it via a WebEx session using Reflector to mirror an iPad's live screen, or just send them a device configured with test e-mail accounts and certificates.
            Snnyc
  • Improvements? Yes. or not....

    Work announced we can now have the 5S.
    Installed work apps and certs.
    - restricted iCloud (no change from 5)
    - restricted Siri (no change from 5)
    - turn off fingerprint use on Lockscreen (can use for other things)
    - some exchange features having issues (some graphics and attachments)
    rhonin
    • Biometrics

      Fingerprint device login was shut off. It fails corporate security requirements regarding biometric login. Seeing as this is predominately hardware, is it an iOS7 improvement.
      rhonin
  • "Find My iPhone, now with remote lock"

    Windows Phone had this long before Apple. Who is follwiong who?
    pfdsotm
    • I do mention that...

      ... in the article I link to on that page: http://www.zdnet.com/apple-google-microsoft-make-progress-against-phone-theft-7000021171/
      Larry Seltzer
    • Couple of features

      doesn't mean anyone is following. Why does someone always feel the need to keep track of these things? Who cares?!
      new gawker
      • Enterprises

        That is who cares. Or maybe, if your company hasn't been thinking about what a lost cell phone can cost the company, it won't matter to you. We offer employees $35/month to use their own cell phones instead of enterprise phones. Very few takers. They don't want their phone wiped if they misplace it (really should not be a big deal if people back up theuir phones). And they don't want their phones locked by policy. people are way to lazy about corporate security even with a lost laptop garnering over $1.25 million in fines these days (HIPAA for a large government organization).
        hforman9
    • Questionable isn't it.

      It's not the first biometric device either, by a long shot.

      Also MDM is painful if the device isn't work-only. Other platforms have adopted a separate scope for work and personal, or are looking to app launchers or apps like Sencha space for mobile app containers.
      dawesi
  • Apple really should continue patching iOS 6

    iOS 6 is slightly older than a year and support is already being discontinued?
    ye
    • Loyalty

      Just goes to show you how much Apple really cares about it's consumers. I'm sure there's a few million 3S owners out there that are perfectly happy with their phone. Now they're being kicked to the curb............
      svfiat
      • ????

        One does not have to upgrade either their phone or their OS and apps. It's not like Apple is holding a gun to anyone's head. I'm still running iOS 6 on my 4S and it works fine. What exactly is your issue?
        athynz
        • Not Quite Right

          Already starting to see app updates that contain bug fixes and new features. iOS7 is required.
          rhonin
          • security is the other issue

            There are 80 unpatched vulnerabilities in 6.
            Larry Seltzer
        • The issue is there are known vulnerabilities.

          And the only way to patch them is to upgrade to iOS 7. Something I am unable to do as I have business applications which do not work on iOS 7.
          ye
        • Security

          Most of the iPhone users I know have extremely confidential email and contacts on their phones. This is a discussion of "enterprise" issues and not who will care about a photo of my GF.
          hforman9