Apple (Finally) Embraces BYOD with iOS 7: An IDN Expert Voices Report

Early signs are in from the Apple iOS 7 launch, and the verdict from Apple partners and enterprise mobility firms is that Apple may have finally released a real set of BYOD-friendly features worth of IT attention.

Tags: Apple, BYOD, iOS, iPad, iPhone, mobile, smartphones, tablets,

Early signs are in from the Apple iOS 7 launch, and the verdict from Apple partners and enterprise mobility firms is that Apple may have finally released a real set of BYOD-friendly features worth of IT attention.

IDN wanted to provide enterprise architects, security and management professionals and mobile appdevs some insight and guide posts to iOS 7. We surveyed some of the best minds in enterprise mobility and BYOD,  including Apple partners, to uncover the top iOS 7 features and to better understand the on the ripple effects of Apple’s latest technology on enterprise IT

Let’s start with IDN’s top 7 reasons BYOD manages should welcome iOS 7.

  1. Per-app VPN – App-level management, not just device-level
  2. Federated security -  Sets stage for SSO, MDM, policy management (e.g Kerberos can work with SAML, OpenID and OAuth).
  3. Email management –  Smart mailboxes, more intuitive user access
  4. Touch ID - Fingerprint scanning only for the device – but 2-factor authentication for wipe / swipe security
  5. Open APIs for better SDKs – from top enterprise vendors
  6. File protection APIs -   encryption and ability to restrict which apps can open docs and attachments, 
  7. 64-bit apps – Better and faster UX, data visualization, data access, low-impact security

Now, with list to guide the discussion, let’s hear what experts say about how enterprise IT should think about and do with these enhancements.

 

Adam Stein
mobile product marketing manager
SAP

SAP is all-in on ways to exploit iOS 7 for better BYOD balance – more IT control and more end user productivity. Within minutes of iOS 7’s download becoming available, SAP announced  support for many key iOS 7 features – from dev, security, scalability, operations and on-going device, app and even content management.

SAP’s portfolio approach to BYOD aims to provide solutions the mobile application lifecycle to help IT control and manage the device, the app, the user and even the content, Stein told IDN.  
 
SAP’s comprehensive approach is designed to put in place a flexible platform that can better adjust than a single product to the next big change in enterprise mobility, he added.   “In mobile, change is the only constant, IT just doesn’t know the next innovation that will come. Our mobile platform can be ready for changes at the device side, the apps side, the OS side – anywhere,” Stein added. “iOS & is that next big change [for BYOD].”

Among them, iOS 7-based support for single sign-on, per-app VPN, app configuration, MDM and even scalability, Stein said.

To highlight some SAP features, it will leverage iOS MDM and per app VPN support to help IT guard against downtime, as well as hacks or IP theft.  To secure content on mobile devices SAP will also support the Open In Management feature to protect content contained in documents that can be accessed or shared via app or email. . The upgrades will be offered across SAP mobile offerings, including  SAP Mobile Secure solutions, SAP Mobile Platform, SAP Afaria and even pre-built mobile apps, he added.

End user customer demand for better BYOD with iPhones and iPads was not SAP’s only motivation. The software giant itself has 50,000 iOS devices, one of the largest enterprise deployments of iPhones and iPads in business, according to an SAP exec.


 

John Dasher
vice president
Good Technology

Good Technology, a leading mobile security vendor also launched a rich set of iOS 7 support across its entire suite of applications, including Good for Enterprise, Good Connect and Good Share. Good  also rolled out iOS 7 support for its rich ecosystem of custom and partner applications built on the Good Dynamics Secure Mobility Platform. 

Good’s upgrades aim to help companies more easily secure end-to-end workflows, develop, test and launch new secure-ready iOS 7 apps more quickly, and simplify device and app management,  Good Technology vice president John Dasher told IDN.

In specific, Good is leveraging the new Apple iOS 7 built-in MDM and Kerberos encryption capabilities in iOS 7 to support extended restriction controls, SSO and configuration and policy management for MDM-managed apps.    Further, Good will help IT secure data and content that moves between apps, as well as app-to-app security,

Good adds  iOS 7 support to its multi-OS platform, providing IT with consistent app security and management across iOS versions, as well as Android and Windows 7 environments, Dasher added.

For app devs, Good also offers an SDK that provides  deep source code level analysis to make sure apps aren’t misbehaving. “We can find out if a new [iOS 7] app might permit data leakage or not behave properly in or with a cloud,” he said, noting Good’s SDK can examine more than 700 APIs already, looking at everything from URLs, data transmissions and file systems and so forth. 

