It’s a little late, but I’m first now catching up on some of the recent news. :-) With the BlackHat and DefCon conferences in Las Vegas recently completed, there was a flurry of security news happening last few months. Here is a brief run-down of some highlights I found as it possibly affects the mobile computing world.
Slow patching puts Android users at further risk:
Take away: Android Beam (via NFC or Bluetooth) vulnerabilities to execute files, down-level OS and apps still being used by mobile operators.
Tools released at Defcon can crack widely used PPTP encryption in under a day:
Take away: Stop using PPTP VPN and WPA2 Enterprise, use IPSec or OpenVPN and don’t use WPA2 for WiFi if using MS-CHAPv2 authentication..
Inside how Google scans for Malware:
Whitepaper of their findings: https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf
Take away: Google bouncer app verification holes, how to make your internal or public applications more secure.
BTW, Google has now updated their Developer policy per August 1st 2012 (unknown if Trustwave helped pushed this along): http://play.google.com/about/developer-content-policy.html.
Google now is combatting spam, malware, and SMS/email usage. Any app updates after 30 days of this new policy and don’t comply are subject to warning or removal from Google Play immediately. This is excellent news!
Devices scanned on Mobile Networks:
Takeaway: If deploying on a public mobile network, especially M2M devices, make sure the devices can be locked down in some fashion. Reminds me of the old modem war-dailing days. :-)
Advanced Android Exploitation with AFE (Android Framework for Exploitation):
Takeaway: The Android platform could quickly become infested with bot networks as the current Windows platform. Understand malware and secure against it.
Apple iOS SMS Security Vulnerability
Takeaway: Careful to take basic communications as granted, SMS spoofing exists on any platform. Apple states it’s iMessage verifies addresses.
A component that most Mobile Device Management (MDM) products use today is the Simple Certificate Enrollment Protocol (SCEP). This was propelled by the use from Apple for iOS 4 devices in 2010, and Cisco and VeriSign who designed it in early 2000. The protocol was designed to make the issuing and revocation of digital certificates as scalable as possible. Especially its usage in MDM solutions for the growing BYOD footprint could be of a concern.
US Computer Emergency Readiness Team (US-CERT) released this Vulnerability Note #971035 on June 27th: http://www.kb.cert.org/vuls/id/971035
It stated: “An attacker could elevate their permissions by requesting a certificate of a different, possibly higher privileged user that would allow them to access resources that they would not otherwise be able to access.”
Certified Security Solutions (CSS) is credited to report the vulnerability and more exact details are documented in their 8-page whitepaper here: http://www.css-security.com/wp-content/uploads/2012/05/SCEP-and-Untrusted-Devices.pdf
A 12 minute video demoing the vulnerability and security overview is available here: http://www.css-security.com/scep/
Mark Diodati from Gartner has pointed out that the following vendors have modified or proxied their SCEP enrollment process so better validation of the distinguished name is performed to better protect against this potential vulnerability:
AirWatch, Good Technology, Fiberlink, MobileIron, and Zenprise
The same can also be said about Silverback MDM, and probably several other vendors. If you are concerned you should ping your vendor and get more details.
But as Ted Shorter from CSS also points out his blog article, even if the various products in use might not be directly affected, it’s important to look at the full solution and what potential risks you may have and how it is implemented.
As the US-CERT posting highlights, the IETF Draft for SCEP has since March 2011 also mentioned other solutions such as Certificate Management Protocol (CMP) [RFC4210] and Certificate Management over CMS (CMC) [RFC5272] that have more comprehensive functionality. And “implementers are encouraged to support one of these comprehensive standards track certificate management protocols in addition to the protocol defined in this specification”.
As the market matures further with Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) I would suspect an increase in functionality and use of newer security standards and processes. With all the MDM products on the market, the top players continue to add features that they hope will differentiate themselves better.
The new folks over at Deloitte Digital have put together a nice infographic that even compares your new shiny mobile device to your toothbrush. And I know all of you out there are already using your devices while out shopping and just waiting to use NFC. :-)
Head over to my Pinterest page if you want to check out my collection of Infographics and let me know if you have some good ones!
