iCloud and iOS 5: New challenges for the enterprise
- — 08 June, 2011 02:51
Mac OS X Lion running on a Apple MacBook Air.
Apple CEO Steve Jobs is known for wowing audiences with his presentation style and with new and polished technologies for Apple's desktops, mobile devices and media services. His keynote address Monday at this year's Worldwide Developers Conference (WWDC) was no exception. Jobs and other Apple executives showed off some of the features of the company's Mac OS X 10.7 "Lion," which is due out next month; the next generation of its iOS mobile platform; and the company's new cloud service known as iCloud.
Apple and its products are generally seen as focused solely on consumers, though the ongoing march of iPads and iPhones into workplaces of all shapes and sizes is beginning to make Apple a fairly common tech brand in businesses and enterprises.
So, what do yesterday's announcements mean for the enterprise?
Let's start with iCloud, which aims to make access to anyone's data ubiquitous across every computing device available. Given that Apple now considers a PC or Mac to be just another "device," this could have some serious implications when it comes to the line between home and work.
On the surface, iCloud is simply a consumer solution for syncing personal data: music, app and ebook purchases; personal photos and videos; personal information such as contacts, calendars; and it offers a free email account. Those aren't likely to affect the workplace much.
But the document sync and device backup features are bigger issues in the enterprise for a simple reason: They allow information about your company to be stored outside of your infrastructure and place control of that information under a user's personal Apple ID.
Granted, some of that risk already exists. A user can theoretically backup a device (personally or company owned) to an outside computer or use any number of cloud storage solutions -- Dropbox, Box.net, Apple's existing iDisk, Google Docs and others -- to transfer business information away from the workplace. The difference is that a user has to make an effort to do so, while iCloud will do this all automatically. A user might not even be aware it's happening; background operation and ease-of-use is, after all, what Apple is aiming for.
While document syncing may seem like the initial red flag, the bigger concern involves cloud backups. Document syncing will need to be implemented by app developers -- only Apple's iWork is slated to get it right now -- and each app appears to need user activation first. Device backup is expected to include backups of purchased content, photos and videos shot with a device, ringtones, all device-wide settings, home screen layout, text/MMS messages and app data. That app data is the big concern because that could mean almost anything, depending on the particular app, everything from game scores to student grades and attendance to performance reviews, sales figures and meeting notes.
Of course, Apple also notes that iCloud syncing can be disabled. Exactly how it is disabled and whether it needs to be disabled across an entire enterprise or can be done on a device-by-device basis isn't yet clear. Nor is it clear whether it must be completely enabled/disabled for a device or whether specific components of iCloud sync can be selectively turned on or off.
Apple did make a big point in the last major iOS update of introducing a powerful and granular device management architecture that many third-party providers have plugged into. It's hard to imagine that Apple wouldn't offer some additional management choices related specifically to iCloud. But exactly what those choices will be and how pervasive they'll be is open to speculation for the moment.
Overall, while there are some concerns about iCloud from a business perspective that will need to be examined when iCloud and iOS 5 launch this fall, they are largely extensions of an array of potential issues around any mobile device or platform in the workplace.
On the flip side, iCloud's work once, store/access anywhere approach has an amazing array of possibilities for mobile professionals and small businesses. It offers constant access and continuous backup along with easy transfer of data and apps to new devices. That's a powerful combination. How big these gains are to users and businesses will depend on how broadly -- and how well -- they're adopted by third-party developers. I don't really see broad adoption as something Apple has to worry about; The question is more about how long it will take for broad adoption to occur.
This future cloud-centric release of iOS lends itself to a very intriguing question for CIOs and IT managers: Can I replicate iCloud's features internally? The answer may be yes.
Apple's only reference to its server software during the keynote was a note that it will be an add-on feature to Mac OS X Lion. This isn't new information. Apple announced Lion Server as a feature of Lion earlier this year. While there are still few details on Apple's Lion Server page, there is information about "File Sharing for iPad" as a feature.
Lion Server delivers wireless file sharing for iPad. When you enable WebDAV in Lion Server, you can access, copy, and share documents on the server from applications such as Keynote, Numbers, and Pages.
While Apple specifically references its iWork apps here, it seems pretty clear that the company is using them merely as examples. That makes sense because Apple used them to demo iCloud's document capabilities. But it seems clear that this feature will extend to other apps as well.
What isn't clear is whether this is something that will be iCloud-like in its approach or something completely different. Apple could be giving developers two separate sets of APIs for storage: one for iCloud, which was mentioned specifically during the keynote, and one for WebDAV on Lion Server. The more logical approach would be to use a single cloud storage API in multiple ways.
Lion Server aside, one implication is that iOS file sharing/storage (iCloud or not) is based on WebDAV. That wouldn't be completely surprising. Apple's current iDisk feature is based on WebDAV. In fact, that's how you connect to it from a PC that doesn't have Apple's Mobile Me control panel applet installed. Apple has also showed preferences for customized uses of WebDAV and WebDAV-derived services like CalDAV and CardDAV over the past few years in iOS, Mac OS X and Mac OS X Server.
