It took a while, but Apple is taking enterprise IT more seriously.
Apple announced updates to iOS 7.1, scheduled for later this month, and programs to streamline large-scale device deployments, simplify mobile device management, beef up security and improve app purchasing and distribution for business.
MDM for mass deployments
Bringing some transparency to BYOD environments, enterprise employees can get up and running on their iPhones and iPads right out of the box — even enrolling in MDM themselves and opting in or out of enterprise services.
But the big news is that IT organizations that need greater control over company-owned phones and tablets can sign up for the new Device Enrollment Program (ADEP) and automate the MDM process remotely, regulating or locking the enrollment process if necessary.
Policies, settings and apps can be pushed out over the air, eliminating the need for hands-on involvement from IT — saving time and freeing up staff to focus on mission-critical projects.
Enterprise-Class Security Upgrades
With iOS 7.1, Apple signs and verifies every step of the device boot-up process. Third-party applications automatically get sandboxed to prevent interaction with other files on the device in addition to the hardware and must be signed with an iOS Developer Program certificate (native applications are signed by Apple, of course).
Apple also has taken steps to ensure that only code authorized to execute on the device actually does, by leveraging Execute Never (XN) by ARM which designates parts of the flash code as non-executable. Enterprises that want to build their own in-house apps will need to install a provisioning file, available through the iOS Developer Enterprise Program.
In addition to building AES 256-bit encryption into iOS 7.1, Apple is giving app developers access to encryption APIs such as AES, RC4, or 3DES for enhanced data protection. iOS 7 is also is FIPS 140-2 compliant and cleared for use by the federal government. File Data Protection secures data stored in flash memory on the device while Keychain Data Protection offers secure storage for passwords, login tokens and keys.
Buy a Bushel
Apple’s also making it easier for enterprise to buy apps and other content en masse through its Volume Purchase Program (VPP) for Business. Enterprises interested in custom iOS applications (free or paid) tailored to their specific business needs can work with third-party developers, who deliver the finished app through the VPP. Only the enterprise that commissions the app has access to it.
Enterprises have options for distributing apps and content to employees, either through redeemable codes or via third-party MDM programs. When a user no longer needs access to a particular application, the app can be reassigned to another employee, otherwise app privileges are simply terminated.
Immediate Vendor Support
Some of the industry’s biggest MDM vendors have already announced their support for Apple’s enterprise-friendly device enrollment offering. Absolute Manage 6.4.2 has been updated to enable zero-touch iOS deployments.
"Portland Public Schools worked closely with the development teams at Apple and Absolute Software to pilot the ADEP process. The ability to provision iPads over the air will significantly reduce the amount of time spent physically preparing iPads, allowing our school-based staff to focus on other meaningful work," Jonathan Vail, user experience management lead at Portland Public Schools said in a statement. "Additionally, applying permanent management profiles will increase security and maintain desired configurations for each device."
AirWatch by VMWare is also ready to manage iOS 7.1 devices when the operating system update is fully released. "Businesses and educational institutions can immediately leverage the new capabilities from iOS 7.1 and the Apple Device Enrollment Program to streamline their deployments and enable persistent device management," said John Marshall, senior vice president and general manager of AirWatch by VMware. "We worked closely with several of our customers to pilot the Device Enrollment Program, and we know organizations are excited to take advantage of these enhancements."