Tip

Getting to know iOS 7 MAM: iCloud keychain, per app VPN and more

Apple Inc.'s iOS 7 includes MAM features such as per app VPN and a new iCloud keychain to improve security and make iPhones and iPads more palatable for the enterprise.

Mobile application

    Requires Free Membership to View

management (MAM) takes a more granular approach to device management, focusing on specific applications and their data and how they access the network. Because it's a less invasive approach to controlling corporate data than mobile device management, MAM can be a useful tool for organizations and users alike. MAM also reduces the complexity of implementing application-level policies. Check out this list of iOS 7's MAM capabilities:

Application data protection. Apple iOS 7 automatically encrypts each App Store application's data. This data protection is tied to the passcode of the device. All users need to do to activate this extra layer of protection is enable a passcode on their iOS devices.

Managed "open in." This is a feature that allows IT to modify an iOS 7 device's profile to restrict which applications that data can be opened in. This prevents an untrusted or unauthorized application from gaining access to and potentially leaking private data.

It's important to distinguish between managed applications from the App Store and the unmanaged system applications that are built into iOS, such as the native mail and photo apps. IT cannot restrict users from going into their native photo application to send an image as an email attachment. But in a managed application, admins can restrict applications such as Dropbox from opening a file in any other application, such as Quickoffice.

Per app VPN. IOS 7 allows each application to have its own virtual private network (VPN) connection, which keeps the app isolated from other potentially untrustworthy applications on the same device. Per app VPN is very effective in combination with the new app-level data protection. Additionally, per app VPN can be on-demand, so the app connects to the VPN whenever the user opens the app. Encrypting the application's network traffic to and from the organization's private data stores mitigates the risk of Wi-Fi eavesdropping.

ICloud keychain. Starting with iOS 7.0.3, Apple added a hosted encrypted store of user IDs, passwords, Wi-Fi keys and credit cards. These are replicated to Apple's iCloud service and can be replicated to other iOS devices as well as Macs running OS X 10.9 (also called Mavericks). This feature is optional, and users can enable it with the setup assistant when they download the OS update. They can also turn it on from iOS Settings->iCloud >Keychain On. Apple has enabled the Safari Web browser to use the iCloud keychain, and third-party app developers can also use it.

Enterprise single sign-on. Between applications, iOS 7 now allows for a configurable shared keychain. If several internal business apps use a common authentication mechanism instead of having each app require a separate login, they could trust a single sign-on.

IT can set up many of these new MAM features using free tools such as Apple Configurator software on a Mac OS X computer or the iPhone Configuration Utility for Windows (which also works for iPads).

These utilities can readily edit the configuration profiles of iOS devices and deploy them. Other MAM features such as Enterprise SSO require app development to use.

Although iOS 7 offers more MAM capabilities for admins, companies with larger deployments may want to invest in a third-party MAM tool. Many MAM vendors have either shipped iOS 7-capable tools or are soon adding iOS 7 compatibility to their products.

This was first published in October 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.