More for the channel readers out there, but a quick plug for an article where I was quoted talking about the importance of MDM solutions, the changing business landscape of BYOD and also understanding all the infrastructure aspects surrounding mobile platforms today.
See the full article here:
A colleague of mine gave me a heads up on this new piece of documentation that Apple released without any public fanfare. But quietly slipped it into links on the http://www.apple.com/ipad/business/ and http://www.apple.com/iphone/business/ web sites.
iOS Security – May 2012:
It’s a 20 page light read that goes in some depth about the various security processes and features within the Apple operating system. Hopefully this indicates a change of documentation from Apple and who knows what iOS 6 could bring around the corner. :-)
Distracted Driving is something even I am guilty of. Various voice solutions on the main mobile platforms are starting to assist with hands free support in vehicles, but at times it still doesn’t appear to be perfect and very dangerous to do when driving down the street or highway in a half-ton moving object.
As the continued usage of mobile devices increase, a higher number of consumers use devices while driving. This carries directly over to corporate usage, as more companies deploy mobile devices to their workforce. In the United States, increased local, state and federal legislation ban some or all use of mobile devices while driving.
At this time no state bans all cellphone use — handheld and hands-free — for all drivers. But nine ban using handheld devices; 38 states and the District of Columbia prohibit text messaging for all drivers; and 30 states and D.C. ban all cellphone use by new drivers.
In the United States several high-profile lawsuits and settlements have recently occurred in the past 6 months against companies that have field service personal that were involved in driving fatalities. The position has previously been that if corporate policies were in place and acknowledged by employees, the companies could be perceived as exempt for direct liability.
Examples and references:
Jury Awards $21 million to Woman Struck by Coca Cola Truck in Distracted Driving Case
Companies weigh risks of distracted driving
Enbridge Energy Partners and its driving policy
US Department of Transportation - Federal Motor Carrier Safety Administration
A new trend appears to be emerging where policies and potential systems must be put in place to exempt liability.
Several solutions are now available on the market to assist corporations with various levels of distracted driving management. Examples include in no certain order or preference (ping me if you know of others):
- Zoom Safer - http://zoomsafer.com/products/fleetsafer/vision/
- Zoom Safer - http://zoomsafer.com/products/fleetsafer/mobile/
- CellControl - http://www.cellcontrol.com/
- LocationLabs - http://www.locationlabs.com/
- Illume Software - http://getizup.com/index.php/Enterprise
On the consumer side, I think it will just be a matter of time before insurance companies will fully embrace this type of technology (trails are already underway), and discounts or mandates will be commonplace.
The US government has been calling Distracted Driving an dangerous epidemic since 2009, and with good cause. http://www.distraction.gov/
Drive safe and not distracted!
Another cool infographic that I recently came across. This one gives an overview on some key aspects going on with tablets in the enterprise.
Right now this is heavily dominated by the Apple iPad and the question is if they can hold Microsoft Windows 8 tablets at bay later in the year. We shall see what Apple will announce next month at their developers conference (which this year was sold out in only 2 hours!), to keep their momentum going.
Please see http://www.vertic.com/blog/year_of_the_enterprise_tablet_infographic/ for more information.
BTW, they also have an older one from November 2011, called the “The Tablet Economy”, which gives some interesting stats on the demographics of a typical tablet owner: http://www.vertic.com/blog/the_tablet_economy_infographic/
As I wrote in a previous posting back on March 11th, Kyle Lagunas was doing a public survey to get more BYOD trending information. I’m a little tardy in posting this, but catching up. :-)
Employees using their own devices (smart phones, tablets, PCs) are able to use the technology they’re most comfortable with--which has a positive impact on productivity. But as anyone in IT can tell you, this has risks. To address those, some organizations are creating BYOD (Bring Your Own Device) policies that establish guidelines for proper use. Last month, Kyle Lagunas of Software Advice launched a survey to get a pulse on what companies are doing to manage employee-owned mobile devices.
Kyle’s share a few highlights with us here. You can find the full report of his findings on his Blog.
Fact: Employees Are Already Using Their Own Devices for Work
The question many business leaders are asking their HR partners is: “Do we need a formal policy for managing mobile devices?” This is not an easy question to address, as it requires perspective on what employees are doing with their mobile devices. To that end, we asked a couple of questions around usage.
