MobileIron has published their 2015 MobileIron Trust Gap Survey results that examines the privacy expectations workers have when using a mobile device for work.
“Mobile workers, especially younger workers, have an expectation of privacy when using mobile devices for work. Many would leave their jobs if their employer could see personal information on their device,” said Ojas Rege, Vice President, Strategy, MobileIron. “In a world where smartphones contain increasing amounts of sensitive personal data, CIOs must remember that every device is a mixed-use device and must protect employee privacy as fiercely as corporate security.”
Philip Harrison, CTO, CWSI
Apple made some exciting announcements about changes to how iOS 9 can be used in the enterprise at their recent Worldwide Developer Conference (WWDC). The key takeaway seems to be that VPP, Managed Apps and Supervision are becoming much more powerful, but also virtually mandatory in enterprise.
Here are some of the key changes that we felt were of interest:
Removing the Apple ID requirement: Via an EMM, it will now be possible to assign Volume Purchase Programme (VPP) apps to devices rather than to iTunes accounts. This would appear to remove the need for iTunes accounts on iOS devices where VPP is in-use. A side effect of this is that apps will be licensed per-device, rather than per-user, but this is often not a concern for enterprises where the server-side is paid for while the app is often free.
Distribute apps without the App Store: Users will be able to download apps via an Enterprise App Store (EMM provided) even if the Apple App Store is disabled on the device. This is a huge improvement as it closes the loophole whereby users could bypass their enterprise App Store and download business apps “Unmanaged”, leaving the enterprise with little control over these apps.
This will also make app whitelisting a considerably easier solution to implement. If the business does not add the app to their enterprise App Store the user will have nowhere else to download it.
Convert unmanaged apps to managed apps: “Managed” apps in iOS give businesses additional DLP, remote wipe and config controls over these apps. Prior to iOS 9 however, for an app to become Managed, a user would need to uninstall it, thus losing data/config, then re-install from their enterprise App Store. iOS 9 allows an EMM convert an Unmanaged app to Managed over the air with no loss of data/config for the user.
Hold in iOS Setup Assistant: Prior to iOS 9, a device being enrolled using the Device Enrolment Programme (DEP) would begin enrolment with the EMM during the Setup Assistant on first boot, but would allow the user to begin using the device as soon as EMM enrolment started. This lead to situations where all policies were not yet enforced on the device when the user started using it, potentially allowing the user to install apps, add personal email accounts etc before these options were disabled. iOS 9 can now hold the user in the Setup Assistant until the device is fully enrolled with the EMM.
Volume Purchase Programme (VPP): Now available in 26 countries and apps purchased in one territory can be distributed to devices in other countries assuming that app is also sold there. It was also mentioned that updates of VPP apps would be controllable by an EMM.
Caching Service: The Apple Caching Service speeds up the download of apps, updates, iOS updates etc on local area networks by locally caching these apps/updates/iOS updates on an OSX Server, providing them to the next client that needs them and is on the same subnet. The newly announced version will also cache iCloud data, documents, Photo Library, CloudKit data and on-demand app resources. More info on this service - http://help.apple.com/serverapp/mac/4.0/#/apd74DDE89F-08D2-4E0A-A5CD-155E345EFB83
Trust UI: iOS 9 introduces some changes to how and when users need to “Trust” in-house developed apps. In-house apps downloaded via an EMM will now be automatically trusted, and an EMM can be used to prevent users from trusting other in-house signing entities.
OSX Restrictions: Some new EMM restrictions for OSX have been introduced, including Block Camera and Block iCloud.
Apple Configurator 2: The Apple Configurator has been completely revamped, introducing some of the features from the now defunct iPhone Configuration Utility (IPCU), allowing devices be managed by multiple Configurators (no longer tied to a single machine!) and integration with DEP to allow zero-touch setup of devices.
Data usage controls for Managed apps: An EMM will now be able to control on a per-app basis whether said apps can use cellular and/or roaming data. This is a big one for enterprises that do not control apps too tightly but whose users roam - for example they could now allow NetFlix on devices but restrict it to WiFi only.
iOS version control: iOS 9 will allow the enterprise decide when DEP enrolled Supervised devices can upgrade to the latest versions of iOS, allowing for proper testing of line-of-business apps before upgrades take place across a fleet. This is a long awaited control!
Update 2015/07/12: I met with an Apple representative last week who believes this change will actually be allow you force users to upgrade, but no necessarily prevent upgrades. Time will tell!
iOS Restrictions becoming Supervised only: Since iOS 5/6 Apple have begun to release most new iOS Restrictions for Supervised devices only, leading many to believe that Apple ultimately intended enterprise to Supervise all their devices (whereas in the past Supervision was primarily aimed at Education). This trend has continued with the release of over-the-air Supervision with DEP and now Apple have announced that many of the existing iOS Restrictions will soon become available only on Supervised devices (but not with iOS9 apparently).
