MDM
Latest
JAMF Software's Bushel: Mobile device management without an IT department
Take a look at almost Apple-based business today and you'll find that the mix of devices is vastly different from just a few years ago. Instead of just PCs, Macs and printers, companies big and small now have an entirely new breed of devices - those that run iOS - to contend with. Managing those devices with a Mobile Device Management (MDM) solution can be both costly and require an IT department for support, so many small companies and schools just do without. JAMF Software today unveiled Bushel, a cloud-based service designed to bring MDM to any organization easily and inexpensively. By pointing an OS X or iOS device to the Bushel website and logging in, a device can be entrolled into a "bushel" or collection of devices automatically. Immediately information about the devices is captured and placed into the bushel - device name, serial numbers, installed OS, status of the device, how much storage is available, and settings. Need a list of devices for insurance or tax purposes? Bushel will kick out a CSV file that can be imported into QuickBooks. Rather than having users fumble around trying to set up their own apps and email or hiring a consultant to do the work, Bushel can automatically configure email on all of the devices and also distribute apps to each device. If a school system, for example, purchases apps through Apple's Volume Purchasing Program (VPP), they can not only save money, but app distribution is simplified through Bushel. If a device is lost or stolen, or becomes property of an employee, those apps can automatically be removed and the licenses used elsewhere. One of the more powerful features is the ability to use Bushel to require devices to have passcodes and also control the amount of time before locking the device. Devices can be remotely locked, unlocked or wiped using Bushel, and Bushel can even be used to enable FileVault 2 on Macs. Best of all, the Bushel portal can be accessed from any device, whether it's an iPod touch or a Mac Pro. The service is free forever for up to three devices, then just $2 per month per device once additional devices are added. TUAW will have a complete review of Bushel in the near future.
iOS 7: Benefits to business and enterprise
Ask IT managers and CIOs serving large organizations "What keeps you up at night?" After they get over their cold sweats from considering public security breaches or datacenter meltdowns, they'll probably come around to the rapid, relentless pace of change in the technology ecosystems they're running. Nowhere is that speedy spin cycle more frenetic than in mobile and portable computing, where the "consumerization of IT" driven by bring-your-own-device policies and the radical popularity of iOS and Android has completely overturned the pecking order (as recently as five years ago, Blackberry above all). Apple's story for iOS in the enterprise has been one of incredibly fast uptake, especially considering the usual cycle for upgrades and new platform rollouts. In many ways, that rapid adoption was in spite of Apple's traditional arm's-length relationship with enterprise customers, compared to the tight ties with vendors like Dell and IBM. Over the iOS lifecycle, however, more and more sophisticated features for management and security have helped to make the challenge of enterprise support easier and easier. Aside from Exchange ActiveSync support, introduced in "iPhone OS 2.0" back in 2008, the single biggest piece of the enterprise puzzle is probably mobile device management (MDM). The inclusion of MDM "hooks" in iOS means that enterprise managers can control device configurations (networking, mail, VPN and more) and keep track of their deployed fleet. Apple offers its own core MDM tool as part of OS X Server, but most organizations of scale find themselves turning to third parties for their MDM solutions. There are several pieces of good news in iOS 7 regarding MDM. First of all, many of the major ISVs have announced day-one support for the new operating system: AirWatch, MobileIron, Maas360 and JAMF's Casper are all compatible right away (you can see the full matrix of supported MDM tools at Enterprise iOS). Second, Apple has added many, many more hooks into the MDM toolkit on iOS 7. Want to manage AirPrint printer destinations, or even AirPlay-enabled Apple TVs? Can do, in iOS 7 MDM. Install apps silently, push app configuration settings, or even preset a fleet of purchased devices to auto-enroll in your MDM when employees take them out of the box? It's in there. What else do enterprise managers of iOS device fleets have to look forward to in iOS 7? Apple's brief rundown of iOS 7's business-facing features hits many of the highlights; let's dive into a few of them here. App Store license management. Ever since the App Store launched in the summer of 2008, the process of buying and assigning iOS apps to corporate users has been fraught with difficulty. Until the Volume Purchasing Program launched three years later (!), the best/only