(301) 590-2555 • (888) 354-0100
Apple Premier Partner

iPad Security

Print E-mail

Revolutionary Device, Secure Throughout

iPad provides encrypted protection of data in transit, at rest, and when backed up to iTunes. Whether a user is accessing corporate email, visiting a private website, or authenticating to the corporate network, iPad provides assurance that only authorized users can access sensitive corporate information. And, with its support for enterprise-grade networking and comprehensive methods to prevent data loss, you can deploy iPad with confidence that you are implementing proven mobile device security and data protection.

iPad can securely access corporate services and protect data on the device. iPad provides strong encryption for data in transmission, proven authentication methods for access to corporate services, and hardware encryption for all data stored on the device. iPad also provides secure protection through the use of passcode policies that can be delivered and enforced over-the-air. And if the device falls into the wrong hands, users and IT administrators can initiate a remote wipe command to erase private information.

When considering the security of iPad for enterprise use, it’s helpful to understand the following:

ipad-passcodeDevice Protection

Establishing strong policies for access to iPad is critical to protecting corporate information. Device passcodes are the front line of defense against unauthorized access and can be configured and enforced over-the-air. iPad uses the unique passcode established by each user to generate a strong encryption key to further protect mail and sensitive application data on the device. Additionally, iPad provides secure methods to configure the device in an enterprise environment where specific settings, policies, and restrictions must be in place. These methods provide flexible options for establishing a standard level of protection for authorized users.

Passcode Policies

A device passcode prevents unauthorized users from accessing data stored on iPad or otherwise gaining access to the device. iOS allows you to select from an extensive set of passcode requirements to meet your security needs, including timeout periods, passcode strength, and how often the passcode must be changed.

The following passcode policies are supported:

• Require passcode on device
• Allow simple value
• Require alphanumeric value
• Minimum passcode length
• Minimum number of complex characters
• Maximum passcode age
• Auto-lock
• Passcode history
• Grace period for device lock
• Maximum number of failed attempts

Policy Enforcement

The policies described above can be set on iPad in a number of ways. Policies can be distributed as part of a Configuration Profile for users to install. A profile can be defined so that deleting the profile is only possible with an administrative password, or you can define the profile so that it is locked to the device and cannot be removed without completely erasing all of the device contents. Additionally, passcode settings can be configured remotely using Mobile Device Management solutions that can push policies directly to the device. This enables policies to be enforced and updated without any action by the user.

Alternatively, if the device is configured to access a Microsoft Exchange account, Exchange ActiveSync policies are pushed to the device over-the-air. Keep in mind
that the available set of policies will vary depending on the version of Exchange (2003, 2007, or 2010). Refer to the Enterprise Deployment Guide for a breakdown of which policies are supported for your specific configuration.

Secure Device Configuration

Configuration Profiles are XML files that contain device security policies and restrictions, VPN configuration information, Wi-Fi settings, email and calendar accounts, and authentication credentials that permit iPad to work with your enterprise systems. The ability to establish passcode policies along with device settings in a Configuration Profile ensures that devices within your enterprise are configured correctly and according to security standards set by your organization. And because Configuration Profiles can be encrypted and locked, the settings cannot be removed, altered, or shared with others.

Configuration Profiles can be both signed and encrypted. Signing a Configuration Profile ensures that the settings it enforces cannot be altered in any way. Encrypting a Configuration Profile protects the profile’s contents and permits installation only on the device for which it was created. Configuration Profiles are encrypted using CMS (Cryptographic Message Syntax, RFC 3852), supporting 3DES and AES 128.

The first time you distribute an encrypted Configuration Profile, you install them via USB sync using the Configuration Utility or wirelessly via Over-the-Air Enrollment. In addition to these methods, subsequent distribution of encrypted Configuration Profiles can be delivered via email attachment, hosted on a website accessible to your users, or pushed to the device using Mobile Device Management solutions.

Device Restrictions

Device restrictions determine which iPad features your users can access on the device. Typically, these involve network-enabled applications such as Safari, YouTube, or the iTunes Store, but restrictions can also control device functionality such as application installation or use of camera. Device restrictions let you configure the device to meet your requirements, while permitting users to utilize the device in ways that are consistent with your business practices. Restrictions can be manually configured on each device, enforced using a Configuration Profile, or established remotely with Mobile Device Management solutions. Additionally, camera or web-browsing restrictions can be enforced over-the-air via Microsoft Exchange Server 2007 and 2010.

In addition to setting restrictions and policies on the device, the iTunes desktop application can be configured and controlled by IT. This includes disabling access to explicit content, defining which network services users can access within iTunes, and determining whether new software updates are available for users to install.

 

Upcoming Events

No Posted Events

Our Locations

Gaithersburg:

9057 Gaither Road,
Gaithersburg, MD 20877
Phone: (301) 590-2555

Frederick:

11 S Market St,
Frederick, MD 21701
Phone: (240) 415-6250

Business Hours

9057 Gaither Road, Gaithersburg, MD 20877 • Phone: 301-590-2555 • Fax: 301-590-8142 • © 2017 Mac Business Solutions, Inc.