While Good is supportive of Apple’s new Touch ID biometrics security, Dasher had one notable reservation. “While we are all for 2nd factor authentication, Touch ID as it stands now secures the device but not the app itself. That said, it’s a nice solution to a tough problem, and may educate users about security of their device.”
 
Good’s platform and SDK support for iOS 7 is available immediately.


 

Leif Bildoy
senior product manager
Layer 7,  a CA Technologies company.

 

“This new set of [iOS] features is welcome,” Bildoy told IDN, and listed some notable ones.

“Take something like VPN where opening up a generic pipe into an enterprise network is leaving too much undecided and a sub-optimal UX has so far prevented any significant uptake. With a more fine-grained approach like per-app VPN, the IT security group is better equipped to provide the required balance between security and productivity enhancements,” he said.

 

Bildoy also noted the importance of integration to getting the most from iOS. “One potential challenge will be to bridge the Apple SSO solution to existing SSO infrastructure that enterprises may have in place. We know how Apple usually cares most about having their own services integrate well, but the key for enterprises [IT] will be to find a way to bridge the Apple SSO to OAuth 2.0 and OpenID Connect  based solutions,” he said.

 

Given this need to integrate, Bildoy sees the emergence of APIs as delivering crucial value to enterprises – and even Apple. In BYOD, enterprises by definition are supporting multiple platforms – not just IOS. Therefore, Bildoy suggested, a mobile device must be able “to tie into existing infrastructure the enterprise has deployed for multiple platforms. The big ripple will be the APIs that allow third party integration.”

Powered by API-driven integration, Bildoy predicts  that iOS 7 will open “an opportunity for vendors that provide a shim on top of the platforms' security pieces. . to tie the iOS7 features to existing infrastructure.” This  may include configuration or reprogramming of existing apps depending on what approach you have used so far. “With a modern approach to app development, you may already be using APIs to access enterprise data,” he added, which means the API mindset won’t force too much of a disruptive change.


 

J Schwan
ceo and founder 
Solstice Mobile.

Schwan said IT looking for greater device and data security can find a lot to work with in 3 key features.

 

  1. Enterprise Single Sign-on – This feature is about bringing together user experience and increased security, he said.  “Users will be able to log-in once and authenticate across enterprise services. While there are many mobile management platforms that currently allow the cross-authentication, this feature definitely provides advantages for the developers and for IT with the integration into the iOS, eliminating the need for a third-party to provide this,” Schwan added. .
  2. Activation Lock – “One of the biggest security features is the Activation Lock,” Schwan said.  It will prevent the reactivation of a lost or stolen iPhone without the owner's iCloud account details. “Within the MDM/BYOD conversation, this feature helps ease some of the fear of IT in regards to the lost or stolen iPhone that has access to the enterprise system,” he added. .
  3. Per-app VPN – Like many others, Schwan is keen on the upside for per-app VPN. “It will provide enterprises with a more efficient access option and should lower the load on the company’s network.,” he said.  However, IT needs to pay attention to how they implement it for best results. “ In order to benefit from per app VPN and other enterprise features, users must be running iOS 7. No app update is required. Changes to the VPN are sent through the Enterprise MDM. If an enterprise's MDM vendor supports this, then users can begin utilizing per app VPN immediately,” he added.

 


 

Tim Williams
director of product
Absolute Software

“I don’t see how you can explain these updates to iOS 7 in any way than to say Apple is trying to make it easier for enterprise IT to support iPhones for work. They are the kind of feature requests we’ve been hearing from our enterprise customers for a while,” Watkins said, whose company is a security and management provider and Apple partner

He also said the ease-of use of the per app VPN will eliminate a lot of headaches and complexity for IT managers looking to support BYOD with Apple devices. . “If I bring my mobile device in to work as a user, if I need to setup and use my VPN, and that is often cumbersome for end users to figure out, and maybe that affects productivity,” Williams said. “So, some users may naturally look for ways to circumvent or work-around those corporate restrictions.”
Now, a per-app VPN restriction may get end users to just follow the rules for mobile at work, so long as the VPN will stop blocking or slowing down a worker’s personal apps, he said. 

Another benefit to new iOS hooks will be an improve enterprise app store experience – for IT and end users.  Absolute also offers an enterprise app store, and Watkins feels the hooks in iOS 7 may promote wider adoption of such app stores for work. “We offer a self-service [app] store for companies, and we feel with the new iOS 7, we can help IT begin to provide a ready-made list of recommended and secure apps for iPhones. The changes give us and IT the power we didn’t have before,” he said.


 

Matt Cutler
ceo and founder
Collaborate.com

“Without question the iPhone 5s attacks a very different technological problem with aggressive simplicity, Cutler said.  But tapping into iOS 7 features may not be an instant out-of-the-box experience. “Apps will need to be explicitly enabled in existing apps – there will be developer work required,” he warned. 

