- Security TWENTY
- Women in Security
Andy Kemshall, technical director, SecurEnvoy, offers tips for IT departments and security specialists for iOS 7 readiness.
Apple is expected to release iOS 7 any day now, marking the greatest changes and improvements the operating system has seen since its inception. But are the enhancements to iOS’s security features good news for everyone?
The hotly anticipated latest version of Apple’s mobile operating system, iOS 7
For the first time, Apple has made a change to its hardware copy protection. In previous iOS versions, each device had a single identifying code that would be used for every app downloaded. With iOS 7, the device will generate a unique code for each app, which adds a layer of security for users. For any app that could reasonably be expected to work on another device (such as games), this is not a problem. However, apps that should never be replicated on another device will not work on iOS 7 if they have not been tested and reconfigured by the developer for automatic migration. Soft-token authentication apps that generate single-use codes, such as SecurEnvoy’s, fall into this category.
A beta version of iOS 7 has been available to iOS Developer Program members since June. App developers, including SecurEnvoy, have had ample opportunity to ensure that their software will work seamlessly as soon as iPhone and iPad owners download the new iOS. Unfortunately, in the past many developers have rested on their laurels until the new operating system is released and some may presume they can do the same with iOS 7. For the first time, those who wait will be too late – their apps simply won’t work on iOS 7.
Such a bold departure from the security settings of the previous iOS version therefore represents a quandary for technology users whose software suppliers have not tested their products on the new operating system before its launch. This poses a serious risk for IT departments at companies with employees who use their Apple devices for work. Forrester says that more than half of North American and European companies are developing bring-your-own-device (BYOD) programmes so businesses need to be ready for employees’ adoption of the new operating system.
Below is a checklist for IT departments and security specialists for iOS 7 readiness:
Prioritise the functions you need to work on the new operating system and the consequences if they don’t. Security and identity & access management should be high on the list, especially if employees use a mobile device for authentication for your systems.
Place a support call to your app provider and ask what testing their software has had on iOS 7 Beta. Alarm bells should ring if the answer is “None”. Note that SecurEnvoy Soft Token V7 is iOS 7 ready.
Ask users to update all apps before migration to iOS 7. They can do this simply by going to the App Store and applying all know updates. They can still upgrade their apps after migration but some apps might not work on iOS 7 until they are updated.
If you can’t be sure your department and its suppliers can support iOS 7, contact employees and ensure they are aware.