Some of these include: Customized Configuration ProfilesĪ CP is an XML file with configuration settings that are applied at the root level of an iOS device. The new edition of the hardening iOS Benchmark documents a variety of methods to improve your iOS device management. You can learn more about the CIS here: iOS Benchmark You only need a CIS membership, which includes annual dues, if you intend to use their materials in a product or to access their automated tools for audit and remediation.
The benchmarks are free for non-commercial use. Their material is produced through a consensus-based process with volunteer security and technology professionals. The CIS is one of the most respected producers of system and application hardening standards in the world. Furthermore, this standard is completely free for any organization to utilize internally and can be scoped to any environment. The benchmark addresses the containerization and managed flow of corporate data, introduces separate guidance for employee and corporate owned devices, and it provides audit and remediation guidance that scales from 10 to 100,00 devices.
Now, for full disclosure, I was deeply involved in the development of this release. This week the Center for Internet Security (CIS) released a new edition of their iOS benchmark. With the rise Whaling, the threat to your organization could be a fraudulent request for a wire transfer that comes from your CFO’s iPhone that was stolen 40 minutes ago in an airport.Įxchange/Office 365 based EAS policies and MDM still have a place, but if you are managing iOS devices with only these tools, you’re missing opportunities to protect your organization. Plus, not all threats are to the data of your organization. Moreover, it is not merely spreadsheets or the occasional social security number in a text, but its content such a complete general ledger, copy of proprietary source code, or detailed customer account data. Apps like Dropbox and Salesforce contain tons of data. Whereas five years ago, most of the data on devices came from Exchange, now it comes from everywhere. The problem is that as the years have passed, and the environments grown more complex, iOS device management for most organizations hasn’t. The combination of EAS policies with MDM is pretty good and generally how we see the most advanced organizations managing their iOS devices. They generally have a checkbox interface that utilizes Apple’s configuration profile (CP) framework on the backend. They support iOS and Android, and occasionally other things.
These are servers, either on-prem or in the cloud, dedicated to managing mobile devices. Unfortunately, many organizations are still using EAS as their primary management tool for iOS devices.Ībout the same time, Mobile Device Management (MDM) solutions began entering the market. This allowed organizations to manage iPhones and their data, but with many limitations. The same standard now implemented with Office 365. When the inevitable breaches arose from phones with sensitive data, Apple responded with adopting the Exchange ActiveSync (EAS) standard. This put personal email and work email side by side. People connected their personal iPhones and iPads to the corporate Exchange server.
However, as its popularity grew, so did the users who wanted to bring it to work. Mobile Device Management BeginsĪt first, the iPhone was clearly targeted at the consumer. It did not, however, have any tools for hardening iOS. It did away with the clumsy stylus, clicky buttons, and more significantly proprietary management systems. It introduced near full-body screens, a universe of apps, and a responsive touch interface. If you look back to the mid 2000s, the leading mobile phone looked like a prop from a cheesy sci-fi movie. When Apple’s iPhone hit the market in 2007, the shockwaves were intense.