What the iPhone 5S and 5C and iOS7 offer the enterprise
- 11 September, 2013 21:00
Much of what Apple offers enterprise workers and their IT departments in the new iPhone 5S and 5C comes by virtue of its new iOS 7, first announced in June.
The low price of the iPhone 5C would make it attractive to younger employees of large companies with BYOD policies.
According to analysts, the biggest benefits of iOS 7's enterprise features will come through connections to mobile device management software deployed by large-company IT shops.
Still, Apple has unveiled new hardware that could benefit -- or pose new challenges -- to businesses. For example, a cheaper, more colorful iPhone 5C, starting at $99, could be attractive to younger workers who would buy the phone on their own and expect to have the workplace Wi-Fi at their disposal.
There are also novel hardware features, including a fingerprint sensor, called Touch ID, in the iPhone 5S that could help all kinds of business users simplify the phone unlock process, even those workers providing their own smartphone for work under a BYOD (Bring Your Own Device) scenario.
The following are different views on how the new iPhone models and iOS 7 could affect enterprises.
Apple's Touch ID in the iPhone 5S
If Touch ID works as promised in the iPhone 5S, a user would simply touch the home button to initiate the technology and avoid the need to tap in a password.
"The fingerprint reader means that the user doesn't have to constantly type in passcodes, so I wouldn't belittle it" as a security feature, said Gartner analyst Ken Dulaney.
Apple said that only half of its iPhone users rely on a password to unlock a phone, so a lot more authentication security could be derived from having Touch ID capabilities. A lost or stolen phone locked with the Touch ID would have a better chance at protecting the data inside.
However, fingerprint sensors are already widespread in laptops and are not often used, said Jack Gold, an analyst at J. Gold Associates. "The fingerprint sensor could be useful for two-factor authentication, but laptops have had them for years and they are not widely being used," Gold said. "It's hard to make sure fingerprint sensors are working properly. So, I see the fingerprint sensor as more of a consumer than an enterprise feature."
Experts credited Apple for locking the user's encrypted fingerprint data in a secure section of the A7 processor. That way the fingerprint data won't reach Apple servers and won't be backed up to the Apple iCloud sync service or anywhere else.
The $99 iPhone 5C and the workplace
The iPhone 5C could have an enterprise impact by luring BYOD users to buy an iPhone for the first time, possibly as a second phone to a BlackBerry or other device mandated by IT, some analysts said.
At the lower $99 price and available in five bright colors, the iPhone 5C will clearly appeal to younger buyers, especially those who never owned an iPhone, analysts said.
IT shops may once again have to re-examine usage policies for personal phones that access workplace Wi-Fi. They will also have to consider the appropriateness of such devices running enterprise-class email and apps on those phones. The iPhone 5C won't have the new Touch ID fingerprint sensor seen in the iPhone 5S, but will run full-fledged iOS 7.
"The lower price of the iPhone 5C could potentially make it easier for Apple to increase uptake in the enterprise," said Carolina Milanesi, an analyst at Gartner. "I say this because most enterprises are still relying on BYOD or allowing employees to pick an iPhone from a list of devices, but then asking them to pay the difference between what an average enterprise device would cost and the cost of the iPhone."
Milanesi had expected the iPhone 5C to cost less than what Apple announced. She expected the 5C to cost $300 to $400 cost without a wireless contract, instead of the $549 price that Apple is charging for the 16 GB version.
Even so, $99 for an iPhone 5C would be $100 less than the iPhone 5S with a contract, so if a workplace wanted to offer an employee an iPhone 5C under the company's ownership and management, there is a greater potential for adding more workers on iPhones, Milanesi said.
Price alone, however, is still a relatively minor issue for enterprise users, Gold noted. "Most business users buy based on productivity and convenience and not generally on the lowest price."
Since smartphone productivity is most important to employees, the new iOS 7 could factor heavily into how workers and IT shops judge Apple and its newest smartphones.
iOS 7's impact on enterprises
Apple's iOS 7 offers around 200 new features, the company said. Those features include more enterprise enhancements than any release since iOS 4.0, which was the first time Apple introduced MDM application programming interfaces (APIs), Gartner's Dulaney noted in a recent report. "IOS 7 will have a high impact for enterprise IT leaders in terms of security and management," he said and urged enterprises to test iOS 7 for use with MDM software consoles and users.
The new version will meet baseline security needs for more than 80% of enterprise-owned and fully managed iPhone and iPads, he said.
Dulaney compared iOS 7 to BlackBerry Balance software, which partitions personal and work applications on a single smartphone like the BlackBerry Q10.
However, Apple doesn't support a network operations center as BlackBerry does, meaning the implementation of a management console for iOS 7 must come from a third-party MDM provider, Dulaney said. The list of MDM vendors is a long one and includes old-line vendors such as IBM and Microsoft, but also Good Technology, AirWatch, Mobile Iron, Zenprise and Symantec.
MDM vendors are moving quickly to support iOS 7 when it launches on Sept. 18. However, Gold said it is unclear how many of the new iOS features will make it into MDM suites. More importantly, it's still unknown how iOS 7 will affect overall device manageability in a corporate setting.