Figure 1: Ownership of devices employees use for work-related purposes.
The most important question when discussing BYOD, of course, is whether or not people are even using their personal devices for work-related purposes. As shown in Figure 1, the majority of employees (77%) are using their own devices to some extent--either exclusively or in addition to company-issued devices--to do work. Of course, “work-related purposes” could be something as simple as checking their email. So we wanted to gauge what else they’re doing.
Figure 2: Employee uses of mobile devices.
According to our respondents, employees are using mobile devices at a roughly equivalent frequency for personal and business use. As shown in Figure 2 above, 67% of employees are using devices for business correspondence (email, phone calls, etc.), and 44% are using their device--company-owned or not--for professional networking.
Whenever employees are using mobile devices to access company data (48%), one would think a policy with guidelines for proper use is a must. However, another survey question revealed that only 30% of respondents’ companies had a policy for managing personal mobile devices in place. Is there a disconnect here? Survey says... Quite possibly.
Will BYOD Become a Higher Priority?
Considering the majority of employees are already using personal devices for work-related purposes, we were surprised that only 12% of organizations without a BYOD policy plan to adopt one in the near future (half of those are currently developing policies). 30% of participants without BYOD policies said that instituting one wasn’t a priority, 33% plan to modify their plans for managing use of personal mobile devices in 2012.
Security risks associated with BYOD policies continue to intimidate some--one respondent said he is “scared to death of security vulnerabilities”--but what would do more to minimize risks than to adopt an official policy? Are organizations better served by addressing issues as they arise? Or should leadership elevate mobile device policy as a priority for 2012?
As the cool new “infographics” way of displaying information is addictive, here is a nice one with some BYOD stats that could be of interest.. :-)
See http://www.xigo.com/byod/ for more info..
I first noticed this now, but there appears to have been an update to v1.0.1 on April 17th with some new fixes that I didn’t try in my own testing previously back in March. Details are posted here: http://support.apple.com/kb/HT5233
The redemption code reusability could be huge, and I’m wondering if other MDM/MAM solutions could work in the same fashion:
The Apple Configurator 1.0.1 update is available from the Mac App Store.
This update improves overall stability and performance and addresses a number of issues, including the following:
- Enterprise apps packaged as .ipa files are imported and installed correctly.
- Redemption codes for apps that contain a comma in their title can now be imported.
- A redemption code may be reused to install an app on another device if the original device is unsupervised and erased by Apple Configurator, or if the app's installation did not complete on the original device.
- The redemption code used to purchase an app in iTunes may also be used to install the app on one device with Apple Configurator.
- The number of redemption codes remaining for an app is now displayed correctly.
- Notes and bookmarks entered into iBooks and iTunes U are deleted when a backup is restored to a supervised device.
- The WPA2 password is saved when editing a Wi-Fi profile payload.
- The name of a stored backup is saved when edited.
- The storage capacity of an 8 GB iPod touch is now displayed correctly.
- The "Erase all contents and settings" checkbox on the Prepare pane has been relabeled "Erase before installing".
As I have made device upgrade lists in the past for Windows Mobile, I’m glad to see others are providing updated centralized information on this.
JR Raphael has posted a great listing here, with an easy to use device dropdown picker: http://blogs.computerworld.com/19341/android_40_upgrade_list
For the US side Samsung has posted a nice overview, here, for their devices that will receive ICS but no firm dates from each US mobile operator.
It would appear that most of the newer devices from last year will probably receive an 4.0 upgrade if I’m reading all the information correctly.. JR Raphael also made a article on the overall Q1 status from many of the OEM manufactures here: http://blogs.computerworld.com/19867/android_40_report_card
For the many markets, I think the co-branding and continued UI tweaks and changes done to the base models just continue to make it more difficult to support long term. We have seen this for years now, and now on various mobile OS platforms.
On top of all the other Apple news from the other week, there was also a “silent” release of a new tool called the “Apple Configurator”. Think of it as a mixture of the Apple Xcode, iTunes and iPCU applications all wrapped into one.
It appears it has been tightly under wraps and with a small number of beta testers since the Apple WWDC conference last year.
