Apple WWDC2014 : iOS8 Deeper in the Mobile Enterprise : mSeclabs Mobile Security

Apple’s WWDC keynote was an interesting mix of user-oriented features
and developer-focused announcements. Apple introduced a number of
revolutionary advances described during the event that stretch across
the consumer, enterprise IT, and developer spheres. One of the big
questions is what happens when the consumer and enterprise spheres
intersect, as they are certain to do in a world where iOS is the
dominant mobile OS in the enterprise and where Apple is continuing to
push for integration between its mobile, desktop, and cloud platforms.
That’s a particularly big concern when you consider functionality
announced today like Continuity, a series of technologies that allow
users to begin a task on one device, like an iPhone, continue it on
another, like a Mac, and then finish it on the original device or even
on a third or fourth device like an iPad or another Mac; or iCloud
Drive, which is effectively Apple response to services like Box,
Dropbox, and Google Drive.


HomeKit and HealthKit


In breaking down Apple’s consumer announcements, let’s start with the ones two features that are standout


announcements. HomeKit is the new platform for home automation that
Apple has developed with partners who are already providing smart or
connected in-home products like lightbulbs, switches, and locks.
HealthKit and the new Health app make up the new platform for Apple’s
health data aggregation and optional sharing with healthcare providers,
which we’ll be taking an in-depth look at later this week. Both
platforms rely on a variety of technologies to integrate very personal
information and functionality — your home and your health. Although
neither has an immediate enterprise impact, they do make an iPhone (or
other iOS device) much more personal than ever before. This does have
some enterprise implications. In a BYOD context this is guaranteed to
create more user concern about what information an employer or IT
professional can see or access on a managed device. With full access, an
employer or coworker could unlock someone’s home or access sensitive
medical data. That said, I’m sure that Apple has designed these features
such that IT wouldn’t have the ability to access private employee data.
Even in iOS 7, Apple has done a good job of creating a boundary that
protects user privacy — iOS 7′s app licensing functionality practically
bends over backward to protect user privacy. The big challenge here is
for IT to communicate this to every BYOD user. A second challenge is
that a complete remote wipe of a device would wipe out all this data.
That could leave a person locked out of their own home and could prevent
critical health details from being recorded or acted upon. Ideally, the
policy with iOS 8 will be to only wipe corporate data in any event. If a
full wipe remains the policy, then IT absolutely must let users know
this before allowing personally owned devices to be managed, even though
that might tempt users to use personal unmanaged devices in the
workplace without IT’s knowledge.


New “Shadow IT” temptations


In addition to HomeKit and HealthKit, there are several other new
iOS, OS X, and iCloud features that are likely to create or exacerbate
what is often called the “Dropbox problem” — the ability for employees
to use personal devices and services to work with corporate data,
because they’re so much easier to use than the tools IT provides.







Full article on mSeclabs Website Apple WWDC2014 : iOS8 Deeper in the Mobile Enterprise : mSeclabs Mobile Security