Does iOS 5 Land IT Back in the Driver's Seat?

user-pic
When Apple released iOS 5, the latest incarnation of its popular iPhone operating system, in October, end users were attracted to the new iPhone 4S with its voice-driven assistant, "Siri." But should enterprises care about iOS 5?

The answer is a qualified yes. The new version further expands IT control over mobile devices. Let's take a look at some of those new iOS 5 capabilities.

Inching Away from iTunes...


Until now, initializing a new iPhone or iPad meant a USB connection to iTunes on a Mac or PC. Worse, each device could sync with just one instance of iTunes (i.e., authorized computer). These restrictions impeded bulk activation and forced IT to rely on iTunes synchronization with each worker's own home or office computer.

Thankfully, any iPhone or iPad with Internet access can now be activated over the air, bypassing iTunes. Alternatively, IT can now run iTunes in "activation only" mode to initialize devices via USB, skipping user-owned music/photo/video synchronization.

While IT can still allow iTunes synchronization, it can now use Active Directory Group Policy Objects (GPOs) to install iTunes "silently" (without user assistance or awareness) onto employee PCs with or without Apple Update and Apple's Bonjour LAN discovery and sharing service. IT can also set registry keys to restrict iTunes. This allows IT, for example, to decide when to enable iOS updates, disable iTunes LAN sharing or block backup onto a user's office computer.

...and Toward iCloud

The reason for Apple's decreased dependency on iTunes? Its iCloud hosting and synchronization service. As Webtorials editorial director Joanie Wexler wrote in an October TechNote, "iCloud to Test Wi-Fi Performance Mettle," iOS 5 recast Apple's MobileMe into a cloud service that auto-syncs each "iDevice" over Wi-Fi. iCloud can sync user contacts and calendars and map a lost device's location. But iCloud takes on several tasks previously performed only by iTunes, including media synchronization, application maintenance and backup.

For enterprises, iCloud is a double-edged sword: a turnkey platform to help meet business needs, but another external service to control and police for leaks. For example:

  • With iOS 5 APIs, applications can save documents and internal state (key values) to iCloud storage and make them accessible to all mobile and desktop devices. These APIs let enterprises develop integrated mobility applications without worrying about cross-device synchronization or backup - but only where iCloud satisfies data security and availability requirements.
  • To that end, iCloud encrypts synchronized content - documents, mail, contacts, calendars, bookmarks, reminders, notes, streamed photos, device location, backup files - using Secure Sockets Layer (SSL) over the air and Advanced Encryption Standard (AES) at rest. However, iCloud access is authenticated by tokens associated with each user's iCloud credentials. Researchers have already raised concerns about this scheme, but it will take time for the security industry to assess its strengths and vulnerabilities.

Augmented App Management

Apple also continues to beef up IT-controlled application delivery: enterprises can now buy public apps from the App Store in bulk.

With the iOS 5 Volume Purchase Program, IT creates an account to buy apps on-line and receives redemption codes to distribute to employees via email, Short Message Service (SMS) or Mobile Device Management (MDM). Users must still visit the App Store to download apps, but no longer submit payment. This eliminates costly and confusing reimbursement programs.

Extended Config Profiles and APIs

IOS5-MDM.jpgIn the near term, enterprises are likely to be concerned with controlling iCloud use. iOS 5 enables some control by extending configuration profiles and native MDM APIs introduced in iOS 4.

Configuration profiles are optionally encrypted attribute lists for iDevice administration. Apple's Configuration Utility can be used to manually generate and install profiles, or profiles can be administered and auto-installed over the air using a third-party enterprise MDM such as AirWatch or Fiberlink MaaS360.

iOS 5 profile attributes can enable/disable iCloud backup, document and key value synchronization, and photo streaming. They can also stop users from downloading apps or music from Apple. However, these attributes do not yet offer the granular control that enterprise IT may want. For example:

  • Users can selectively decide whether to synchronize mail and/or contacts and/or calendars, etc., to iCloud. But for IT, iCloud synchronization is all or nothing.
  • Users can decide whether to sync to iTunes over Wi-Fi. But IT must resort to blocking ports/URLs to control synchronization on the office WLAN.

In short, iOS 5 profiles leave plenty of room for iOS 6 enhanced IT control over both iCloud and iTunes.

Email and Social Media Links: Share securely via email |  |






Join the Webtorials Community
Subscription Maintenance


Featured Sponsors























Webtorials TechNotes

Featured Analysts

Gary Audin, Delphi, Inc.

Michael Finneran, dBrn Associates

William A. Flanagan, Flanagan Consulting

Douglas Jarrett, Keller and Heckman LLP

Jim Metzler, Ashton, Metzler & Associates

Lisa Phifer, Core Competence

Dave Powell, Independent Technical Writer

David Rohde, TechCaliber Consulting LLC

Steven Taylor, Distributed Networking Associates, Inc.

Joanie Wexler, Technology Analyst/Editor


Publisher

Steven Taylor

TechNotes is a special program of Webtorials and Distributed Networking Associates, Inc.

Notices

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2013, Distributed Networking Associates, Inc.