The current OS requirements are: Mac OS X 10.7.2 or later – thus it requires a Mac machine running Mac OS X, but not Mac OS X Server. There currently is no Windows OS support, unlike for iPCU and iTunes which do have Windows versions.
You can download Apple Configurator from the Mac App Store. It is a free application, but you will need an Apple ID.
Some of the functionality that I will document in this walkthrough:
· Configure up to 30 devices at a time
· Update devices to the latest version of iOS
· Create and restore a backup of settings and app data from one device to other devices
· Import apps into Apple Configurator and sync them to new devices
· Use the built-in editor to create and install iOS configuration profiles
· Organize supervised devices into custom groups
· Automatically apply common configurations to supervised devices
· Quickly reapply a configuration to a supervised device and remove the previous user’s data
· Import apps into Apple Configurator and sync them to supervised devices
· Define and apply common or sequential names to all devices
· Restrict supervised devices from syncing with other computers
· Add users and groups manually or auto populate via Open Directory or Active Directory
· Check out a device to a user and restore the user’s settings and data on that device
· Check in a device from a user and and back up the data for later use, possibly on a different device
· Apply custom text, wallpaper, or the user’s picture to a device’s Lock screen
· Import and export documents between your Mac and Apple Configurator
· Sync documents between assigned devices and Apple Configurator
The installation quick quick and painless. During the installation the product prompted to upgrade and install the latest iTunes 10.6 as well.
Once run after the installation a very nice welcome screen is show to educate you on the 3 main application functions:
I will now go in depth for each function or task.
Before we dive into each task in the application a quick review of the all important Preferences which can be important to configure. Access the Preferences in the application menu:
The preferences have two sections, “General” and “Lock Screen”. It is important to use the same Apple ID as configured and authorized in iTunes (Store->Authorize This Computer) on the same machine.
The “Lock Screen” settings provide some nifty features to streamline a custom lock screen wallpaper. Drag and drop a new picture, custom text, and automatic user images from the directory service connected. This can only be applied to Supervised devices.
Tip: Reclick on the “Lock Screen” tab to update the wallpaper rendering.
Click on the Prepare icon.
Tip: If you have any devices connected to the Mac, you will see a number indicator on the upper-right of the Prepare icon.
The Prepare screen has two sections, “Settings” and “Apps”. The Settings screen provides the following:
Name: Device name that will be set. Defaults to a “No change”. You have the option to start at any number, just enter one, and click on the Number sequentially tick box. Here I entered 5 for example and have 3 devices connected.
Supervision: Set this to OFF if you want to configure a device once. Set it to ON if you want to reapply a configuration repeatable, and also bring the device to a known state every time it is connected. We will go into more of this in the next section.
iOS: Defaults to Latest, so you can upgrade automatically. You can choose Other, and point to a .ipsw file. The application will download the latest .ipsw automatically for every device type connected if Supervision is used.
Tip: This could be handy if you want to install a new Beta iOS. If you selected Supervision OFF, you can also select No Change. This doesn’t appear to be possible with Supervision ON.
If you are not installing a fresh iOS release, you can select “Erase all contents and settings”.
Restore: To install a backup to multiple devices choose it from the list. Please note that the “Don’t Restore Backup” when Supervise is ON will still erase all content and settings.
Tip: Set Supervision to OFF, then you can select “Back Up”, if you want to back up a connected device with no Supervision features. Otherwise you need to configure a Supervised device first. iTunes backups can also be used for un-Supervised devices.
Tip: Make a “master” device with the iOS Setup Assistant already completed, and you can then use the Prepare function with Supervise OFF to setup multiple devices with the same backup and let it install the same profiles and application on each one.
Profiles: Here you can import an existing .mobileprofile file created previous with iPCU or “Create new Profile” right in the Apple Configurator. The v1.0 version has all the same iPCU settings as in the recent new v3.5 version. See my previous article on that here. You can also Export the profiles you have listed.
Apps: In the “Apps” section you can browse or drag’n’drop .ipa files (for example from Home->Music->iTunes->iTunes Media->Mobile Applications if you transferred purchases from a device or a in-house developed application from Xcode).
