The enterprise has officially welcomed iOS devices, simultaneously embracing both their operational benefits and inherent security risks.
Although Apple products are popular among employees and have a reputation for security, they – like all mobile devices – are not entirely safe for enterprise use. The operating system is not immune to malicious apps, and IT can’t count on inherent device security to protect the organization’s information assets.
For secure use within the enterprise, we recommend implementing an Managed Mobility Services (MMS) solution that specifically addresses iOS devices. To that end, here are four best practices for Apple device management:
Manage and secure iOS applications
In November 2014, the U.S. Government Computer Emergency Response Team (CERT) announced that enterprise iOS malware can be spread through phishing attacks and that malicious apps may steal login credentials, access sensitive data, gain root privileges to the device, and be indistinguishable from a genuine app.
To mitigate the risks associated with malicious and insecure apps, the enterprise needs to assess each application on an individual basis, detect and control usage, and blacklist risky apps like Dropbox, Google Drive, and SkyDrive. We also recommend maintaining control over app usage by leveraging a secure enterprise app store or catalog.
Enforce robust security measures
Strong security measures are necessary to best protect Apple devices and networks. Although specific policies will vary according to industry, we recommend blocking iCloud sync, requiring alphanumeric passwords, enforcing data encryption, controlling app usage based on Wi-Fi networks, and blocking the use of certain functions – including copy/paste, location services, camera, SMS, email, iCloud, and the microphone – based on access policies and device location.
Implement device management policies
IT should be able to centrally deploy, manage, and configure iPhones, iPads, and the Apple Watch. In addition, we recommend remotely wiping lost or stolen devices, automatically wiping devices after a set number of failed unlock attempts, and implementing location services that identify device coordinates in real-time and enforce access policies accordingly.
Test Apple updates and continually modify EMM policies
It’s critical to enterprise security that organizations test iOS software and application updates before deploying them to end users. We recommend leveraging restricted software that prevents users from updating on their own, while the organization assesses potential vulnerabilities and adjusts Enterprise Mobility Management (EMM) policies to account for new versions.