iPhone Life magazine

Device Security at Work


What security and device management options are available to businesses?


Apple has continuously improved device security and manageability over the last few versions of the iPhone OS. Now with iOS 4, there are more security options and capabilities than ever before.


Exchange ActiveSync and iOS 4


Apple started to get traction with business customers with iPhone OS 2.0 when they first licensed Exchange ActiveSync from Microsoft. It provided iPhone users with out-of-the-box support of push e-mail, calendar, and contacts, added remote wipe capability, and included basic security policy enforcement. In the months since, the other leading messaging vendors, both IBM Lotus Notes and Google Apps, also licensed Exchange ActiveSync so they could also support the iPhone, iPod, and iPad.


Now with iOS 4, even more Exchange ActiveSync security and management capabilities are provided, along with a very rich set of additional security and device management Application Programming Interfaces (APIs). This allows businesses to build their own custom security and management systems, and creates opportunities for third-party software vendors to offer rich solutions that can extend the capabilities of Exchange ActiveSync (as well as provide similar capabilities independent of Microsoft Exchange). Let's take a quick look at some of the leaders in the third-party software space for security and management of iOS devices.


AirWatchAirWatch (air-watch.com) provides an extension and centralized cross-platform device management console that sits on top of Microsoft Exchange. In addition, it offers services designed for the over-the-air device enrollment and configuration capabilities of iOS. One unique AirWatch feature is the ability to track a specific iPhone's real-time location by installing the AirWatch MDM Agent app (free, app2.me/2939) on enterprise iPhones. AirWatch is offered as hosted Software-as-a-Service, installed as software on a server behind your firewall, or on a physical appliance placed behind your firewall.


MobileIronMobileIron (mobileiron.com) also provides enrollment, provisioning, security policy enforcements, and device management that both sits on top of Exchange ActiveSync and extends it by implementing some of Apple’s enrollment and management APIs in iOS. This capability is provided by installing a physical appliance on your network behind your firewall. MobileIron also offers the ability to install a free app (app2.me/2940) that allows your users to test cellular and Wi-Fi performance that can be tracked over time as well as report dropped calls that can be mapped and analyzed. Additionally, a very rich iPad client (app2.me/2941) allows IT and security staff to monitor all mobile device activity connected to your network, track devices and users, and block or wipe offending, lost, or stolen devices.

AfariaSybase (sybase.com/products/mobileenterprise/afaria) provides Afaria security and device management capabilities to enterprises. It offers a complete end-to-end solution without requiring Exchange ActiveSync in the corporate environment. It accomplishes this by leveraging Apple's new device management APIs and capabilities in iOS 4. The platform allows devices to be enrolled, provisioned, and configured, and even lets them accept over-the-air deployment of custom in-house apps. The Afaria client portal gives users the ability to view not only the in-house apps that they have access to, but also links to all the approved or recommended apps in the Apple App Store.


TrustDigitalTrust Digital (trustdigital.com) offers a suite of products that both leverage and extend the capabilities of Exchange ActiveSync. To help accelerate and simplify user enrollment, Trust Digital offers an app (app2.me/2942) that automates the enrollment and configuration process. One of Trust Digital’s unique features is a patent-pending bonded policy compliance process that performs a check to ensure that all iOS devices are configured according to enterprise policy before allowing a connection to the Exchange ActiveSync server.


Implementing a mobile security


Security is never a simple proposition, but the recent influx of large numbers of personally-owned mobile devices into the enterprise environment has made it even more complicated. With Apple's steady improvements and the new products from third-party vendors that leverage these capabilities, IT will continue to get better options for mobile security and device management. Nothing will ever be perfectly secure, but these solutions are certainly a step in the right direction.