The first steps for protecting corporate data on iOS devices

6 min read

by Mosyle Team


The first steps for protecting corporate data on iOS devices

Protecting corporate data is one of the most critical responsibilities for the technology team of any organization or company. There are many practices and different levels for ensuring corporate data is safe and secure, from application-level to system-level, user authentication and device storage.

In this beginners article, we will share with you some of the basic capabilities, settings and configurations you can use to ensure the security of corporate data accessed and storage, when deploying iPhones in your organization. Many of them can be applied using the mobile device management solution, which will make you save time and energy while configuring all your corporate devices.

Passcode Policies

When we think about privacy and security, I believe the first thing that comes to our mind are passwords - and that’s a critical thing for sure. There are a lot of best practices for choosing strong passcodes and engineers never stop to research new ways to leverage the security levels on software, operating systems and on the Web.

How do you ensure users select strong passwords on their corporate iPhones? One possibility is to apply a management profile using a mobile device management solution, including the passcode policies to lock the iOS device, such as minimum password length, number of complex characters, etc.

Installing apps that support data protection

What type of applications does your company use? Do they support Data Protection? That’s a very important question to ask when deploying these apps to the iPhones. The applications used for work will have access to the corporate documents and, in some cases, they can store the documents locally on the device. That’s why the data needs to be encrypted.

So make sure the applications that access corporate data, support data protection. Currently there are many open-source applications that also encrypts data in the cloud, working with iCloud Drive, Dropbox, Google Drive, OneDrive, and WebDEV. When using this kind of app, all the files stored within the application are encrypted before they are actually uploaded into the cloud. If your company deploys to iPhones in-house applications, make sure they support data protection by encrypting it on disk.

Wi-Fi, Network and VPN Security

Most of the threats to data security, such as viruses and malwares, comes from the Internet. Despite the iPhone being one of the most secure devices ever designed, it’s important to prevent users from accessing unprotected network connections - and there are a few different methods to ensure this.

One of them is setting up the corporate Wi-Fi, making sure you are using Protected Access II (WPA2) Enterprise - which is native to iOS by the way. A mobile device management solution can be very helpful in this moment when you have to be sure the corporate Wi-Fi is properly configured on the iOS devices.

Using an Apple-only device management software solution, you are able to ensure all corporate devices access the specified corporate Wi-Fi right from the initial configuration, by applying the Wi-Fi management profile on the iPhones.

Another recommended capability is making only the corporate VPN available, in case iPhone users need to remotely access the corporate network. By configuring the VPN management profile, you can set up which VPN the user can access, while also blocking other VPNs to be accessed.

Finally, the MDM solutions allows you to remotely apply Network Usage Rules to the iOS devices, blocking cellular data and roaming, to have access to specific managed applications, to a wildcard match (such as the company's internal website domains) or even to all the managed applications installed on the user device.

Discover the most transparent, predictable, cost-effective MDM solution for Enterprise

Don’t break your bank, estimate your savings and learn more about the plans that better fit your enterprise’s budget.

See Plans and Pricing Mosyle Business

Remotely install Certificates to iOS devices

There are many different certificates that IT admins can use to protect corporate data. You can explore these possibilities and find the best ones for your organization’s needs, but whichever solution you choose, the MDM solution can help you apply to the devices, including any third-party certificate for network security, data privacy or authentication.

All you need to do, is upload the certificates within the MDM platform and send the commands using the device management solution. By using this workflow, you are able to not only streamline this process, but also being able to have more control over this by keeping track of which certificate is applied to each device and user.

Instruct users

The IT department can follow all the best practices on security and data privacy, but if the user accesses malicious websites or stores sensitive data on their devices, corporate data security can be threatened. So it’s important that the IT department works closely with end-users to instruct them about device usage rules, as well as explain the situations they should avoid while using the corporate iPhone in order to protect their data.

Many organizations and companies instruct users about data privacy and other important topics about websecurity - which is very valuable to users, since all of us are surrounded by technology nowadays and it's critical to have the knowledge about these type of threats - not only for corporate, but also for personal data. One easy way of instructing users is to create and distribute a guide about it, with simple tips, terms, and explanations that can help users ensure their behavior and practices online does not put at risk security and data privacy.

Lost mode and Remote-wipe capabilities

Bad things happen and you have to have an easy way to solve it. Even if you accomplish the best practices on security and the user takes care of the device while using it, things change if the iPhone is lost or stolen.

The Lost Mode capability available for iOS devices is a great feature that allows the company to completely block the device in these cases, also being able to track their location. If needed, the iPhone device enrolled in the MDM solution can be remotely wiped too, avoiding any data locally stored for being accessed.

These are some of the basic device management features that can help you get the first steps to ensure security and privacy in your organization. Want to explore more advanced configurations available in an MDM solution made exclusively for your industry? Open your account for free!