• Follow us

Internet

Apple is making corporate ‘BYOD’ programs less invasive to user privacy – TechCrunch

When people bring their own devices to work or school, they don’t want IT administrators to manage the entire device. But until now, Apple only offered two ways for IT to manage its iOS devices: either device enrollments, which offered device-wide management capabilities to admins or those same device management capabilities combined with an automated setup process. At Apple’s Worldwide Developer Conference last week, the company announced plans to introduce a third method: user enrollments.

This new MDM (mobile device management) enrollment option is meant to better balance the needs of IT to protect sensitive corporate data and manage the software and settings available to users, while at the same time allowing users’ private personal data to remain separate from IT oversight.

According to Apple, when both users’ and IT’s needs are in balance, users are more likely to accept a corporate “bring your own device” (BYOD) program — something that can ultimately save the business money that doesn’t have to be invested in hardware purchases.

The new user enrollments option for MDM has three components: a managed Apple ID that sits alongside the personal ID; cryptographic separation of personal and work data; and a limited set of device-wide management capabilities for IT.

The managed Apple ID will be the user’s work identity on the device, and is created by the admin in either Apple School Manager or Apple Business Manager — depending on whether this is for a school or a business. The user signs into the managed Apple ID during the enrollment process.

From that point forward until the enrollment ends, the company’s managed apps and accounts will use the managed Apple ID’s iCloud account.

Meanwhile, the user’s personal apps and accounts will use the personal Apple ID’s iCloud account, if one is signed into the device.

Third-party apps are then either used in managed or unmanaged modes.

That means users won’t be able to change modes or run the apps in both modes at the same time. However, some of the built-in apps like Notes will be account-based, meaning the app will use the appropriate Apple ID — either the managed one or personal — depending on which account they’re operating on at the time.

To separate work data from personal, iOS will create a managed APFS volume at the time of the enrollment. The volume uses separate cryptographic keys which are destroyed along with the volume itself when the enrollment period ends. (iOS had always removed the managed data when the enrollment ends, but this is a cryptographic backstop just in case anything were to go wrong during unenrollment, the company explained.)

The managed volume will host the local data stored by any managed third-party apps along with the managed data from the Notes app. It also will house a managed keychain that stores secure items like passwords and certificates; the authentication credentials for managed accounts; and mail attachments and full email bodies.

The system volume does host a central database for mail, including some metadata and five line previews, but this is removed as well when the enrollment ends.

Users’ personal apps and their data can’t be managed by the IT admin, so they’re never at risk of having their data read or erased.

And unlike device enrollments, user enrollments don’t provide a UDID or any other persistent identifier to the admin. Instead, it creates a new identifier called the “enrollment ID.” This identifier is used in communication with the MDM server for all communications and is destroyed when enrollment ends.

Apple also noted that one of the big reasons users fear corporate BYOD programs is because they think the IT admin will erase their entire device when the enrollment ends — including their personal apps and data.

To address this concern, the MDM queries can only return the managed results.

In practice, that means IT can’t even find out what personal apps are installed on the device — something that can feel like an invasion of privacy to end users. (This feature will be offered for device enrollments, too.) And because IT doesn’t know which personal apps are installed, it also can’t restrict certain apps’ use.

User enrollments will also not support the “erase device” command — and they don’t have to, because IT will know the sensitive data and emails are gone. There’s no need for a full device wipe.

Similarly, the Exchange Server can’t send its remote wipe command — just the account-only remote wipe to remove the managed data.

Another new feature related to user enrollments is how traffic for managed accounts is guided through the corporate VPN. Using the per-app VPN feature, traffic from the Mail, Contacts and Calendars built-in apps will only go through the VPN if the domains match that of the business. For example, mail.acme.com can pass through the VPN, but not mail.aol.com. In other words, the user’s personal mail remains private.

This addresses what has been an ongoing concern about how some MDM solutions operate — routing traffic through a corporate proxy meant the business could see the employees’ personal emails, social networking accounts and other private information.

User enrollments also only enforces a six-digit non-simple passcode, as the MDM server can’t help users by clearing the past code if the user forgets it.

Some today advise users to not accept BYOD MDM policies because of the impact to personal privacy. While a business has every right to manage and wipe its own apps and data, IT has overstepped with some of its remote management capabilities — including its ability to erase entire devices, access personal data, track a phone’s location, restrict personal use of apps and more.

Apple’s MDM policies haven’t included GPS tracking, however, nor does this new option.

Apple’s new policy is a step toward a better balance of concerns, but will require that users understand the nuances of these more technical details — which they may not.

That user education will come down to the businesses that insist on these MDM policies to begin with — they will need to establish their own documentation, explainers, and establish new privacy policies with their employees that detail what sort of data they can and cannot access, as well as what sort of control they have over corporate devices.

Read More



Leave A Comment

More News

ITProPortal

Foxconn president resigns to run for office 2019-06-21 08:00:29He wants to focus on his presidential campaign.

Google confirms it's leaving the tablet business 2019-06-21 07:58:09It's throwing everything it has into the laptop business.

US city votes to pay ransomware demand 2019-06-21 07:30:31Riviera Beach can't catch a break.

iPaaS: The true digital transformation enabler 2019-06-21 07:00:33At the heart of any digital transformation project is the same principle – getting access to data and managing that data effectively.

