Apple made a big splash at its Worldwide Developers Conference in June with its focus on consumer privacy and its plug for a technology known as differential privacy.
But while the company’s promise to forgo creating consumer profiles is important, the announcement was a bit of a yawn for businesses.
Yet, other features of the new operating system, iOS 10, are focused on the needs of enterprises, bringing quite a few security improvements for businesses, according to security experts.
Apple has hardened both the mobile Safari browser and the core kernel of the operating system. In addition, iOS 10 has better integration with enterprise mobility management (EMM) software and includes a number of new features that can make wireless access more secure and prioritize business applications.
All of these changes make iOS a more serious operating system choice for enterprises, Ojas Rege, chief strategy officer for MobileIron, told eWEEK.
“Apple has been definitely been going down the path of better enterprise management, and focusing all the way down to security,” he said. “Every enterprise release gets deeper and deeper functionality.”
This path is not a new direction for the company.
In 2015, Apple introduced a host of enterprise-friendly features with its release of iOS 9. Six-digit passcodes for unlocking the phone offered users the ability to make shoulder surfing and brute-force guessing more difficult.
A revamped user interface for notifying users when they were installing an untrusted enterprise application gave employees better notification of potentially malicious installations. A variety of other changes made iOS 9 friendlier for mobile device management systems to provision and administer, Rege said.
“There are a lot of additional security controls that came out in 9.3,” he said. “Most of the security controls came out with the Spring release.”
With the September release of iOS 10, companies have even more capabilities.
1. Better integration with Enterprise Mobility Management
In the latest release, Apple added more enterprise features including integration with enterprise mobility management (EMM) systems to enforce and override activation locks on the devices and force the device to report its location if it is being actively managed.
In addition, Apple collaborated with Cisco Systems on Fast Lane, a technology that allows companies to prioritize data from specific business apps to speed communications on the network. The changes increased roaming speeds by a factor of eight and reduced browsing failures by 90 percent, according to Cisco.
“IT managers are empowered to simply ‘white list’ or select the apps they want to prioritize over the regular traffic with a simple configuration profile provisioned to the iOS device,” Jeff Reed, senior vice president of Cisco’s enterprise infrastructure and solutions group stated in a blog post about the new features. “When you mark apps for priority, you put the apps that are most critical for your business in the [f]ast lane.”
2. A less dangerous Safari
Previous versions of Safari allowed just-in-time compilation using a virtual memory region that allowed data writing, reading and execution—three functions that are dangerous when put together.
Latest iOS 10 Security Features Help Apple’s Business Case
Now iOS 10 splits the virtual memory into two regions—one writable and one executable—and keeps the location of those regions hidden, according to mobile security firm Lookout.
“It makes it much harder to find the executable region of memory,” said Max Bazaliy, a security researcher at Lookout. “It blocks a common method of exploitation, so attackers are going to have to look elsewhere.”
3. A better patch to protect the kernel
In iOS 9, Apple launched a feature known as Kernel Patch Protection, wherein a low-level function periodically checks the integrity of the operating system kernel. In iOS 10, Apple further hardened KPP against known attacks, making exploitation more difficult.
The focus on minimizing the attack surface area will make iOS a much more difficult target to crack, Bazaliy said.
“This is not just the evolution of software, but the [better integration and] evolution of the hardware,”
4. Software ecosystem becomes more secure
Apple has also made changes to the way developers interact with the app store and requirements for applications to improve security. Apple mandates that all apps be signed by certificates that are remotely checked using Apple’s servers, allowing the company to revoke the certificates of known malicious apps.
In addition, starting next year, Apple requires that developers only download updates and data using encrypted communications. The App Transport Security (ATS) specification uses Transport Layer Security (TLS) version 1.2 to ensure that applications send only encrypted data over the network.
Finally, IT managers can put restrictions on devices that cannot be disabled by employees, such as forcing devices to allow automatic updates.
“What I would speculate is that over the course of the next year, we will see a lot of the new capabilities for enterprise management of devices,” MobileIron’s Rege said. “More than that, they will be opening up more and more capabilities and features for managing the security of your applications.”
5. Employees given more warning about unsecure WiFi
Even the little things can make a big difference, such as clearer warnings when a user is connecting to an unsecure wireless network. Because workers are connecting to business data and networks while on the road and after hours, iOS 10’s unsecure WiFi warning can give users a heads up if they are connecting to an unknown network.
When the device connects to a hotspot not protected by a password, iOS 10 notes that “[o]pen networks provide no security an expose all network traffic.”
Enterprises can go even further, setting restrictions on which hotspots an employee can use while connecting to corporate resources, according to Lookout.
Ever since the iPad came out, companies have been noting workers’ increased reliance on WiFi, so the new tools and greater focus on security are both welcome, MobileIron’s Rege said.
“There is nothing that exposes weaknesses in your WiFi deployment more than to have thousands of iPads out there consuming video,” he said.