The Restrictions listed for transition were:
• Restrict App Installation
• Restrict App Removal
• Restrict FaceTime
• Restrict Safari
• Restrict iTunes
• Restrict Explicit Content
• Restrict iCloud documents and data
• Restrict Multiplayer Gaming
• Restrict Add GameCenter Friends
New iOS Restrictions: Some new iOS Restrictions are being introduced, though we are not clear which of these will require Supervision, which is now an important consideration after reading the above. New Restrictions include controls over:
• Screen recording
• Trusting new enterprise app authors
• Treating AirDrop as Unmanaged
• Automatic app downloads
• iCloud photo library
• Keyboard shortcuts
• Modifying the device name
• Pairing with Apple Watch.
Per-app VPN changes: Some changes were announced to per-app VPNs. Support for UDP traffic is a big one as UDP is often used by video/audio streaming apps (think Lync) and was not supported previously. More granular IP-level control over per-app VPN traffic will now be possible. Finally, the native IPSEC IKE clients can now be used to manage per-app VPN connections.
We are excited to announce that MobileIron is positioned in the Leaders Quadrant of the Magic Quadrant for Enterprise Mobility Management Suites for the fifth consecutive year.
We are really proud to be part of MobileIron success.
June 11, 2015
MobileIron named a Leader for the fifth consecutive year
MOUNTAIN VIEW, Calif. – June 11, 2015 – MobileIron (NASDAQ: MOBL), the leader in mobile enterprise security, today announced it has been positioned by Gartner, Inc. in the Leaders quadrant of the “Magic Quadrant for Enterprise Mobility Management Suites.”* This is the fifth consecutive year that MobileIron has been positioned in the Leaders Quadrant and the second consecutive year that MobileIron has been positioned furthest on the Completeness of Vision axis.
Download the full report here: https://www.mobileiron.com/en/analyst-report/gartner-2015-report-magic-quadrant-enterprise-mobility-management-suites
“Companies around the world are using mobile technology to transform their businesses and we believe our ongoing recognition as a Leader in the Magic Quadrant is the result of our focus on this new Mobile First world,” said Bob Tinker, CEO, MobileIron. “The move to mobile is the most disruptive shift faced by enterprise IT in the last 20 years. Modern end-user computing is moving to the mobile model for security and management and our global customers trust MobileIron to deliver on the vision for mobile computing by delivering innovation and security at scale.”
MobileIron secures enterprise information wherever it lives, in the app, in the network, and in the cloud.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
*Gartner “Magic Quadrant for Enterprise Mobility Management Suites” by Terrence Cosgrove, Rob Smith, Chris Silva, John Girard, Bryan Taylor, June 8, 2015
Discover the Latest Trends in Enterprise Mobile Data Security and Usage
Mobile usage is maturing and so are the types of threats your company data is being exposed to. By understanding how your employees use mobile data, and across which applications and websites, you can implement a successful mobility strategy to protect sensitive data and reduce costs to get the best out of your enterprise mobile investment.
The Wandera Q2 2015 Mobile Data Report highlights the most current trends in mobile data usage by employees of enterprise organizations. It also highlights the latest mobile threats including man-in-the-middle attacks and how to protect against these with simple Wi-Fi security tips.
CWSI are delighted to announce the launch of their new product - UPtime®.
UPtime®, created by CWSI engineers is a unique MobileIron's infrastructure monitoring tool, which will provide great peace of mind for IT staff.
The idea is very simple - UPtime® monitors your MobileIron infrastructure and sends you an alert as soon as anything goes wrong - saving you time and money, as the issues can be addressed before users report them and before they affect any critical business processes. Most UPtime® notiﬁcation emails will even include details of the likely cause of the issue and possible remediation steps.
UPtime® will also provide you with a monthly report detailing the availability of your monitored server for the period, along with any incidents that may have occurred. The alerts can optionally create tickets directly in the CWSI ticketing system, allowing a CWSI engineer begin working on the problem as soon as possible.
With over 1 billion devices shipped in 2014, Android is clearly the customer's favourite OS.
And now, thanks to Android for Work, it has also become a perfect business tool.
We don't simply sell technology...
...we guide you on a journey to become Mobile First.
Get ready... The world is changing rapidly.
No matter where you are on your mobility journey, we can help you to take the next step.
We have partnered with industry leaders to provide you with the best solutions