If you add an application that is not free of charge or in-house developed a prompt for the Apple Volume Purchase Program (VPP) voucher codes will appear:
Please note that the VPP program is still not available for all countries and requires enrollment (businesses must have a DUNS number).
Dismiss the prompt(s) and review the applications you may have added:
You can then click on the “0” icon and import your VPP vouchers purchased for the selected AppStore application. The spreadsheets can be downloaded with your VPP account at any time from http://vpp.itunes.apple.com.
Once you have imported your codes, the number will decrement as the codes are used on the devices and you can track on which device they have been used on.
Click on the Prepare apply icon at the bottom of the screen when you are ready to start!
After an “are you sure” prompt, all the connected devices connected through USB will be updated and you can visually see their progress status:
Any issues will be marked, and successfully completion shown:
After you have Prepared your devices and have set the Supervise setting to ON, you can further manage them within the Supervise icon:
You can create groups and drag the devices into these groups. You can also add additional apps to the devices/groups:
If you have installed paid-for Apps and uploaded the VPP .CSV spreadsheet with codes, you can track and see which devices are using which codes and how many you have left:
But the really-really cool thing is if you remove the checkmark in-front of an app, that is a paid app installed with a VPP code, that the redemption code count goes back UP, and you can reinstall the paid app on another Supervised device!
Last but at least of the 3 functions in the product, is the “Assign” function. Here you can facilitate a check in and check out process to your Supervised devices, where the users’ data is left intact – think Windows roaming profiles.
Here you can add users and groups (even from a connected directory service) and drag and drop users in those groups.
You can assign and install documents to be used be specific users or a group of users. Click on the “+” symbol at the bottom of the 3rd panel, and choose the appropriate application that is installed on the device: (mine has several options since I imported a large number of apps, only those that support iTunes file sharing are supported)
Then browse to the files you want to be placed on each device the users are assigned to and the document is now associated with the user and will be installed when a device is check out to that user.
When you are ready to assign and check out devices to users, click on the “Check Out” at the bottom and pair the users to the available devices. When complete click on “Check Out”:
When users return the devices, and you wish the check in the devices again, attach them to the machine running the Apple Configurator and click on the user and click on “Check In” at the bottom. It will now transfer the files and any changes to those files that the user had made into a backup, so upon the next check out the files can be restored:
Unless you specified a backup in the Prepare stage as part of the device’s Supervise configuration the user data will remain on the device until you check out the device to another user.
Using a Supervised Device
A quick verification on the Supervised device shows that the lock screen indeed has been set as configured:
It is clear that the Apple Configurator tool provides a self-signed certificate, and places a Profile on each device that is Supervised. Of more concern is perhaps that the machine running Apple Configurator and it’s Network MAC address is part of the certificate signature:
It is also clear that the disabled iTunes tethering does work, and here is the prompt I received when trying to tether the Supervised iPad to my iTunes 10.6 installation:
Another useful feature in the application when in the Supervise function is to provide detailed asset information from the Supervised devices into a .CSV file:
In the scenario where you have users checking in and our devices, you could lock the device with profile settings so the AppStore and other functions are disabled. You would maintain the apps and the VPP codes used on all the devices in a contained environment. There would also be no need for individual Apple IDs for each user, unless they are using iTunes, and other apps that require it.
As with most new v1 applications there may be some bugs and steps to hash out.
I got some of these prompts while importing apps:
There is no detailed logging to see exactly which iOS apps are at fault in various stages in the application. You may have to guess or perform a process of illumination.
If this example I added a document to Adobe Reader, which isn’t present on the selected device:
As with any device management system, the local database that the Apple Configurator uses is critical to your long term usage of the product. You should properly back up the Mac you use to manage all of your devices regularly.
Specifically this paragraph in the http://support.apple.com/kb/HT5188 support article stats this:
"If you lose the Apple Configurator database, your users will retain rights to use the apps already installed on devices, and you can reimport any spreadsheets to install additional apps on devices using unredeemed codes. But if an app is deleted from a device after you lose the database, Apple Configurator will be unable to determine the device’s rights to that app, and you will need to redeem another code in order to reinstall the app."
