Mobile device management vendor MobileIron says iOS 5 streamlines the management of iPhone and iPads and their apps with new security and configuration options. From email security to app security, iOS 5 is a welcome upgrade for IT.
More than a few workers have forwarded corporate email to their personal email. Never mind that a company's user policy strictly forbids this. The native iPhone email app makes it easy to perform this end-around.
Some app developers have tried to get around this via a sandbox approach. For instance, SAP is testing a product that will allow it to send PGP-encrypted confidential email to employees. In turn, employees will be able to decrypt them using a Symantec viewer iPad app, which does not allow forwarding of the decrypted email.
Symantec also recently came up with a all 3G and Wi-Fi outbound Web and email traffic on the iPad through a virtual private network and detection server. The traffic is monitored and inspected using keywords and other detection technologies.
While these solutions sound interesting, CIOs really want Apple to bake some protections into iOS--and it did. With iOS 5, IT can turn off email forwarding so that corporate email cannot be forwarded through a personal account, MobileIron says. IT can also prevent apps from sending email.
"IT can now mandate that all email utilizes S/MIME, providing greater security and ensuring message integrity," wrote MobileIron, in an email to customers on how iOS will impact them.
When asked about data loss prevention on the iPhone or iPad, many CIOs will say that they can remotely wipe devices. While this is true, a data kill switch is a last resort. "By the time you wipe, you're way over the edge," says Aaron Freimark, IT director at Tekserve, a services firm helping Fortune 1000 companies adopt the iPad.
"You want to know who's peeking over the shoulder, who's taking screen shots and emailing them to friends," Freimark told me during a discussion about the . "You can't really lock this down today. You want to be able to wipe one app at a time, or maybe business apps. Employees are not going to like it if you wipe the whole device."
With iOS 5, mobile device management vendors gain more control over the dreaded data wipe. If users delete the mobile device management profile on their devices, IT can force a selective wipe of corporate data that includes email, calendar, contacts and enterprise apps, MobileIron says.
Then there's the gaping iCloud security hole in the sky. In addition to iOS 5, Apple launched its iCloud storage service. Imagine sensitive corporate information stored in iCloud that is tied to an employee's personal account.
With iOS 5, though, IT can turn off iCloud autosync so that device-side data is not synced to iCloud. "IT can now disallow apps from syncing with iCloud or iTunes," MobileIron says.