Word of a quick hack to Apple’s new Touch ID, the famed fingerprint scan security system, may have taken a bit of the glow off. But, Cutler insisted it will have lasting impact, especially for enterprise IT. “The iPhone 5s’ biometric security is an important enterprise service and will have a vastly greater impact than many will expect,” he said.

“Touch ID attempts to make true security a seamless part of the end-user experience. However, Apple starting out with limited ambitions and is not overreaching, he said. Touch ID is only available on the device and not for third party, SDK, etc. The feature will be gradually rolled-out, starting with consumers and a limited scope. Only after that will the Touch ID roll out open up a bit more,” he said.

Even with that enthusiasm, Cutler admitted the impact of Touch IDC won’t be felt for a while. In fact, even to security-savvy IT staff, Touch ID may look more like a soft launch than a major rollout, Cutler admitted.  “The Touch ID in its current incarnation is a positive first step and Apple will certainly do more with it in the future – they have started with a cautious approach,” Cutler said..

That said, Cutler remains bullish on Touch ID for enterprise mobile. “It’s a step along a journey and a good important first step,” he said. The next steps will be to build more user and IT trust in it. On that score, Cutler expects Apple to be “sensitive about how fingerprint data is stored and backed up.” 


 

Tom Kemp
ceo and co-founder 
Centrify

For Kemp, its’ not just the iOS embedded features, but the APIs and the SDKs devs can use to access them. “iOS 7 introduces a range of new SDK capabilities aimed at enterprise BYOD. But for many of them, it’s  up to the developer to adopt and support these capabilities,” Kemp said. ““iOS 7’s added capabilities make the platform more secure and provides unique proprietary technologies that can be used by third parties, and Apple is serious about the needs and concerns of enterprise, the developer tools are available and exposed for the public.” Kemp said.

Kemp said some iOS 7 security capabilities are so good that it may lead to what he called “a further commoditization of MDM functionality.” He explained it this way: “With iOS 7, the question will be how you deliver the [MDM] functionality, as opposed to making the actual underlying functionality available.”

As an identity vendor, Centrify solutions help IT control who has access to what app or content on what mobile device, He shared an example: “Because Apple added Kerberos support for apps, we can layer on SAML, OpenID, OAuth and other single sign on technologies. So, this is all good stuff to help IT more easily implement policies to give [mobile] users one click access to their apps, including on-premise or SalesForce.com or whatever. We feel good about the direction Apple is going here with this.”


 

Kevin Watkins
cto and co-founder
Appthority
 
One cool feature in iOS 7 that’s not getting enough attention is support for better content management, according to Watkins. “Open In management has the power to help IT stop a major mobile no-no right it its tracks – sharing documents in public cloud services, such as DropBox or Box,” he said.

Open In Management lets IT plug some data leaks, and provides more central control of sensitive data and documents. IT can set which devices or apps can open, update or share a document – and even where those docs can be shared. Watkins described it this way: “Open In provides support for accessing corporate documents, and it wasn’t in iOS before.”

The new feature, which will require some dev programming or third-party product, will work with any app that has the ability to access a document’s content, Watkins said. Moreover, it can enforce security policies at the app level and--  with some tinkering --  it can secure even the content/document level. “This means IT won’t have to apply strict security as an all-or-nothing, where it affects all  users, all devices or all apps. It can be granular and apply to only to those that access [sensitive] documents,” Watkins added. 

This solution could let IT add a new rule that says certain apps or documents would not be able to access cloud-sharing services – no matter if the user wanted to or not. “So, rather than IT having to just say ‘No.’ to any or all uses of DropBox – and hope users follow the rules – we can help IT automate that rule, apply it appropriately and monitor the enforcement,” he added.

Watkins mentioned another way his solution could tap into iOS 7 for another bang-for-the-buck. “We could make a new rule that would be sure to look and see if SSO is enabled inside an app before it was allowed to be launched. We can enforce this rule during testing, so that any app that didn’t support SSO would never get launched, if that’s what IT wanted,” he said.


Conclusion

With iOS 7, IT is seeing the beginning of what many hope will be a close and long embrace of BYOD and enterprise mobility.

There’s no doubt Apple will remain strongly focused on the consumer market, but our experts tell us they see from the iOS 7 features that Apple is also willing to tip its hat to the idea that many iPhone and iPad users are also employees – and they want to use their devices at work-controlled environments.


As one expert told us, “It is the first step in a longer BYOD journey. But, for now, if enterprise IT chooses to leverage these capabilities, and they should, then they will have happier users and a more secure mobile enterprise.”

 




back

Share
Go