Apple has introduced a guide to iOS security, which was posted
to Apple.com sometime in late May, but is just now being noticed
outside the Apple developer community. The publication is notable
because it’s the first time Apple has published a comprehensive guide
intended for an I.T. audience. (Apple’s developer-friendly documentation
on security matters is easy to spot, however).
The new guide includes four sections dedicated to topics like system
architecture, encryption and data protection, network security, and
device access.
In reading the introduction, it’s clear that the guide’s intention is
to better help corporate I.T. understand the security environment with
iOS devices, including iPhones, iPod Touches, and iPads. It’s important
that these details are documented in language I.T. understands as more
and more businesses allow personal devices on their network and
implement their own BYOD (bring your own device) programs.
To this point, the report begins:
“Apple designed the iOS platform with security at its core. Keeping information secure on mobile devices is critical for any user, whether they’re accessing corporate or customer information or storing personal photos, banking information, and addresses….
For organizations considering the security of iOS devices, it is helpful to understand how the built-in security features work together to provide a secure mobile computing platform.”
While some may imagine the guide to be an example of Apple’s
increasing openness (on matters not related to new products, that is…),
much of the information contained in the guide is not new at this point
in time. It has simply been repackaged for a different audience.
However, detailed in the guide are things like how the code-signing
process works and ASLR (address space layout randomization) works in
iOS, which had previously been outed by security researchers prior to
Apple’s reveal.
Another I.T.-friendly tidbit includes a list of items which
administrators can restrict using configuration profiles within their
Mobile Device Management solution. For example, Siri (as IBM recently did),
plus FaceTime, the camera, screen capture, app installs, in-app
purchases, Game Center, YouTube, pop-ups, cookies and more. Users may
have more freedom of choice in terms of devices they use for work than
in years past, but corporate I.T. is now adapting so it can deliver the
same level of protection it once did it the BES/BlackBerry era…or, as an
end user might tell you – the same level of lockdown. (What, no YouTube
at work? No fair.)
The full guide is available here. (PDF)
No comments:
Post a Comment