Apple users of the world, 13 is your lucky number: iOS 13 has arrived! This new iteration of Apple’s mobile operating system brings a slew of changes, both consumer-focused and enterprise-grade.

How will iOS 13 impact your organization’s device management strategy, and what should users expect on their devices, whether bring-your-own-device (BYOD), choose-your-own-device (CYOD), corporate-owned or anything in between?

Before we dig into what’s new, let’s briefly review the history of iOS in the enterprise.

Join experts from IBM on Oct. 3 at 2 p.m. ET to learn how iOS 13 is impacting Apple device management in the enterprise. Save your seat!

Going Apple Picking: iOS Devices and Device Management

The year was 2010. Apple had released iOS 4, and with that release came a novel idea: over-the-air (OTA) enrollment of iOS devices into the consoles of a burgeoning new technology — mobile device management (MDM). While MDM has evolved into the more robust unified endpoint management (UEM), at the time these platforms enabled businesses to become more mobile, allowing employees to do work on any device beyond the typical laptop, desktop and BlackBerry setup.

At the time, this new Apple technology allowed organizations to remotely lock, locate and wipe iOS devices as well as push down necessary applications. This core feature set expanded with each subsequent operating system update while adding control over iCloud backup, containment of corporate data for company-owned and BYOD use cases. The development of the supervised mode feature, better known now as the Device Enrollment Program (DEP), allowed IT administrators to exercise tighter control over corporate devices, from disallowing personal Apple IDs and settings to locking a device down with application blacklisting, whitelisting or single app kiosk mode.

Apple Applies Appropriate App Management Updates

Apple has made it easier for an organization to distribute its corporate applications to users — both enrolled in UEM and not. This latest OS update extends iOS’s previous single sign-on (SSO) capabilities to now integrate biometric checks such as Touch ID with an organization’s existing identity platform.

Identity and access management (IAM) is a hot topic in the context of a modern digital transformation, and we will further explore Apple’s new approach to SSO. But before a user can be granted access, a corporate app needs to be distributed to a device.

Corporate App Distribution

During the  infancy of Apple’s MDM technology, an organization with its own enterprise apps would be required to upload that application into a UEM platform, sign for it, then distribute it to appropriate users. Apple improved this workflow via its B2B App Store and in-house apps. During the 2019 WWDC, Apple further improved this process with Custom Apps Distribution—a new model that allows for organizations to use the Apple App Store’s infrastructure as the means of app distribution.

Rather than an enterprise having to sign and host the app, Apple will instead review the app, approve it and make it available to that enterprise’s employees once they enroll in a UEM or via a redemption code for unenrolled users. This takes away the pain often associated with giving users access to internal apps. Plus, it opens up the door for one-off sharing of enterprise apps, giving contractors access without needing full device management.

Apple Single Sign On in iOS 13

Now that we’re all educated on the journey of an app from cloud to device, it’s time to expand on SSO in iOS 13. Previously, SSO on a managed device and application was accomplished by linking an organization’s Security Assertion Markup Language (SAML)-based identity solution with its existing UEM platform. Users would then need only one set of credentials across all applications within their  organization.

It’s an exceptionally popular strategy in 2019, and most organizations — from small businesses, to mid-market, to enterprise-level — have installed some form of an identity tool.

Apple has followed the SSO trend with the release of its brand new SSO extension available in iOS 13 that allows any application or webpage to be integrated with an existing identity provider to now allow for authentication via biometrics. It can be argued that biometric authentication is more secure than passcodes, as passcodes come with the risk of being phished or written down on a sticky note for all to see.

Beyond a secure way of granting access, the update also aligns with Apple’s mission to effectively enable end users. This translates well to the enterprise because it keeps data secure while simultaneously providing a frictionless experience. Apple continues  to make strides in limiting the pain points an organization may experience when adopting an Apple device management strategy and identity management posture.

Learn How to Get the Most Out of Your iOS 13 Deployment

Another way to limit that pain is via a leading UEM platform that is equipped to not only support the changes presented in iOS 13, but also to provide a pathway to SSO.

Don’t just take my word for it, though. On Oct. 3 at 2 p.m. ET, join experts from IBM Security’s product and marketing teams as they take a deep dive into iOS 13, iPadOS and macOS Catalina and discuss how enterprises can make the most of this new Apple frontier.

Register for the webinar to learn more.

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…