Based on Gartner's analysis, enterprises "will most certainly deepen the relationship and commitment to Apple," Dulaney said in its report from Aug. 12.
In iOS 7, Apple upgraded its software to do several tasks. Among them were to provide single sign-on (SSO) to permit multiple applications to work across a single smartphone; multitasking; and a standard method for embedding management features in enterprise applications.
Single sign-on: The SSO feature of iOS 7 will allow a user to access multiple business applications in a smartphone, but only as governed by the IT shop via its MDM, Dulaney said. The fingerprint sensor, for instance, might quicken the process for a worker to move back and forth between applications. Those and other iOS 7 features would have the biggest impact on enterprises, and have provoked a range of recommendations from Dulaney and other analysts:
Multitasking: Apple's multitasking is not true multitasking, Dulaney said, but is actually a better scheduling algorithm that allows an application to request more processing time in the background.
App Store access: Dulaney noted that worker access to Apple's App Store might still be needed, although some enterprises are concerned about users unintentionally downloading malware in untested apps. Companies can set up an enterprise application store by using the Apple Volume Purchase Program, but access is still needed to the App Store, a process that Apple still needs to change, he said.
Per-App VPN: Apple's characterization that iOS 7 has a Per-App VPN feature is poorly named, Dulaney said. Instead of embedding VPN technology in each business app, iOS 7 allows an MDM suite to designate a set of applications for use of the VPN. Each business application will then declare itself as requiring the VPN and will then be routed through it. Consumer traffic, instead, is routed over the wireless carrier's public Internet portal.
iBeacons: iOS 7 supports the placement of low-cost Bluetooth Low Energy emitter devices in workplaces and elsewhere that can connect via Bluetooth 4.0 to iOS 7 devices. That means an MDM console can have more precise location information for users, but also contextual information to help determine if a device is being used in an insecure manner.
A user with an iPhone passing a Bluetooth emitter in an unauthorized area could trigger an alarm, for instance, but the process could also allow a user to open doors or turn on lights by passing through an area and coming within about 25 feet of the sensors.
Wi-Fi Hot Spot 2.0: Support for this feature should improve the efficiency of the transition from cellular to Wi-Fi, which has previously burned battery life.
AirDrop: This form of peer-to-peer file sharing uses Bluetooth and Wi-Fi for quick data sharing between two iPhone users. By comparison, newer Android devices and other smartphones rely on near-field communication (NFC) for file sharing. Gartner generally opposes P2P file sharing as inherently insecure for business uses. Dulaney added: "We believe that most enterprises will want to disable this feature."
Gold said that despite many protections in AirDrop, enterprises should still worry about loss of data over Wi-Fi connections. One precarious scenario could occur when a stranger on the other side of a wall and out of view of AirDrop users monitors their Wi-Fi traffic.
By contrast, when AirDrop was introduced in June, Solstice Mobile, a development shop based in Chicago, said it was experimenting with ways to help business users streamline data sharing with the new function.
Of note, Dulaney said Apple's AirDrop technology indicates that Apple won't be putting NFC in future iPhones, since Apple prefers Wi-Fi and Bluetooth to near-contact transmission. Buy-in to NFC by Apple has been considered important for the advancement of NFC mobile payments, especially in the U.S., which means the emergence of mobile payments is pushed "further into the future," Dulaney said.
Enhanced SMS: Apple will permit longer text (SMS) messages to be sent from iOS 7 devices in a process that converts text messages into MMS (Multimedia Messaging Service). Even with this enhanced capability, Dulaney noted that enterprises still won't be able to track any type of SMS on the phone, which is required stockbrokers and other financial workers by federal regulation.
Activation lock: With this new feature, a lost or stolen iPhone can't be reactivated without the owner's iCloud username and password. Dulaney said the feature should reduce theft, but warned that jailbreaking any iPhone would likely nullify the activation lock capability.
Mass device enrollment: Dulaney said iOS 7 is expected to permit enterprises to set up and "enroll" multiple enterprise-owned devices at one time, cutting down the time-consuming process of enrolling each device one at a time. The details of the process weren't clear and Apple didn't respond when asked to comment.
While Gartner described many improvements with iOS 7 for enterprises, Gold said it is really up to the MDM software to make the devices running iOS 7 enterprise friendly. With any MDM, basic smartphone management is still tied to Microsoft's ActiveSync, supported by virtually all MDM vendors, Dulaney noted.
Much of Dulaney's focus for iOS 7 enterprise features applies to corporations that own and manage the smartphones, but he concluded that there is also some advantage for BYOD shops.
To Gold, however, even with the many positive features in iOS 7, BlackBerry Enterprise Server offers a "greater breadth and depth of management" for BlackBerry devices than iOS 7 with MDM consoles will provide for iPhones. BlackBerry Enterprise Server for other platforms than BlackBerry is less comprehensive, he added.
"My advice to any enterprise supporting BYOD would be to only deploy [iOS 7 devices] if you have an MDM and mobile application management strategy to beef up basic management functions in iOS 7," Gold said. "Otherwise, you don't really know what you've got."
This article, What iPhone 5S and 5C and iOS7 offer the enterprise, was originally published at Computerworld.com.