5G can help start ups compete better 2019-06-21 06:30:585G could give birth to a whole new wave of start-up businesses, who would leverage the technology to compete better against well-established players i

Leaked passwords are only the tip of the 2019-06-21 06:30:45The true cause of the problem isn’t what one company does or doesn’t do with their security, but the underlying premise that personally id

The rise of voice commerce 2019-06-21 06:00:46This is a burgeoning trend that could be a huge market in the very near future.

IT issues creating workplace "black hole" 2019-06-21 06:00:33Employees are losing hours fixing stuff around the office.

GDPR compliance: is your business at risk of 2019-06-21 05:30:57Since the introduction of GDPR last year, small businesses have faced increased pressure to develop and alter their existing policies in line with the

How continuous deployment can help you keep pace 2019-06-21 05:00:10With every company now a software company, here's how continuous deployment makes you stand out from the crowd.

Keeping up with digital transformation: Is your ERP 2019-06-21 04:30:46Digital transformation need not be a scary term, but the foundation of your ERP strategy.

Why the jewellery sector is in major need 2019-06-21 04:00:07How blockchain and modern technology has helped to change the way the sector is functioning.

TechRadar: Internet news

Jamaica vs USA live stream: how to watch 2019-07-03 18:41:42Reggae Boyz out to make their third consecutive Gold Cup final as they face the USMNT. Check out our Jamaica vs USA live stream guide for all your wat

Symantec reportedly in Broadcom takeover talks 2019-07-03 17:04:33Broadcom may be looking at Symantec deal following last year's CA Technologies acquisition

Chile vs Peru live stream: how to watch 2019-07-03 16:56:12Who will win the 'Pacific derby' and join Brazil in the 2019 Copa América final? Check out our guide for your Chile vs Peru live stream.

Parallels and Winzip developer Corel acquired 2019-07-03 16:47:45Investment equity firm KKR snaps up Corel less than one year after Parallels deak.

The best VR laptops: these notebooks are ready 2019-07-03 16:24:29Don't have room for a VR gaming PC in the house? Then you're going to need a powerful laptop.

Copa América 2019 live stream: how to watch 2019-07-03 15:51:00The last four in Brazil and a classic encounter beckons. Read our guide for your 2019 Copa América live stream options as we enter the semi-fin

The best gaming monitor 2019: the 10 best 2019-07-03 15:49:44With the best gaming monitors, your games will come alive in ways you can’t even imagine.

The best Chromebooks 2019 2019-07-03 15:33:50We've searched far and wide for the best Chromebooks you can buy, always up to date and thoroughly tested.

The best PC gaming headsets 2019 2019-07-03 15:20:26The best gaming headset brings your game audio to life and won't cramp your ears after long play sessions. Here are the top 15 headsets we've tested

Netherlands vs Sweden live stream: how to watch 2019-07-03 14:58:58It's all or nothing in the second 2019 FIFA Women's World Cup semi-final. Don't miss a kick with our Netherlands vs Sweden live stream guide.

Best gaming laptops 2019: the 10 top gaming 2019-07-03 14:40:15The best gaming laptops you can buy, always up to date with the latest hardware configurations.

Popular cloud storage app hides a rather nasty 2019-07-03 14:35:43Upstream has blocked over 114m suspicious mobile transactions.

Enterprise – TechCrunch

Equinix and Singapore’s GIC will launch a $1 2019-07-02 00:20:35Equinix, one of the world’s largest data center companies, announced that it will form a $1 billion joint venture with GIC, Singapore’s so

Video platform Kaltura adds advanced analytics 2019-07-01 15:15:26You may not be familiar with Kaltura‘s name, but chances are you’ve used the company’s video platform at some point or another, give

We’ll talk even more Kubernetes at TC Sessions: 2019-07-01 12:00:58You can’t go to an enterprise conference these days without talking containers — and specifically the Kubernetes container management syst

Tara.ai, which uses machine learning to spec out 2019-07-01 06:09:59Artificial intelligence has become an increasingly important component of how a lot of technology works; now it’s also being applied to how tech

Enterprise SaaS revenue hits $100B run rate, led 2019-06-28 11:48:44In its most recent report, Synergy Research, a company that monitors cloud marketshare, found that enterprise SaaS revenue passed the $100 billion run

We’re talking Kubernetes at TC Sessions: Enterprise with 2019-06-27 12:48:01Over the past five years, Kubernetes has grown from a project inside of Google to an open source powerhouse with an ecosystem of products and services

Fellow raises $6.5M to help make managers better 2019-06-27 11:21:30Managing people is perhaps the most challenging thing most people will have to learn in the course of their professional lives – especially beca

Fungible raises $200 million led by SoftBank Vision 2019-06-27 11:00:24Fungible, a startup that wants to help data centers cope with the increasingly massive amounts of data produced by new technologies, has raised a $200

Cathay Innovation leads Laiye’s $35M round to bet 2019-06-27 10:22:46For many years, the boom and bust of China’s tech landscape have centered around consumer-facing products. As this space gets filled by Baidu, A

Amperity update gives customers more control over Customer 2019-06-27 09:03:26The Customer Data Platform (CDP) has certainly been getting a lot of attention in marketing software circles over the last year as big dawgs like Sale

Bright Machines wants to put AI-driven automation in 2019-06-26 11:16:00There’s a mythology around today’s factories that says everything is automated by robotics, and while there is some truth to that, it&rsqu

Vulcan Cyber announces $10M Series A to automate 2019-06-26 09:20:42Many software vulnerabilities are already known, and vendors have even issued patches, but the problem is there are so many patches that it’s of


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.