If Apple is basing over-the-air file storage and sharing in iOS 5 on WebDAV under Lion Server, it's quite possible that that service could be replicated with other WebDAV servers running on other platforms.
What would this look like on an iOS device?
Over the air
Whether it functions exactly like iCloud or not, Apple is clearly planning to allow-over-the air access to files as part of iOS 5 and Lion Server. It's far to early to tell with any degree of certainty exactly what this will look like, but given Jobs' comments about ending the need to access the file system it won't likely involve any type of file browser.
That means any on-device or over-the-air file storage is probably going to be app-specific; Users will likely have access to files on their device, files associated with their iCloud account, and files on any other Lion Server/WebDAV "file servers" they have access to.
My guess would be that there will be another option added to the Accounts section of the Mail, Contacts, Calendars area of the iOS Settings app. Right now, if you add an account and select Other as the account type, you can add a Mail, LDAP, CardDAV, or CalDAV account (or a .ics calendar URL). It isn't hard to imagine that list including a WebDAV account, perhaps named something like File Sharing.
With one or more such accounts enabled, users would likely see app-specific document stores for each account in any app that supports off-device file storage. It isn't clear whether these document stores would have a cloud-sync capability, though I'd lay odds that they would involve some form of permissions -- most likely those configured on the WebDAV server.
Easier iOS deployment with PC activation?
Moving beyond iCloud, iOS 5 represents a major milestone in that Apple has finally decided to allow iOS device activation and setup without using iTunes on a PC or Mac. It's a step that's long overdue.
Does this mean that rolling out large numbers of iOS devices will become easier and more streamlined: almost definitely. iOS 4 introduced all the needed components for an automated setup process. Either using Apple's existing tools to create configuration profiles or using a third-party mobile device management solution, the process of auto-configuring most of iOS is already possible.
In fact, for employee-owned devices, enrollment and provisioning of security features and user account/device setup can already be almost completely automated. The Achilles' Heel has been that new devices must be activated in iTunes before any setup -- automated or not, tethered or over the air -- can even begin.
Although Apple didn't demo the setup process, I would imagine that there will be some type of option for auto-configuration. This may be something explicit that all users see, like a configuration server address field with a skip option, or it may be something more discrete -- after selecting a Wi-Fi network and authenticating during setup, iOS may scan the network for a management server and enroll the device automatically.
Most likely, Apple will offer a combination of options so that an organization can completely configure company-owned devices like iPads while also supporting more limited auto-setup options for personal devices like iPhones. In that latter case, the user would obviously play some role in the process.
Of course, this alone doesn't resolve some of the challenges involved in providing users with third-party apps related to their work. Unless Apple is planning to take the wraps off an enterprise volume licensing solution for the App Store (not likely), this will remain a fly in the ointment. It is worth noting, that Apple has taken some early steps in this direction for education institutions, so something along these lines is certainly plausible.
iOS 5's lock screen and security
Earlier, I touched on potential security concerns introduced by iCloud that could apply to PCs and Macs in an organization as well as iOS devices. One area of concern with iOS 5 has nothing to do with iCloud; it involves the new lock screen.
In every iOS release to date, you couldn't do anything from the lock screen besides view a handful of often generic notifications, unlock the device, use it as a digital picture frame (iPad-only), or make an emergency 911 call (iPhone-only). That's pretty limited -- and pretty secure. Pair those limitations with a good passcode policy and automatic/remote wipe and there's not much to worry about.
iOS 5 makes that lock screen more useful and interactive. Notifications are listed in the lock screen (useful) and you can interact with the app that issued the notification - listening to a voicemail, for example. That allows someone more access than just making an emergency phone call. Apple hasn't yet been clear on the level of interaction that will be possible with non-system apps directly from the lock screen, but it opens the door for corporate information to be divulged even with a passcode policy in place. Even if it's just hearing a voicemail, that's troubling.
Similarly, the camera can now be accessed while a device is locked without entering a passcode. This is less troubling, since only snapping photos is supported. You can't access existing images or send new snapshots. But again, there's some cause for concern since it provides unauthenticated access to a locked device. One scenario that came immediately to mind involves an employee who surreptitiously takes incriminating photos of some sort using a coworker's iPhone. The employee then reports his co-worker for stealing company data, the iPhone is searched.... You get the drift.
I'll admit these aren't the biggest concerns, but they are situations that I hope Apple addresses using extensions to the existing device management capabilities.
Scratching the surface
One thing seems clear after this year's WWDC keynote: We haven't seen everything that's coming. Apple was very clear to note that we only saw demos of 10 of the hundreds of features in iOS 5 and in Lion. With a huge number of user features being rolled out this year, along with an incredible number of new APIs for developers (1,500-plus for iOS 5 alone), I think it's clear that Apple still has some tricks up its sleeve.
For enterprise customers, tricks and surprises are rarely good things, but that's the way Apple works. And like it or not, Apple is a driving force in today's mobile industry and in the so-called computerization of IT. That said, I'm optimistic these will be largely good surprises.
Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to Peachpit.com. Faas is also the author of iPhone for Work (Apress, 2009). You can find out more about him at RyanFaas.com and follow him on Twitter (@ryanfaas).