by Tom Kaneshige

Q&A: How CIOs Can Benefit from Apple iOS 5, iCloud

Oct 18, 20116 mins
Cloud ComputingConsumer ElectronicsDesktop Virtualization

Apple enterprise expert Aaron Freimark discusses email and iCloud sandboxing for iPhone and iPads running iOS 5.

Last week, Apple discreetly tipped its cap to businesses after unleashing iOS 5 to the general public. This latest version of the iPhone and iPad operating system is chock full of critical enterprise features that went largely unnoticed during Apple’s iOS 5 launch event aimed at consumers.

Simply put, iOS 5 shows that “Apple really has been listening to businesses,” says Aaron Freimark, IT director at Tekserve, a services firm helping Fortune 1000 companies adopt the iPad.

It’s a good thing, too, as CIOs face a daunting challenge keeping up with iPads and iPhones infiltrating their companies. Apple recently claimed 92 percent of the Fortune 500 are testing or deploying the iPad.

Inside Look: The iPad Culture Shock for IT

Since Apple released iOS 5 and a new Internet storage and sharing service, called iCloud, last Wednesday, the company says more than 25 million devices now run this latest version of the operating system. More than 20 million people have signed up for iCloud.

While iOS 5’s enterprise features are welcome news for CIOs, a growing iCloud consumer service poses serious corporate security risks. Just imagine sensitive corporate documents in Apple apps such as Pages, Keynote and Numbers being backed up on Apple servers and automatically shared with other iOS devices associated with the same Apple ID. talked with Friemark about steps CIOs can take when using iOS 5 and iCloud.

Aaron Freimark of Tekserve

What do you think of iOS 5 from an enterprise standpoint?

Freimark: The way the whole ecosystem of mobile device management [MDM] vendors works is that Apple gives basically a protocol for communicating with iPhones and iPads. Apple came out with this (enterprise) system in version 4.0 and upgraded with version 4.3. Now with iOS 5.0, there are more features, known as restrictions. They prevent iCloud document syncing, iCloud key-value syncing, iCloud backup. These individual switches can be turned on and off. Another one prevents Siri from working.

Because MDM vendors are all working off of the standard Apple spec, they tend to have a lot of overlap in their offerings. Anything that goes outside of that spec really isn’t going to be interactive with that device. A lot of the vendors have upgraded in the last 24 hours [of the iOS 5 general release last week].

How can CIOs guard against the iCloud security threat?

Freimark: In the last year or two, we’ve seen a real maturity in the [consumer] cloud with Dropbox, and now iCloud. For consumers, there is really no downside and a huge upside in ease-of-use content storing and sharing. I personally love iCloud. The biggest pain is transferring files on and off, and you don’t have to do that anymore.

For CIOs, though, iCloud really becomes a balancing act. As cloud services mature, we need to keep them in sandboxes.

Does Apple support sandboxing?

Freimark: Apple has made some really excellent changes for enterprise users in iOS 5. One of the best is sandboxing email. You can set up an email account so that the user can’t forward emails, can’t change addresses, can’t use the email in other apps—all of which have been some of the biggest IT worries. So this closes a really big hole.

Should CIOs simply turn off iCloud?

Freimark: It’ll be on a case-by-case basis. There is an alternative that was actually announced in iOS 5, something called managed apps. This is brand new. Under MDM, a company can kind of push out apps to the devices. Essentially, you can define a set of apps that a set of devices has, which can be free apps or paid apps through Apple’s volume purchase program.

Once those apps are sent to the devices and users are prompted to install them, the devices are marked as managed. Two unique things about managed apps: One, you can mark them so that they and the data don’t get backed up either to iCloud or the desktop, and the other is when the apps are no longer “managed,” the apps get wiped. This is selective wiping.

Because you can do this on an app-by-app basis, it’s really enabling this kind of wall on the device between the corporate side and the personal side. So you’re able to get the best of both worlds. This just wasn’t available prior to iOS 5.

(In a previous interview, Freimark said selective wiping is an important enterprise feature that iOS had been lacking. A large Tekserve customer has been researching the legality of completely wiping an employee’s personal device. Moreover, a data kill switch is a last resort. “By the time you wipe, you’re way over the edge,” Freimark said.)

Is this the “balance” CIOs need to strike?

Freimark: It enables the strategy where you can say, “Use your device, love your device, put your kids’ photos on the device, download apps on the App Store.” For the CIO’s part, IT makes it so the user email is sandboxed and the apps distributed are paid for by the company and can be pulled from the device.

What does iOS 5 say about Apple’s approach to the enterprise?

Freimark: There are features in iOS 5 that are not going to be in any Apple keynote presentation, but they are in there solely for the benefit of businesses. It really shows Apple really has been listening to businesses.

For CIOs who have done iOS deployments and pilot projects, I think it’s a good time to re-evaluate and make sure that their MDM vendor is staying on top of developments. For CIOs who haven’t felt iOS has been robust enough for their needs, it’s a good time to take another look.

What does Apple still need to do?

Freimark: The iPad is used as a personal device. But we often deploy iPads used in a kiosk mode, one app with a primary use case. It could be an HR training app, a sales presentation, or even a digital menu in a restaurant. CIOs will say this is the only thing I want running on this device.

The trouble is that it’s really hard to convince an iPad that it has a single use. It has the home button to show all the other apps. It has multi-touch swiping to go to different places. And it wants to have an Apple ID for a particular user to download apps.

I’d like to see a way for the iPad to have a personality change to a single-purpose device in some use cases.

Tom Kaneshige covers Apple and Networking for Follow Tom on Twitter @kaneshige. Follow everything from on Twitter @CIOonline and on Facebook. Email Tom at