I’m also wondering about the self-signed certificates that the devices have been setup with and assume they would have to be re-Prepared if moved to another machine running Apple Configurator.
I think Apple definitely has up the ante on the management features they provide. Above the beyond the Profile Manager features released in Mac OS X Server, and those found in Xcode, iTunes and iPCU.
It still lacks some of the larger scale enterprise features found in the various Mobile Device Management (MDM) products on the market (such as self-service Enterprise App Store, active monitoring etc), or a Exchange ActiveSync remote wipe. So it really depends on your requirements (and money budget). It could easily make sense for a small to medium sized iOS device deployment and management within a single facility.
Also if you have an educational or training type setup with a secure cart (as found from Bretford, Parat, Tribeam, or Datamation, etc) with a USB hub and connected MacBook, you can easily manage a cart full of devices with the Apple Configurator and the basic features that it can currently provide.
But if you have a larger deployment, and more dispersed geographic area, with additional security requirements and processes around it, I would highly suggest looking at a more full fledged MDM solution. The majority can be found here in a nice public comparison: http://enterpriseios.com/wiki/Comparison_MDM_Providers, although several are still missing.
A hybrid use case could perhaps also work where non-Supervised or Supervised devices also are used with another MDM solution, but more testing is highly recommended.
Now if the special logic used to reuse VPP vouchers from one managed (Supervised) device to another could also be found in the MDM solutions on the market you could have some strong new features.. :-) Also the shared user aspects are a sore spot for many current MDM solutions. It will be interesting to see if some of these new features get carried over.
Here are some further reference points:
Apple Support articles:
HT5185: Apple Configurator: Coordinating device names with labels or slot numbers in carts and racks
HT5188: Apple Configurator: Using Volume Purchase Program (VPP) Redemption Codes
HT5194: Apple Configurator: Backing up and restoring data
Apple Configurator Help Online
Randy Saeks also posted a great 11 minute video walk through here:
- and a nice 17 minute video here that goes more in depth on the Supervision aspects:
The story so far from the Apple sales side (both consumer and enterprise) since 2010:
Interesting numbers from an recent US based corporate survey, which shows a pent up iPad interest and potential sales increase here in Q2:
IDC has some new numbers that show that the Android tablet marketshare will grow and eventually overtake the iOS side by 2016:
Until more and better tablet apps, and management solutions, arrive for the Android tablets, Apple may be in driving seat for a a little while longer.. Depending on the larger OEM activities (think Samsung, Motorola, etc) and pricing I think it may happen sooner than 2016..
There is also the first of it’s kind tablet Enterprise Deployment conference going on in New York on April 27th:
We may see a run on iPads like we have seen in previous new product releases, and rumors are already underway for the next Apple product lunches..
Apple could sell 1 million iPads on first day:
Samsung official: iPad mini is on its way:
The previous iPCU v3.4 utility was released on October 12, 2011 together with the iOS 5 public release. The Configuration Profile Key Reference documentation is not yet updated since October 2011 as well, so it is unclear if iOS 5.1 provides new configuration options, otherwise many of the changes in v3.4 all required iOS 5 on the iOS devices.
The instructions have previously not included a Change Log, so it has been difficult to understand at time what exactly has changed in this tool. This post is a quick walk through to catch the differences between v3.4 and the new v3.5 released last week on March 7, 2012.
After the quick 40Mb download and installation:
The familiar menu and screen layout has remained intact.
#1 – Duplicate functionality
If you are tweaking and making changes to an existing profile for testing, this feature was somehow broken in v3.4, but now works again!
#2 – Passcode Settings
There appears to be new 10 and 15 minute settings for the iPad only. Unconfirmed if iOS 5.1 is required, but I would assume so.
#3 – Restrictions Settings
The only change in restrictions I could see is the “Allow Siri while device locked” setting.
No changes at all appear to be found in the WiFi Settings. I know many have had previous problems with the Proxy settings, so some testing should be performed there..
#4 – VPN Settings
Some additional good news here with the addition of “SonicWALL Mobile Connect” and “Aruba VIA” support that now has been added to the utility.
No other changes seen in the Email, Exchange ActiveSync, LDAP, CalDAV, Subscribed Calendars, CardDAV, Web Clips, or Credentials Settings.
