Apple Recognized Mobile Technical Expert (MTC)
One of the biggest issues with managing the BYOD (Bring Your Own Device) dilemma is to track and control access to corporate and private networks. Because BYODs do not have LAN ports, and the cellular technologies that drive them are not designed for corporate access, the optimal method for connecting devices to the corporate network is Wi-Fi™. A Wi-Fi™ connection is also highly reliable and delivers speed that users crave. Unlike guest access, which frequently uses an open, insecure wireless network, the potential sensitivity of BYOD (Bring Your Own Device) requires that it utilize a secure wireless protocol, most commonly WPA2-Enterprise. WPA2-Enterprise is the only level of wireless security that provides all three forms of wireless security:
• Over-The-Air encryption, to ensure traffic is protected in transit,
• User Authentication, to ensure an authorized user is accessing the network, and
• Network Authentication, to ensure the user is connecting to the real network (and not an evil twin network).
In addition to its fundamental architectural security controls, iOS also includes basic security features that users can configure themselves or employers can manage through policies:
- Device PIN or Passcode: The most basic security for any device, iOS supports either a simple 4-digit PIN or full alphanumeric passphrase. Either way they tie into the Data Drotection and device wipe features.
- Passcode Wipe: When a PIN or passphrase is set, if the code is entered incorrectly enough times the device can erase all user data (this is based on the encryption features discussed next).
- Remote Wipe: iOS supports remote wipe via Find My iPhone and Exchange ActiveSync. Of course the device must be accessible on the Internet to receive the wipe command.
- Geolocation: The device’s physical location can be tracked using location services, which are part of Find My iPhone and can be incorporated into third-party applications.
- VPN and on-demand VPN: Virtual private networks can be activated manually or automatically when the device accesses any network service. (Not all VPNs support on-demand connection.)
- Configuration Profiles: Many of the security features, especially those used in enterprise environments, can be managed using profiles installed on the device. These include options far beyond those available to consumers configuring iOS casually, such as restricting which applications and activities the user can access on the phone or tablet.
These are the core features we will build on as we discuss enterprise management.