What iOS 8, OS X Yosemite, and iCloud Drive will mean in the enterprise

federighi enterprise 100309235 primary.idge

[Editor's note: This article originally appeared on CITEworld.]

Apple’s WWDC keynote was an interesting mix of user-oriented features and developer-focused announcements. While Apple didn’t announce any new hardware (as some Wall Street pundits might have liked), Apple never does at WWDC: this is a software-focused event for develpers. The fact is, Apple introduced a number of revolutionary advances described during the event that stretch across the consumer, enterprise IT, and developer spheres.

One of the big questions is what happens when the consumer and enterprise spheres intersect, as they are certain to do in a world where iOS is the dominant mobile OS in the enterprise and where Apple is continuing to push for integration between its mobile, desktop, and cloud platforms.

That’s a particularly big concern when you consider functionality announced like Continuity, a series of technologies that allow users to begin a task on one device, like an iPhone, continue it on another, like a Mac, and then finish it on the original device or even on a third or fourth device like an iPad or another Mac; or iCloud Drive, which is effectively Apple's response to services like Box, Dropbox, and Google Drive.

HomeKit and HealthKit

In breaking down Apple’s consumer announcements, let’s start with two features that were standout announcements.

HealthKit and the new Health app make up the new platform for Apple’s health data aggregation and optional sharing with healthcare providers.

Both platforms rely on a variety of technologies to integrate very personal information and functionality—your home and your health. Although neither has an immediate enterprise impact, they do make an iPhone (or other iOS device) much more personal than ever before.

This does have some enterprise implications. In a BYOD context this is guaranteed to create more user concern about what information an employer or IT professional can see or access on a managed device. With full access, an employer or coworker could unlock someone’s home or access sensitive medical data. That said, I’m sure that Apple has designed these features such that IT wouldn’t have the ability to access private employee data. Even in iOS 7, Apple has done a good job of creating a boundary that protects user privacy—iOS 7’s app licensing functionality practically bends over backward to protect user privacy.

The big challenge here is for IT to communicate this to every BYOD user.

A second challenge is that a complete remote wipe of a device would wipe out all this data. That could leave a person locked out of their own home and could prevent critical health details from being recorded or acted upon.

Ideally, the policy with iOS 8 will be to only wipe corporate data in any event. If a full wipe remains the policy, then IT absolutely must let users know this before allowing personally owned devices to be managed, even though that might tempt users to use personal unmanaged devices in the workplace without IT’s knowledge.

New “Shadow IT” temptations

In addition to HomeKit and HealthKit, there are several other new iOS, OS X, and iCloud features that are likely to create or exacerbate what is often called the “Dropbox problem”—the ability for employees to use personal devices and services to work with corporate data, because they’re so much easier to use than the tools IT provides.

Here’s a rundown:

iCloud Drive and Mail Drop: iCloud Drive is a big addition to iOS, OS X, and the Web-based iCloud interface. Mail Drop, which automatically loads large attachments into a user’s iCloud account and then emails a link to them, is a welcome addition to iCloud.

The functionality isn’t exactly new—Dropbox and other companies have offered similar services to consumers and businesses for quite some time. But on a consumer or end-user level, these really expand the capabilities of iCloud and they are going to be more integrated into Apple’s OSes than third-party solutions, which means they are more likely to be used both intentionally and unintentionally.

The more Apple integrates iCloud into the iOS and Mac experience, the more automatic it will become for users in a way that third-party apps aren’t. That’s great for users, but it creates greater concerns for enterprise IT because it encourages data creep into personal services. Mail Drop, as both a cloud solution and an email solution, is particularly concerning because any large business document or file may inadvertently be stored in a user’s iCloud account without the sender or the recipient even realizing it.

AirDrop between iOS and OS X: We really should’ve seen this a year ago.

AirDrop is a powerful technology that uses Apple’s auto-detection features to perform direct transfers of content between nearby devices without need for configuration or even being connected to the same Wi-Fi networks. As I wrote last year when Apple introduced AirDrop for iOS, it is an amazing solution for impromptu sharing of information—contacts, photos, URLs, and other content.

The iOS version didn’t live up to the full file-sharing capabilities of the Mac version, which seems likely to change now that the two are being integrated together. At the same time, the concerns I raised last summer about making sure you’re sending information to the correct person and avoiding sharing sensitive content altogether still apply.

Handoff: Handoff is a natural extension of AirDrop and the nascent cross-device sharing that Apple introduced in iOS 7 and Mavericks, mostly visible in the Mac version of Apple’s Maps and its ability to send directions to a device like an iPhone. Apple has clearly ramped up that cross-device functionality to new heights in iOS 8 and OS X Yosemite.

From a user perspective, Handoff is a massive leap forward in usability for people with multiple Apple products. Start a task on the way into the office on your phone, finish it when you get to your desk and open your MacBook Air.

The concern, however, is that the functionality, like many Apple technologies, appears to be largely managed by your Apple ID. That means that in addition to handoff working on your work devices, it’s almost certain to work from your work or BYOD devices like your iPhone and your family iMac at home, or an iPad shared by you and your kids. Simply put, it’s another core Apple feature that makes it easy for work and personal data to mix on both work and personal devices, creating data sprawl, security, and accountability challenges.