#5 – SCEP Settings
In the SCEP screen there are two new interesting values for “Retires” and “RetryDelay”. Unknown if these have been embedded previously, but now available for tweaking..
#6 – Mobile Device Management Settings
I spotted two new “Apps” options here for MDM usage:
Nothing changed in the APN Settings screen.
All-in-all some fairly minor updates and bug-fixes. With only a hand-full of changes we should still await the official Apple documentation update for additional details so the full understanding can be understood.
It will be interesting to see how and when the various MDM vendors also start to include these new features.
Downloads and Information:
Windows - http://support.apple.com/kb/DL1466
Mac OS X - http://support.apple.com/kb/DL1465
Online help - http://help.apple.com/iosdeployment-ipcu/ (has been updated for the new settings in v3.5)
v3.2 Changes - http://www.apperian.com/iphone-configuration-utility-3-2-released-vpn-features-added (for iOS 4.2)
v3.1 Changes - http://www.apperian.com/technotes/Iphone_Configuration_Utility_3_Tech_Note.html (for iOS 4.1)
Apple Enterprise Utilities:
Next up will be the all new Apple Configurator 1.0 tool when I have some time..
Via smart phones, tablets, mobile sites, business applications and more, the consumerization of IT continues to impact the way employees use technology at work. Many organizations are shifting away from company-issued devices and adopting BYOD (Bring Your Own Device) policies in some form or another, which allow employees to use the mobile technology they’re most familiar with.
BYOD policies, of course, have benefits and drawbacks. While the freedom to choose the device and platform you’re most proficient in can boost productivity and perhaps moral as some say, supporting multiple platforms can be a burden for IT, and security issues are a significant corporate concern.
A smaller survey among 120 IT decision-makers by Brocade sighted increased traffic and BYOD activities were likely with new tablets such as the iPad (3rd Gen), aka iPad 3, and smartphones. Recently with every new device, there is an increasing push to have IT to accept it.
What can you do?
If you are looking at the current BYOD phenomenon for corporate smart phones, tablets or even laptops I believe these multiple factors are important to consider:
- Data Loss Prevention (DLP) – How are you going to protect information that is critical to your business? What is your security requirements? What about devices, platforms, applications, that don’t meet the criteria?
- Support – Are you going to have any supportability to your end-users? Usually IT departments will need to support devices in order to sustain their business requirements. If you don’t offer support, how will your end-users fully benefit and gain the cost savings BYOD may bring?
- Device Management – How can device management assist with any of these factors? What are your software requirements?
- Legal – How will you legally wipe data off a personal device? Is corporate software or services licensed to be used or accessed from personal devices? What are the additional costs?
- Fragmentation – If there are specific mobile OS platforms/devices that will not be supported, what are the processes to reevaluate or look for solutions to fill those gaps? How are you going to keep up to speed on the rapid mobility changes?
- Grouping – Perhaps setting up multiple groupings, based upon defined business boundaries, different or no BYOD policies can be setup and supported. These could include support, security and access policies.
- Costs – Highly recommended to properly research all costs involved. In particular support levels offered, telecom stipends and software licensing.
- Start Small – In any organization, it may be beneficial to start with a smaller pilot, get your “feet wet” and see how things go, make some milestones and then decide on next steps..
As the world is increasingly being driven by mobility in our personal and business lives, many companies, if they haven’t already, will also need to step up and designate resources (Chief Mobility Officers are now a reality) to better understand, research and support these new technologies that are now here to stay..
For additional background information these resources may be of interest:
Mobile Enterprise: Bring Your Own Device: Individual Liable User Policy Considerations - 3/7/2012
InfoWorld: The essential strategy guide on the consumerization of IT – 3/6/2012
Very Quick Survey
Kyle Lagunas of Software Advice is running a quick survey to get a pulse of priorities, challenges and success in rolling out a BYOD policy. I invite you to give a few minutes of your time, and participate anonymously, and I will post the survey results back here: http://blog.softwareadvice.com/articles/hr/take-our-bring-your-own-device-byod-survey-1022112/
More Posts « Previous page
- Next page »