Even with workers returning to the office—it might be a trickle or a flood depending on the organization—the shift towards remote work is moving from just a short-term necessity to a long-term reality. That shift has changed the face of business worldwide.

This change makes it more important than ever for IT and Security teams to prioritize endpoint management—in particular for bring-your-own-device (BYOD). This approach is already present in many enterprise organizations and set to grow, but needs to evolve quickly as remote work becomes a new standard.

There are several considerations to make when developing a BYOD policy (or even a corporate-owned, personally enabled device policy). A top priority is data leakage prevention (DLP), i.e., ensuring that sensitive data from mission critical applications does not find its way out of the corporate network. This need for DLP is eclipsed by the simultaneous need for end-user privacy controls and a frictionless user experience.

Register to watch on demand the Apple User Enrollment Webinar for MaaS360

Apple addressed many of these concerns in its iOS 13 release last year through the inclusion of User Enrollment, allowing for a separate partition, on any user device, specifically for corporate data. This partition can be accessed via a Managed Apple ID, while the rest of the device is still governed by a personal Apple ID, ensuring IT can manage sensitive data without gaining visibility into a personal information and activity. 

Apple User Enrollment for Enterprise-Grade BYOD 

User Enrollment, a BYOD-centric approach to iOS device management, was one of the most anticipated enterprise changes in the iOS 13 release and has been on the wish list of industry bloggers for years. Up until iOS 13, non-supervised iOS devices did not have any specific way to differentiate between corporate and personal information clearly, requiring IT to gain access to the entire device in an effort to secure the corporate resources.

Containment in unified endpoint management (UEM), to those unfamiliar, is the creation of a separate sandbox space on a device to secure corporate applications. IBM Security MaaS360, for example, provides its own applications for email, calendar, docs and contacts, allowing organizations to configure their mail server and file repositories to specifically flow into those apps. All content within that ecosystem can be blocked from being taken outside the confines of the “container.”

So, what does User Enrollment do differently, and why is it important?

Simply put, User Enrollment allows for the complete separation of the corporate and personal data on an employee’s personal device.

This presents an alternative to traditional containers since—while containers still enjoy significant popularity among organizations with UEM platforms—the pushback on containment has historically concentrated around the fact that end users do not want to learn an entirely new suite of productivity apps to continue conducting business. A new UI invites the potential for lost productivity due to the troubleshooting of simple issues that typically accompany users learning a new system. This, in turn, can put additional strain on already over-taxed IT and security teams. Additionally, these unfamiliar apps can occasionally be met with suspicion, especially when users are required to download them on their personal devices.

User Enrollment assuages these concerns. While the container is still an option, the primary focus of this new mode is on the native iOS productivity apps. Corporate data being fed into the enterprise iCloud, Notes, calendar, mail, Keychain and other applications is—upon enrollment in a UEM platform via this new method—stored on a separate Apple File System (APFS) volume and encrypted separately from personal data. Once a User Enrollment device is unenrolled, the corresponding data and decryption keys are destroyed.

This is all accomplished by the use of Managed Apple ID. Once a user enrolls in User Enrollment, a managed Apple ID will be associated with all corporate apps and data and will not interact with the personal side of the device. These managed Apple IDs, in most cases, will be federated.

Apple has been very vocal about its security and its commitment to user privacy. User Enrollment truly helps bolster that reputation.

IBM Users Enjoy Enrolling in User Enrollment

Now that we all have a good understanding of User Enrollment and what it accomplishes for organizations, what’s the next step? Well, MaaS360 is announcing its support for User Enrollment to enhance BYOD device capabilities. Covering the full range of features, from Managed Apple ID to enhanced privacy to complete data separation and encryption, MaaS360 is committed to delivering secure UEM with the user experience in mind.

To learn more about how MaaS360 support Apple device and what makes IBM a leader in UEM, please register for this upcoming webcast.

Register to watch on demand the Apple User Enrollment Webinar for MaaS360

More from Application Security

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…