The answer is a qualified yes. The new version further expands IT control over mobile devices. Let's take a look at some of those new iOS 5 capabilities.
Inching Away from iTunes...
Until now, initializing a new iPhone or iPad meant a USB connection to iTunes on a Mac or PC. Worse, each device could sync with just one instance of iTunes (i.e., authorized computer). These restrictions impeded bulk activation and forced IT to rely on iTunes synchronization with each worker's own home or office computer.
Thankfully, any iPhone or iPad with Internet access can now be activated over the air, bypassing iTunes. Alternatively, IT can now run iTunes in "activation only" mode to initialize devices via USB, skipping user-owned music/photo/video synchronization.
While IT can still allow iTunes synchronization, it can now use Active Directory Group Policy Objects (GPOs) to install iTunes "silently" (without user assistance or awareness) onto employee PCs with or without Apple Update and Apple's Bonjour LAN discovery and sharing service. IT can also set registry keys to restrict iTunes. This allows IT, for example, to decide when to enable iOS updates, disable iTunes LAN sharing or block backup onto a user's office computer.
...and Toward iCloud
The reason for Apple's decreased dependency on iTunes? Its iCloud hosting and synchronization service. As Webtorials editorial director Joanie Wexler wrote in an October TechNote, "iCloud to Test Wi-Fi Performance Mettle," iOS 5 recast Apple's MobileMe into a cloud service that auto-syncs each "iDevice" over Wi-Fi. iCloud can sync user contacts and calendars and map a lost device's location. But iCloud takes on several tasks previously performed only by iTunes, including media synchronization, application maintenance and backup.
For enterprises, iCloud is a double-edged sword: a turnkey platform to help meet business needs, but another external service to control and police for leaks. For example:
- With iOS 5 APIs, applications can save documents and internal state (key values) to iCloud storage and make them accessible to all mobile and desktop devices. These APIs let enterprises develop integrated mobility applications without worrying about cross-device synchronization or backup - but only where iCloud satisfies data security and availability requirements.
- To that end, iCloud encrypts synchronized content - documents, mail, contacts, calendars, bookmarks, reminders, notes, streamed photos, device location, backup files - using Secure Sockets Layer (SSL) over the air and Advanced Encryption Standard (AES) at rest. However, iCloud access is authenticated by tokens associated with each user's iCloud credentials. Researchers have already raised concerns about this scheme, but it will take time for the security industry to assess its strengths and vulnerabilities.
Augmented App Management
Apple also continues to beef up IT-controlled application delivery: enterprises can now buy public apps from the App Store in bulk.
With the iOS 5 Volume Purchase Program, IT creates an account to buy apps on-line and receives redemption codes to distribute to employees via email, Short Message Service (SMS) or Mobile Device Management (MDM). Users must still visit the App Store to download apps, but no longer submit payment. This eliminates costly and confusing reimbursement programs.
Extended Config Profiles and APIs
In the near term, enterprises are likely to be concerned with controlling iCloud use. iOS 5 enables some control by extending configuration profiles and native MDM APIs introduced in iOS 4.
Configuration profiles are optionally encrypted attribute lists for iDevice administration. Apple's Configuration Utility can be used to manually generate and install profiles, or profiles can be administered and auto-installed over the air using a third-party enterprise MDM such as AirWatch or Fiberlink MaaS360.
iOS 5 profile attributes can enable/disable iCloud backup, document and key value synchronization, and photo streaming. They can also stop users from downloading apps or music from Apple. However, these attributes do not yet offer the granular control that enterprise IT may want. For example:
- Users can selectively decide whether to synchronize mail and/or contacts and/or calendars, etc., to iCloud. But for IT, iCloud synchronization is all or nothing.
- Users can decide whether to sync to iTunes over Wi-Fi. But IT must resort to blocking ports/URLs to control synchronization on the office WLAN.
In short, iOS 5 profiles leave plenty of room for iOS 6 enhanced IT control over both iCloud and iTunes.