iOS 8 IT: 3 Questions CIOs Should Ask

by: | Oct 9, 2014

[Editor’s note: This post originally appeared on MobileIron’s blog and is reposted here with permission.]

“There’s less enterprise stuff in iOS 8 than iOS 7, so I think we’re gonna be fine.”

I got this response from the head of mobile at one of our customers here at MobileIron several weeks ago. It is representative of what I see across the board in the IT community right now. We have all been trained to look at only the “enterprise” feature list of new versions of iOS as we plan for development and rollout.

But iOS 8 is different.

“iOS 8 is the biggest release for developers since the introduction of the App Store.”

That’s what Apple says on its developer home page, so every enterprise needs to understand both the opportunities and the implications of this release.

iOS 8 is about workflow. iOS 8 is about data-sharing. iOS 8 is about giving app developers the tools and techniques to build more sophisticated user experiences. iOS 8 is about what Galen Gruman, InfoWorld Executive Editor, calls liquid computing, in which the focus is on what you are doing, not the device you are using.

Most CIOs are underestimating the impact of iOS 8 on their mobile strategies. Here are three questions they should be asking to get ready:

1. How do I handle privacy in a HealthKit world?

With iOS 8, Apple announced HealthKit and HomeKit, two new tools to enable health and home automation experiences on iOS devices. While the average consumer health app may just be telling me how many calories I burned, some could now become life-critical. The health or safety of an individual might rely on a HealthKit-enabled app on the phone, such as a blood-pressure tracker or diabetes manager.

This is not just a “BYOD” issue. This will affect corporate devices as well. Regardless of whether a phone is owned by an individual or a company, it is almost always a mixed-use device. Employees will use personal apps enabled by HealthKit, HomeKit, Apple Pay, and other future services on their corporate devices. Disabling these services will damage user experience and satisfaction. But wiping health data on a phone could actually put an end user’s wellbeing at risk.

Many companies do not have the policies and processes in place to deal with their corporate mobile devices being used for life-critical tasks.

Recommendation: Revisit your approach to privacy policy, process, and communication. Assume that every device is a mixed-use device. Move to a model of selective management and selective wipe to secure enterprise data while protecting life-critical workflows and personal data.

2. How do I secure fluid data?

The ability to deliver workflow-based apps has traditionally been constrained by computing boundaries, such as access to a PC, availability of a network, or the functional boundary of an app. With iOS 8, computing starts to follow workflow. Data become fluid and easily available across devices and apps using new iOS 8 IT features such as Handoff and app extensions.

This is fantastic for enterprise app developers because it lets them build more fluid and interactive apps. They could link enterprise apps together into an productive mobile workflow for the end user. But new data-sharing mechanisms could also result in unexpected vectors of data loss. Enterprises will not want corporate data to suddenly appear on unmanaged devices or in unauthorized apps. This problem is not solved by taking away these features but rather by providing the guardrails for enterprise developers to use these features effectively.

Recommendation: Create app design, architecture, and management guidelines to enable the use of Handoff, app extensions, and other new iOS 8 data-sharing features without putting enterprise data at risk.

3. Are biometrics ready for prime time?

Apple has taken a phased approach to biometrics. The iPhone 5s introduced the first use case in 2013 with the fingerprint recognition technology of Touch ID allowing users to unlock their phones or conduct iTunes transactions without typing their passwords. It also gave enterprises the opportunity to simplify the user authentication experience by allowing Touch ID to unlock a device while still having a strong password as a backup. This reduced the threat of lost or stolen devices being compromised and increased the strength of iOS secondary encryption.

With iOS 8, Touch ID will be available to third-party developers for the first time. This means a mass-market, tested biometrics method could be used for authentication by the iOS app ecosystem.

Recommendation: Use Touch ID as a testing ground for biometric app authentication. Define the role and use cases for biometrics in your broader enterprise authentication strategy.

iOS 8 is the first sign of Phase III of mobile enterprise computing:

• Phase I was wireless email, and it lasted for a decade.

• Phase II was standalone apps, and, over the last two years, it opened the eyes of the enterprise to mobile as a computing platform.

• Phase III is workflow, and it is the catalyst for true business transformation through mobility.

iOS 8 will kick off new innovations in mobile app development, many of which will have far-ranging implications for privacy, app design, and data security in the enterprise. Keeping up with these changes will be difficult for many organizations, and it will be IT agility that separates the companies that benefit greatly from those that struggle to catch up.