Auto-Hotspot: This is a road warrior’s dream. Say you have Wi-Fi at your hotel—or worse, bad and overpriced Wi-Fi. You can tether all your Apple devices together and share your LTE connection. On the face of it, there are security concerns here since work data may flow through non-work devices, but they ought to be manageable using VPNs (including iOS per-app VPN). Contrary to initial impression, this should increase data security because it will encourage users not to use and or every open and public Wi-Fi network they can find if properly configured. The one challenge, however, is the potential for exceeding data caps and burning through monthly allotments of data in short order.

iOS app extensions: Apple is finally giving developers mechanisms, known as extensions, to allow inter-app communication and data sharing. The method leverages the sandboxing that has always been at the heart of the iOS app design architecture. That means that the functionality should be fairly secure.

A real enterprise concern, however, is how well this plays with data leakage protection and containerization solutions, including Apple’s own Managed Open In framework. Demos of extensions during the keynote including the ability for apps to add options to the iOS share sheets of other apps. Presumably, Apple will offer some EMM capabilities to limit this functionality—likely basing it on whether apps are managed or unmanaged, the key trigger for Managed Open In as implemented in iOS 7.

Text and call relaying from iOS devices to Macs: This is definitely an incredible feature with a lot of benefits, including caller ID on your Mac, initiating calls on various devices, and easy response to texts across devices. One of the big questions is how—or even if—this will interact with unified communication, VOIP, or even older PBX systems in place at many offices. For small businesses, however, this will add much of that type of functionality at very little cost.

iOS messaging enhancements: The iOS Messages app is getting a whole range of new functionality in iOS 8 including support for voice and video messages as well as the ability to share additional data—including location data—as part of messages. It also offers options for group message threads, like a do not disturb setting and the ability to remove oneself from a given thread.

There is some security concern here because it makes sharing of sensitive data possible through a new vector, but it really doesn’t introduce a dramatic alteration of what’s possible in past iOS releases.

Markup: Markup is a feature designed for OS X that lets users easily highlight and annotate content for other users. This actually has a fair amount of potential for improving collaboration and the concept isn’t revolutionary by any stretch—Microsoft Office supports Track Changes and comments and there are a number of options for annotating PDFs for example. Building these features into the OS could help collaboration.

iOS 8’s Notification Center widgets and gesture responses: Apple is finally opening up the iOS Notification Center to third parties, which will likely mean a deluge of new widgets. The company is also making it easier to respond to notifications using gestures—you can accept a meeting invitation without needing to launch the Calendar app for example. Generally speaking, this is a productivity booster and it’ll be interesting to see how companies adapt enterprise apps to take advantage of these features.

The one area of concern is the ability to respond to notifications and widgets while a device is locked, which could compromise data security for lost and stolen devices. Apple already offers an MDM option to disable lock screen access to Notification Center, however, meaning this likely won’t be a major area of concern.

No-touch access to Siri: Apple seems to be following the trend of allowing voice recognition to occur hands-free with iOS 8, allowing for an always-on iteration of Siri that listens for “Hey, Siri.” That could open up concerns related to sensitive data like protected health or financial information or confidential commercials details if Siri is indeed listening in the background, but the extent of the concerns will be determined by exactly how Apple implements the technology.

App Store bundles: One big App Store change for both consumers and developers is that developers can now create app bundles—packages of multiple apps offered at discount pricing because they’re bought as a single purchase. This could be a boon for mass deployments of a suite of apps from a single developer for enterprises and particularly in the education market.

The question here is whether Apple will implement this functionality along with its existing enterprise/education app licensing programs. If so, will organizations be required to assign individual apps from a bundle to separate users or will they need to assign the entire bundle to a user?

End-user access to beta/preview releases: Apple announced its AppleSeed program that allows consumers access to beta and preview releases of its OSes and software earlier this year. The big challenge here is that you’re talking about allowing untested, and potentially unsecure, releases into an enterprise environment. That poses security issues as well as user support issues.

So far, however, Apple seems more focused on delivering OS X releases trough the program rather than pre-release versions of iOS. Given that enterprise Macs are typically managed more tightly than iOS devices and users are rarely allowed admin rights to them, this isn’t likely to be a huge problem at this point.

New enterprise features

Apple also used the keynote to highlight some new enterprise-focused features in iOS 8, though it largely didn’t elaborate on them. The list of new features includes:

  • Expanded data protection for built-in apps;
  • Per-message S-MIME encryption support in Mail;
  • Thread-based notifications for messages in Mail;
  • Auto-reply/ Out-of-office support in Exchange environments; and
  • Availability information (free/busy) for coworkers when scheduling events in Calendar.

Although Apple didn’t really spend much time highlighting its plans for enterprise engagement in either iOS 8 or OS X Yosemite, the company currently does dominate the enterprise mobility space and has described that market as crucial to its future growth.

As a result, it’s extremely likely that many of the areas I’ve highlighted as potential challenges will likely be incorporated to one extent or another into the company’s MDM framework, which is used to manage both iOS devices and Macs in enterprise and education environments.

This story, "What iOS 8, OS X Yosemite, and iCloud Drive will mean in the enterprise" was originally published by CITEworld.

Shop Tech Products at Amazon