As iOS device and app capabilities proliferate year on year, it has become unarguably essential in the enterprise world for employers to easily configure and supervise the mobile devices issued by the enterprise to the employees. In the past, chunks of costly IT man-hours have been whiled away unboxing and configuring every single device with the required apps, all the account settings and installing the right level of restriction.
The benefits of this costly process can become obsolete very quickly however, as iOS updates deliver more detailed functionality and the app selection expands. Those teams of trusted professionals then need to get working yet again on filtering through the features that are appropriate for a business user and start the process again.
CWSI, in partnership with Compub, are delivering a total hardware and software security solution for true enterprise-grade, mobile device management with the delivery of the Apple Device Enrollment Program (DEP). At CWSI we leverage Apple’s DEP to ensure optimal device configuration and supervision across a corporation’s full range of Apple devices. Mobile device supervision and configuration for iOS is managed via a centralized online hub giving full flexibility to enterprises to completely customize the level of restriction that’s right for them.
Examples of restrictions available to enterprises are:
- Global network proxy for HTTP
- Allow iMessage
- Allow removal of apps
- Allow manual installation of configuration files
- Allow conﬁguring restrictions
- Allow pairing to computers for content sync
- Allow account modification
- Allow cellular data settings modification
- Allow Erase All Content and Settings
- Enable Siri Profanity Filter
The DEP is crucial in helping enterprises to manage security aspects which can typically cause security issues, especially if devices are reissued or are distributed as part of a subsidised device program. CWSI recommends using DEP to achieve certain security minimums to combat security issues, mitigate risk, reduce costs and improve business process efficiency:
Password History: iOS has a native password and autofill restriction option, which can be easily enabled or disabled. Disabling these options minimizes the risk of sensitive data being copied or forwarded inappropriately using stored passwords or autofill information and ensure passwords are not stored on the mobile device and restrict details an outsider might use to access organizational data.
Disable Diagnostics And Dev Features: iOS provides mobile device users with the capability to disable sharing diagnostic data, such as crash data history and statistics, with Apple servers. Apple operates a policy to share this information with iOS developers so that they can improve apps in the App Store. Disabling this function provides users with added security, in case the crash reports and stats shared included any sensitive or confidential enterprise data.
Encryption: iOS has an encryption feature supporting S/MIME encryption to send encrypted mails and messages. The feature can be enabled on iOS in the advanced account settings option for emails, which encrypts emails by default when enabled. When the recipient is within the sender’s Exchange network, this feature gathers the recipient’s certificate and encrypts the emails. If the recipient is not an Exchange account user, a certificate is required to be installed on the device to make the message encrypted.
Privacy: Enterprises these days often have a plethora of more stringent measures for privacy, and a device with the organization’s data is required to be fortified against security risks. Users can easily deny or disable all the permissions requested by an application. This built-in feature gives enterprise control over application behavior by restricting application access to all the sensitive information available on the device and connected media.
Remote Wipe: iOS devices, when configured on DEP can be wiped easily if they are lost or stolen.
Geolocation: Geolocation can also be used by organizations as a means to monitor the whereabouts of lost or stolen devices.
App Store Restrictions: iOS can restrict users from installing unwanted applications that may compromise sensitive enterprise data on the device. The built-in restriction, when disabled, disallows users from installing new applications or deleting the ones previously installed. The feature also disables in-app purchases from the App Store, as well as iTunes, iBook, and any podcasts on the device.
Contact CWSI to find out how we can establish your Device Enrollment Program and give you stronger controls with less hassle over your enterprise iOS devices.