Personal Small Business Enterprise

iOS Security Tips, Part 3: Keeping All iOS Devices Secure

In our three-part series on iOS security, we’ve looked at what employees and companies can do to keep iPhones, iPads and iPod Touches as secure as possible when being used in the workplace.

Now it’s time to look beyond the devices themselves, because security isn’t simply about the hardware that mobile employees carry with them, it’s about the entire IT ecosystem. IT administrators must take into account what other devices employees will be interacting with, what type of data they’ll be accessing and how they’ll be doing it, and where and when that access will occur.

In order to accommodate the growth of iOS use within the workplace, it’s a smart idea for companies to evaluate the security policies and restrictions they already have in place to see if adjustments or enhancements are needed. With this broader focus in mind, be sure to review the following tips as you craft a complete and effective security strategy for all iOS devices:

Implement provisioning. In part two of our iOS Security Tips series, we recommended updating acceptable use policies to outline proper behaviours surrounding iOS device use. Provisioning gives these policies teeth by using mobile device management (MDM) tools to automate, monitor, and control these uses. For example, using the provisioning capabilities of a mobile device management (MDM) tool, administrators can set limits on which apps can and cannot be installed, whether app-level security is required, and how mobile devices can be secured when lost.

Leverage Apple’s Profile Manager. This MDM application is built into OS X Server, and it gives companies a single-vendor foundation for MDM. While Profile Server is a relatively simple tool compared to third-party products, for organizations just getting started with building out iOS management capabilities, it’s an ideal first step.

Categorize apps. Build a list of so-called whitelisted (OK to use) and blacklisted apps (banned from installation) to prevent misbehaving apps from causing support and integrity issues downstream. Virtually all MDM tools allow IT to install, remove, update and manage App Store apps as well as custom-built titles. Enterprise apps can even build in role-based access permissions that are managed by administrators.

Remotely set device limits. With each successive iOS update, Apple has bolstered the ability of companies to remotely manage end-user devices. The just-released iOS7 includes a larger array of device restriction controls, as well as roaming policies for both voice and data services. User accounts can be similarly managed to ensure company devices are following company policy. Administrators can put caps on data usage, block specific URLs from being visited, and ensure company data is transmitted only over a VPN.

Establish lost/stolen device protocols. Companies can easily secure or wipe a stolen or misplaced iOS device, clear a passcode or retrieve unsynced data, all from a centralized monitoring app. Make sure these processes are documented in your acceptable use policies, and ensure your employees are fully trained on what to do if the worst-case scenario happens when they’re on the road.

Get help. You don’t have to do this alone. If you’re looking for assistance in figuring out where to start on securing iOS devices for your business, reach out to a reputable mobility service provider for help.

The bottom line
Keeping your company’s technology infrastructure, your employees and all your organizational data secure amid an accelerating influx of iPhones and iPads in the workplace can be a tall order for any organization. Mobile device management tools and processes – starting with Apple’s own Profile Manager – can help you maximize mobile employee productivity while minimizing the impact of iOS device growth on your IT environment.

What are you doing in your shop to stay ahead of the iOS device wave? Let us know in the comments section.

Let us know what you think

Leave a Reply

Your email address will not be published. Required fields are marked *