iOS 9 Talking Points

iOS 9 makes iOS 8 apps easier to secure and deploy to the enterprise.

  • Apple said iOS 8 was "the biggest release for developers since the introduction of the App Store."
  • He biggest value of iOS 9 for enterprise customers will be to make the new class of apps iOS 8 enabled easier to secure and deploy to employees.
  • For example (we’ll get into this more later):
    • No longer need the app store (deployment).
    • Trusted installation. No longer lose app data thru AirDrop (data‐at‐rest).
    • Secure UDP app traffic (data‐in‐motion).
  • Apple is committed to winning in the enterprise. It has been grooming iOS for businesses since iOS 4 with XY feature. Apple listened to its enterprise customers and is fine‐tuning features to remove long time security and deployment challenges. With these latest updates, iOS has a rock‐solid security foundation for enterprises.
  • 80% of devices under MobileIron’s management run iOS.

iOS 9: greater than the sum of its parts.

  • Ever since mobile iOS devices were first introduced to the enterprise, IT admins have had to figure out how to securely manage them while fulfilling ad hoc demands from both the business and end users.
  • Giving employees enough flexibility to stay productive on their mobile devices without putting business data at risk has been a constant balancing act — one that has often forced IT to develop their own tools and workarounds to keep everyone happy and business data secure.
  • iOS 9, combined with an enterprise mobility management (EMM) platform, greatly simplifies the complex, backend security and management work for IT so end users can have a more seamless and effortless experience on their devices.
  • Key themes for iOS 9 include app security, ease of app deployment, and usability.

Distribute and update apps without the App Store

  • Before iOS 9, IT organizations that wanted to distribute corporate apps without enabling the App Store on employee devices faced several challenges.
  • Typically, an admin would enable the App Store just long enough to deploy the necessary business apps (in the middle of the night, for instance). The admin would then run a report to make sure all the required employees received the app. Once the app deployment was complete, the admin could disable the App Store again. Not only was this a time‐consuming process, it also created a security gap while the App Store was enabled on employee devices.
  • iOS 9 eliminates this problem by allowing IT to completely disable the App Store and instead deploy apps through the EMM server or Apple Configurator 2 (the new version released with iOS 9).
  • IT can silently push apps through the EMM serv via “Send Message” on supervised devices or assign the apps through Label and the end user can install the apps via the Web Clip – Apps@Work.
  • These new app deployment capabilities let organizations decide at a granular level which apps employees can leverage. With these application management capabilities, iOS 9 narrows the playing field for mobile application management (MAM). This is another nail in the coffin for MAM‐only providers.

New device restrictions close iOS security gaps.

  • In iOS 9, Apple added new device restrictions to help IT admins easily close some of the few remaining security gaps on iOS devices.
  • For example, AirDrop, which is Apple’s tool for wirelessly transferring data between devices, was a potential source of data loss in the enterprise in previous iOS versions. In iOS 9, AirDrop can be treated as an unmanaged destination so users can’t transfer corporate data to it from managed apps.
  • Apple has started to move to six‐digit passcodes for iPhones and iPads equipped with a Touch ID sensor. Note that only the Simple Passcode feature changes in iOS 9; IT can still require a more complex passcode. The passcode requirement can also be turned off, but if it is enabled, it will have to contain six digits going forward. While this feature is great for overall device security, IT should expect questions from mobile employees accustomed to four‐digit passcodes.

Apple improves network security with per-app VPN and networking improvements.

  • Apple announced three new enhancements for per‐app VPN, which are designed to give enterprise IT more control over network traffic. They include:
  • Support for UDP traffic. UDP traffic will now be supported with the current per‐app VPN implementation. This is a big win for apps that require UDP in order to stream audio or video because it will improve the security of those communications and the usability of VoIP technology in general.
  • A per-app VPN connection can be established at layer 3. Prior to iOS 9, the per‐app VPN network connection was determined by the underlying network settings that were already established. In iOS 9, a network admin can now define specific network routes and DNS settings that a managed app will use when making the per‐app VPN connection, which gives network admins far more control over the network traffic that a managed app uses.
  • EMM vendors can now manage security issues such as DNS resolution at layer 3. This improves security because it allows the EMM provider to maintain more control over network traffic.
  • In addition, in iOS 9 the builtin IPSec clients (IKEv1 and IKEv2) can be used to manage perapp VPN connections. This allows customers to use some existing VPN solutions.
  • New network usage rules. iOS 9 gives admins greater control to define how managed apps can use the network. For example, admins enforce a network usage rule that prevents specific managed apps, such as Netflix, from using cellular or roaming. This capability is only available on supervised devices.

iOS 9 offers a secure user experience with Trust UI.

  • iOS 9 introduces a new trust UI that makes it easy for users to know when they are installing an app from a new, authorized enterprise developer. This is made possible with a new interface that allows end users to trust the certificate used to digitally sign in‐house apps. This means users will no longer be prompted with a message asking them if they trust the app developer – which often confuses enterprise users when they try to install corporate apps.
  • The new trust UI also prevents users from installing apps from unauthorized developers on managed devices. Although IT won’t be able to block unmanaged apps on employee‐owned devices, iOS 9 will allow IT to prompt users with a warning that adds an extra step to enabling an unmanaged app.
  • With EMM‐managed apps, users won’t see the new trust screen at all. Because EMM in‐house applications are implicitly trusted, they are automatically and silently installed on managed devices. Apple is leveraging its ecosystem to help enterprises to scale mobility through apps like never before.
  • Apple listened to its enterprise customers and is fine‐tuning features to remove long time app security and deployment challenges. Today, iOS has a rock‐solid security foundation for enterprises.
  • The next step for Apple in the enterprise is to leverage its ecosystem to help customers deploy mobility at scale. Apple partnered with IBM to deliver MobileFirst apps for iOS that connect users to big data and analytics right on their devices. We saw the latest wave of these apps released in July, bring the total number of apps built for enterprises under the partnership to 32.
  • In May, we announced MobileIron OneTouch, a new solution that will transform the way that companies adopt apps. OneTouch will be the only solution to deploy and secure iOS business apps out‐of‐the‐box.
  • Organizations of any size will be able to get up and running with a sophisticated mobile apps program in a matter of days, not months.