Securing enterprise iOS devices - the new Apple Configurator
Our customers want to have similar configurations across all their iOS (iPad & iPhone) devices. This includes settings like device PIN policies, iCloud backup or not, iCloud document sharing or not, WiFi setup including access point name and secret password, VPN setup including passwords and certificates, Exchange (or other email) server setup, and an initial set of corporate applications. Other stronger restrictions can be set if desired including disabling the ability to add apps, iTune user accounts, disable YouTube access, or even turn off the camera.
The new Apple Configurator now available in the Mac App Store makes these basic tasks very easy and very repeatable, allowing an admin to give the device to a user and let them easily finish up the personal parts of the enrollment such as personal email address and passwords.
I was recently at the CITE conference (Consumerization of IT in the Enterprise) where BYOD in the enterprise was a key discussion topic. Distilling the best practices from the corporate discussions, the following three rules rise to the surface to ensure mobile device security:
1) Have a consistent PIN policy and utilize Exchange & Exchange Active Sync. This allows remote locking and remote wiping of devices.
2) Ensure employees report lost or stolen devices. When a device is lost, first lock the device remotely to give the employee a chance to find it. After a few days, remote wipe the device to protect corporate & personal assets. A remote lock and then a remote wipe encourages people to report lost devices sooner than later as it allows employees time to find them. These remote locking & wiping features are available via Outlook Web Access as discussed in an earlier post so employees could take these precautions themselves.
3) Have employees sign an agreement that ensures they & you follow these guidelines when using a mobile device for work. This ensures you have permission to erase their device and they understand you are balancing corporate security with preservation of their personal data.
Apple’s new Configurator makes rolling out iOS devices easy and if you don’t have a Mac in your corporation, buying one simply to use the Configurator will save you significant time and effort ensuring a consistent iOS security profile across all your users.
