Apple users of the world, 13 is your lucky number: iOS 13 has arrived! This new iteration of Apple’s mobile operating system brings a slew of changes, both consumer-focused and enterprise-grade.

How will iOS 13 impact your organization’s device management strategy, and what should users expect on their devices, whether bring-your-own-device (BYOD), choose-your-own-device (CYOD), corporate-owned or anything in between?

Before we dig into what’s new, let’s briefly review the history of iOS in the enterprise.

Join experts from IBM on Oct. 3 at 2 p.m. ET to learn how iOS 13 is impacting Apple device management in the enterprise. Save your seat!

Going Apple Picking: iOS Devices and Device Management

The year was 2010. Apple had released iOS 4, and with that release came a novel idea: over-the-air (OTA) enrollment of iOS devices into the consoles of a burgeoning new technology — mobile device management (MDM). While MDM has evolved into the more robust unified endpoint management (UEM), at the time these platforms enabled businesses to become more mobile, allowing employees to do work on any device beyond the typical laptop, desktop and BlackBerry setup.

At the time, this new Apple technology allowed organizations to remotely lock, locate and wipe iOS devices as well as push down necessary applications. This core feature set expanded with each subsequent operating system update while adding control over iCloud backup, containment of corporate data for company-owned and BYOD use cases. The development of the supervised mode feature, better known now as the Device Enrollment Program (DEP), allowed IT administrators to exercise tighter control over corporate devices, from disallowing personal Apple IDs and settings to locking a device down with application blacklisting, whitelisting or single app kiosk mode.

Apple Applies Appropriate App Management Updates

Apple has made it easier for an organization to distribute its corporate applications to users — both enrolled in UEM and not. This latest OS update extends iOS’s previous single sign-on (SSO) capabilities to now integrate biometric checks such as Touch ID with an organization’s existing identity platform.

Identity and access management (IAM) is a hot topic in the context of a modern digital transformation, and we will further explore Apple’s new approach to SSO. But before a user can be granted access, a corporate app needs to be distributed to a device.

Corporate App Distribution

During the  infancy of Apple’s MDM technology, an organization with its own enterprise apps would be required to upload that application into a UEM platform, sign for it, then distribute it to appropriate users. Apple improved this workflow via its B2B App Store and in-house apps. During the 2019 WWDC, Apple further improved this process with Custom Apps Distribution—a new model that allows for organizations to use the Apple App Store’s infrastructure as the means of app distribution.

Rather than an enterprise having to sign and host the app, Apple will instead review the app, approve it and make it available to that enterprise’s employees once they enroll in a UEM or via a redemption code for unenrolled users. This takes away the pain often associated with giving users access to internal apps. Plus, it opens up the door for one-off sharing of enterprise apps, giving contractors access without needing full device management.

Apple Single Sign On in iOS 13

Now that we’re all educated on the journey of an app from cloud to device, it’s time to expand on SSO in iOS 13. Previously, SSO on a managed device and application was accomplished by linking an organization’s Security Assertion Markup Language (SAML)-based identity solution with its existing UEM platform. Users would then need only one set of credentials across all applications within their  organization.

It’s an exceptionally popular strategy in 2019, and most organizations — from small businesses, to mid-market, to enterprise-level — have installed some form of an identity tool.

Apple has followed the SSO trend with the release of its brand new SSO extension available in iOS 13 that allows any application or webpage to be integrated with an existing identity provider to now allow for authentication via biometrics. It can be argued that biometric authentication is more secure than passcodes, as passcodes come with the risk of being phished or written down on a sticky note for all to see.

Beyond a secure way of granting access, the update also aligns with Apple’s mission to effectively enable end users. This translates well to the enterprise because it keeps data secure while simultaneously providing a frictionless experience. Apple continues  to make strides in limiting the pain points an organization may experience when adopting an Apple device management strategy and identity management posture.

Learn How to Get the Most Out of Your iOS 13 Deployment

Another way to limit that pain is via a leading UEM platform that is equipped to not only support the changes presented in iOS 13, but also to provide a pathway to SSO.

Don’t just take my word for it, though. On Oct. 3 at 2 p.m. ET, join experts from IBM Security’s product and marketing teams as they take a deep dive into iOS 13, iPadOS and macOS Catalina and discuss how enterprises can make the most of this new Apple frontier.

Register for the webinar to learn more.

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today