7 enterprise security improvements in iOS 7

7 enterprise security improvements in iOS 7

Summary: iOS 7 is a major step forward in enterprise mobile security. Apple has institutionalized security techniques for which, until now, enterprises had to go to an independent MDM/MAM vendor.

SHARE:

 |  Image 8 of 8

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Enterprise Single Sign-On

    Nobody likes entering passwords, and it's all that much worse typing them on glass on a tiny phone. With Enterprise single sign-on, IT can allow users to enter one set of enterprise credentials and be authenticated for any app.

    Previous versions of iOS allowed this for all apps by the same vendor, but in iOS 7 any app by any vendor can be included.

    IT can also specify a set of URL prefixes to be included for single sign-on. If the user visits any site that starts with the prefix (e.g. http://www.zdnet.com/topic-apple/), iOS will send the credentials to the server.

  • Biometrics - Touch ID

    There have been attempts at biometrics in mobile devices before, but they were never easy to use, reliable and mass-market. It figured that Apple would be the first to do this.

    Touch ID is a fingerprint sensor, so far only on the iPhone 5S, built into the Home button. It handles biometric authentication and authorization and returns a simple yes or no to iOS 7.

    There's definitely some question as to how secure Touch ID can be. It may not be secure enough for an enterprise. It's also important to note that Touch ID is not two-factor authentication (2FA). You can use a passcode or the fingerprint, but you can't require both. The goal of 2FA, from one perspective, is to make it harder to log in, and Apple isn't interested in that.

    But it's more complicated than that. Touch ID users have to have a passcode as a backup, and if the device is rebooted or hasn't been unlocked in 48 hours the passcode is required. This may make it practical for IT to require very secure passcodes, perhaps 7 or more characters, while still making it easy to access the device on a regular basis.

    Image: Apple

Topics: Security, Apple, iPhone, iPad, Mobile OS, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

41 comments
Log in or register to join the discussion
  • And One Enterprise Security Failure in iOS 7

    iOS 7 and 7.0.2 have broken our prior ability to open attachments contained within S/MIME encrypted messages.

    http://snnyc.com/2013/09/ios7-smime-fail/
    Snnyc
    • was this reported in beta?

      With so many enterprises testing it and so many of them using Outlook you'd think a bug like this would stand out
      larry@...
    • Do you have any other links?

      I checked yours and the links in the tweet gadget to the right - all of those links go back to your page. Or could you possibly post a screenshot?
      athynz
      • a screen shot of the pulsating attachment?

        It's in the post. Here's the direct image URL: http://snnyc.com/wp-content/uploads/2013/09/pulsating.gif
        larry@...
        • Exactly!

          I personally do not use S/MIME encrypted messages so I can't say for sure if this is an actual error or not. A pulsating GIF on a website that the OP runs - at least that is my assumption based on his pseudonym's similarity to the website - does not constitute proof that this exists. I would think if this was an actual issue there would be a lot more press on it. That's why I was asking if he had any more proof such as a screenshot for the iOS device.
          athynz
          • Followup...

            Athynz - A healthy skepticism is appropriate on the Internet, but this S/MIME attachment handling issue in iOS 7 - 7.0.2 is a real problem. If there were anyone at Apple or a high-profile customer who needed proof, I could certainly demonstrate it via a WebEx session using Reflector to mirror an iPad's live screen, or just send them a device configured with test e-mail accounts and certificates.
            Snnyc
  • Improvements? Yes. or not....

    Work announced we can now have the 5S.
    Installed work apps and certs.
    - restricted iCloud (no change from 5)
    - restricted Siri (no change from 5)
    - turn off fingerprint use on Lockscreen (can use for other things)
    - some exchange features having issues (some graphics and attachments)
    rhonin
    • Biometrics

      Fingerprint device login was shut off. It fails corporate security requirements regarding biometric login. Seeing as this is predominately hardware, is it an iOS7 improvement.
      rhonin
  • "Find My iPhone, now with remote lock"

    Windows Phone had this long before Apple. Who is follwiong who?
    pfdsotm
    • I do mention that...

      ... in the article I link to on that page: http://www.zdnet.com/apple-google-microsoft-make-progress-against-phone-theft-7000021171/
      larry@...
    • Couple of features

      doesn't mean anyone is following. Why does someone always feel the need to keep track of these things? Who cares?!
      new gawker
      • Enterprises

        That is who cares. Or maybe, if your company hasn't been thinking about what a lost cell phone can cost the company, it won't matter to you. We offer employees $35/month to use their own cell phones instead of enterprise phones. Very few takers. They don't want their phone wiped if they misplace it (really should not be a big deal if people back up theuir phones). And they don't want their phones locked by policy. people are way to lazy about corporate security even with a lost laptop garnering over $1.25 million in fines these days (HIPAA for a large government organization).
        hforman@...
    • Questionable isn't it.

      It's not the first biometric device either, by a long shot.

      Also MDM is painful if the device isn't work-only. Other platforms have adopted a separate scope for work and personal, or are looking to app launchers or apps like Sencha space for mobile app containers.
      dawesi
  • Apple really should continue patching iOS 6

    iOS 6 is slightly older than a year and support is already being discontinued?
    ye
    • Loyalty

      Just goes to show you how much Apple really cares about it's consumers. I'm sure there's a few million 3S owners out there that are perfectly happy with their phone. Now they're being kicked to the curb............
      svfiat
      • ????

        One does not have to upgrade either their phone or their OS and apps. It's not like Apple is holding a gun to anyone's head. I'm still running iOS 6 on my 4S and it works fine. What exactly is your issue?
        athynz
        • Not Quite Right

          Already starting to see app updates that contain bug fixes and new features. iOS7 is required.
          rhonin
          • security is the other issue

            There are 80 unpatched vulnerabilities in 6.
            larry@...
        • The issue is there are known vulnerabilities.

          And the only way to patch them is to upgrade to iOS 7. Something I am unable to do as I have business applications which do not work on iOS 7.
          ye
        • Security

          Most of the iPhone users I know have extremely confidential email and contacts on their phones. This is a discussion of "enterprise" issues and not who will care about a photo of my GF.
          hforman@...