Apple users of the world, 13 is your lucky number: iOS 13 has arrived! This new iteration of Apple’s mobile operating system brings a slew of changes, both consumer-focused and enterprise-grade.

How will iOS 13 impact your organization’s device management strategy, and what should users expect on their devices, whether bring-your-own-device (BYOD), choose-your-own-device (CYOD), corporate-owned or anything in between?

Before we dig into what’s new, let’s briefly review the history of iOS in the enterprise.

Join experts from IBM on Oct. 3 at 2 p.m. ET to learn how iOS 13 is impacting Apple device management in the enterprise. Save your seat!

Going Apple Picking: iOS Devices and Device Management

The year was 2010. Apple had released iOS 4, and with that release came a novel idea: over-the-air (OTA) enrollment of iOS devices into the consoles of a burgeoning new technology — mobile device management (MDM). While MDM has evolved into the more robust unified endpoint management (UEM), at the time these platforms enabled businesses to become more mobile, allowing employees to do work on any device beyond the typical laptop, desktop and BlackBerry setup.

At the time, this new Apple technology allowed organizations to remotely lock, locate and wipe iOS devices as well as push down necessary applications. This core feature set expanded with each subsequent operating system update while adding control over iCloud backup, containment of corporate data for company-owned and BYOD use cases. The development of the supervised mode feature, better known now as the Device Enrollment Program (DEP), allowed IT administrators to exercise tighter control over corporate devices, from disallowing personal Apple IDs and settings to locking a device down with application blacklisting, whitelisting or single app kiosk mode.

Apple Applies Appropriate App Management Updates

Apple has made it easier for an organization to distribute its corporate applications to users — both enrolled in UEM and not. This latest OS update extends iOS’s previous single sign-on (SSO) capabilities to now integrate biometric checks such as Touch ID with an organization’s existing identity platform.

Identity and access management (IAM) is a hot topic in the context of a modern digital transformation, and we will further explore Apple’s new approach to SSO. But before a user can be granted access, a corporate app needs to be distributed to a device.

Corporate App Distribution

During the  infancy of Apple’s MDM technology, an organization with its own enterprise apps would be required to upload that application into a UEM platform, sign for it, then distribute it to appropriate users. Apple improved this workflow via its B2B App Store and in-house apps. During the 2019 WWDC, Apple further improved this process with Custom Apps Distribution—a new model that allows for organizations to use the Apple App Store’s infrastructure as the means of app distribution.

Rather than an enterprise having to sign and host the app, Apple will instead review the app, approve it and make it available to that enterprise’s employees once they enroll in a UEM or via a redemption code for unenrolled users. This takes away the pain often associated with giving users access to internal apps. Plus, it opens up the door for one-off sharing of enterprise apps, giving contractors access without needing full device management.

Apple Single Sign On in iOS 13

Now that we’re all educated on the journey of an app from cloud to device, it’s time to expand on SSO in iOS 13. Previously, SSO on a managed device and application was accomplished by linking an organization’s Security Assertion Markup Language (SAML)-based identity solution with its existing UEM platform. Users would then need only one set of credentials across all applications within their  organization.

It’s an exceptionally popular strategy in 2019, and most organizations — from small businesses, to mid-market, to enterprise-level — have installed some form of an identity tool.

Apple has followed the SSO trend with the release of its brand new SSO extension available in iOS 13 that allows any application or webpage to be integrated with an existing identity provider to now allow for authentication via biometrics. It can be argued that biometric authentication is more secure than passcodes, as passcodes come with the risk of being phished or written down on a sticky note for all to see.

Beyond a secure way of granting access, the update also aligns with Apple’s mission to effectively enable end users. This translates well to the enterprise because it keeps data secure while simultaneously providing a frictionless experience. Apple continues  to make strides in limiting the pain points an organization may experience when adopting an Apple device management strategy and identity management posture.

Learn How to Get the Most Out of Your iOS 13 Deployment

Another way to limit that pain is via a leading UEM platform that is equipped to not only support the changes presented in iOS 13, but also to provide a pathway to SSO.

Don’t just take my word for it, though. On Oct. 3 at 2 p.m. ET, join experts from IBM Security’s product and marketing teams as they take a deep dive into iOS 13, iPadOS and macOS Catalina and discuss how enterprises can make the most of this new Apple frontier.

Register for the webinar to learn more.

More from Application Security

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…