Keeping corporate email secure
One challenge to iOS in the enterprise is that its native Mail app supports personal email accounts (including all the major free hosted mail services like Gmail and Yahoo Mail) as well as enterprise accounts like Exchange. With this mixed approach, users could easily forward mail to personal addresses, respond to corporate emails from personal accounts, and send emails generated by iOS apps (like the Photos app) from corporate accounts.
iOS 5 resolves this issue by allowing IT to prevent apps beyond Mail from accessing corporate email accounts, along with preventing users from forwarding or moving their corporate email to personal mailboxes.
Volume app purchases and management
By far the biggest enterprise addition in iOS 5 has to be the ability for companies to make volume purchases from the App Store and then make those apps available to users.
Getting business apps onto iOS devices has been a big challenge since the App Store went live three years ago. Until recently, the only option was to have users purchase or download apps manually using their own iTunes accounts (possibly with company reimbursements or through iTunes gift credits). This approach was far from streamlined and even opened the prospect of users taking an app and all of its data with them when they left a company.
Apple's volume purchase plan resolves that issue by allowing organizations to purchase apps for deployment to user devices. The MDM service in iOS 5 even goes a step further by letting administrators manage volume purchased apps on devices -- which means they can wipe any corporate-bought apps and associated data from employee-owned devices at any time. This also combines well with the ability provided by almost every MDM vendor to create an internal app storefront containing both internally developed and App Store apps.
A few other useful tidbits
iOS 5 offers a few other useful enterprise abilities worth noting. These include:
- Configuring Web proxies
- Specifying whether certificates from untrusted sources can be accepted
- Limiting the wireless networks a device can join automatically
- Limiting data and voice roaming (and specifying whether iCloud data sync can occur while roaming)
- Querying managed devices for battery life information
- Enforcing the use of S/MIME in Mail
- Notification if a user disables MDM management profiles on a device; some vendors allow automatic deletion of corporate data and volume-purchased apps
The BYOD dilemma
It's pretty clear that Apple is taking the enterprise seriously with the management capabilities it's built into both iOS 4 and iOS 5. Those capabilities and the 200-plus new user-oriented features make iOS 5 attractive to businesses.
Those management features also highlight the ongoing challenges of employee-owned devices in the workplace. While it's possible to prevent iCloud sync or backup, that removes important features for iPhone and iPad owners who bring their devices into the office. The same can be said of many of the other management features available in iOS (and other platforms).
Apple has struck some balance by allowing organizations to provide and remove volume purchased apps, along with general corporate data like email and shared contacts and calendars, without affecting user data and content. That's a help, but it's clear that there's still a ways to go in balancing the professional and personal use of employee-owned technology -- whether that technology comes from Apple or another manufacturer.
The upshot is that while iOS 5 offers a variety of useful technologies for users, and a number of much-needed management tools, IT shops need to be smart about rolling out the new OS and the iPhone 4S.
Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to Peachpit.com. Faas is also the author of iPhone for Work (Apress, 2009). You can find out more about him at RyanFaas.com and follow him on Twitter (@ryanfaas).