Security Experts:

Apple Releases Security Guide for iOS

Apple has released a document that examines the security technology and features implemented within iOS, the platform that operates the consumer market’s most successful line of mobile devices. While none of the information is new or unknown, the guide is noteworthy, if only because it offers an official basic list of best practices to organizations wishing to deploy Apple devices.

Apple isn’t known for discussing their security, so the guide released this week is a rarity. While the information within the guide itself isn’t new, it represents official conformation of the data that the security community has worked to develop and define over the years. It also offers a set of recommendations, what the guide calls key elements, which organizations should understand when evaluating or deploying iOS-based devices on their networks.

At the same time, Apple seems to dismiss the notion that such a guide is even needed.

“Apple designed the iOS platform with security at its core,” the guide explains. “The combination of required code signing, sandboxing, and entitlements in apps provides solid protection against viruses, malware, and other exploits that compromise the security of other platforms. The App Store submission process works to further protect users from these risks by reviewing every app before it’s made available for sale.”

The guide examines the various elements of the iOS platform, including the architecture (i.e. how the secure platform and hardware intermingle to offer one layer of security), as well as encryption and data protection, network security, and device access.

Android and iOS Usage in Enterprise

The key to deploying iOS within the corporate environment however, as explained by Apple, is to ensure that the security features within iOS align with IT and security policies and requirements.  

While it may seem like Apple doesn’t feel a document of this type is needed, based on their statements and the fact it was published without fanfare, clearly they understand the value of layered security and the needs of their corporate clients. Thus, they have released official guidance and documentation.

Given the popularity of iOS, and the need to get a handle on mobile device management, the guide is worth reading, especially if mobile security is a mission critical requirement.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.