way to manage this process was via gifting, or having employees expense personal purchases. Those apps, and their sunk costs, would also walk out the door if the employee left the company. No more -- now the VPP can deliver licenses rather than download codes, and the apps are company-owned. If an employee leaves, the license and the app can be deactivated and redeployed. (Mac apps and iBooks are also now available for volume purchase.) Enterprise SSO. Single sign-on implementations are common in enterprise, but were tricky to deal with on mobile. Now iOS 7 allows apps to work with the system-level SSO capability, meaning that business users (with the proper back-end and app support) can enter their corporate credentials once and use multiple apps without reauthentication. Multiple levels of in-app data encryption for third party apps. Application data can now be automatically encrypted until the first time a user passcode is successfully entered after a device reboot; optionally, developers can flag apps to re-encrypt the data when the phone locks. Managed Open In. Want your employees to open their email attachments in a specific, managed application rather than willy-nilly in whatever iSharedThis app of the month they choose? The option now exists to limit the range of the share sheets for corporate data. I can see this being a valuable tool in highly secure and regulated enviroments, and a huge annoyance/productivity killer most everywhere else. Per App VPN. Virtual Private Networking is an essential piece of the enterprise ecosystem, but until now it was either all on or all off on iOS -- when on, all network traffic funneled through the corporate concentrator. Now, MDM admins can define which apps should use the VPN connection, and which ones can simply go straight to the Internet. One of the business-friendly features that was rumored for iOS 7, LinkedIn system-level integration, actually is not present in the 7.0 release -- it may make an appearance at a later date. Below, a rather remarkable alt-universe version of Apple's iOS 7/iPhone 5s announcement (courtesy of enterprise iOS and Moovweb) imagines what could have been if all the enterprise features had been front and center. You can read more about the enterprise features of iOS 7 in Craig Johnston's thorough rundown for iMore.
Apple details iOS 7's improved business credentials
While iOS already has a place in the corporate world, that spot isn't guaranteed when there's competition with both a renewed BlackBerry and Samsung's Knox. Accordingly, Apple isn't leaving anything to chance: it just posted a page explaining the business-friendly iOS 7 features that it teased at WWDC. The biggest improvements for end users may be enterprise single sign-on and per app VPN, both of which will save hassles when launching work apps. IT managers should have it easier as well -- iOS devices can join Mobile Device Management as soon as they're activated, and a company can assign apps to individual users without losing control. There's considerably more features than we can list here, but it's clear from a cursory glimpse that Apple likes its foothold in the enterprise.
TUAW and MacTech interview: Fiberlink
Fiberlink makes a range of business management tools for devices (company iPhones and Macs and the like) and documents. In this video, Neil Ticktin (Editor-in-Chief, MacTech Magazine) interviews Jatin Malik of Fiberlink at WWDC 2012. Jatin was kind enough to share his thoughts on the announcements on WWDC, and how it will affect Fiberlink's plans moving forward.
Apple mysteriously kills jailbreak detection API while hacker boosts iOS security, irony restored
It's no secret that Apple's been keen to monitor the lot of naughty jailbreakers, but it turns out the company has recently shelved iOS 4.0's jailbreak detection API with no explanation given. While this has little effect on the average user, Network World explains that this is bad news for enterprise IT and MDM (mobile device management) vendors, who will now have one fewer channel for checking whether a user's iOS device has been jailbroken and thus become vulnerable to attacks. That said, apparently this isn't a huge loss for the MDM vendors, anyway; but the real question is why drop the API now? Could its presence alone be a threat? We'll probably never know. Fear not, though, as some folks have put jailbreaking to good use. The Register reports that come Tuesday, Stefan Esser of Sektion Eins will demonstrate a tool called antid0te, which reportedly adds ASLR (address space layout randomization) onto jailbroken iOS devices. In a nutshell, ASLR randomizes key memory locations to make it more difficult for certain attacks to locate their target data. According to the famed white hat hacker Charlie Miller, this technique is already present on Windows Phone 7 and desktop Windows since Vista, but Apple's only dabbled with it on OS X and not on iOS. Now, this doesn't mean that jailbroken devices will be fully safeguarded, but some protection is better than no protection, right? [Thanks, wooba]
