Read what Good Technology, MobileIron, SOTI and others think about the new OS.
What will Apple’s latest operating system mean for the security of its devices? CBR rounded up 8 industry experts to give their views.
1. All new OSs bring security challenges
Nicko van Someren, CTO at Good Technology says:
"While iOS 9 introduces new security capabilities and will very likely be more secure than its predecessors, any new operating system release brings new bugs and undiscovered exploits in the places where new code is written.
"The constant pressure to add ever more new capabilities and features year over year often comes at the expense of new APIs that can leak and new code that can be exploited.
"From a CIO’s perspective, new OS versions mean ensuring corporate and third party apps are compatible so users don’t unknowingly incur risks to their company by rushing to upgrade their devices.
"Enterprises need to expand their thinking beyond patching systems retroactively and ensure that they proactively test apps and systems in advance of the new release."
2. Device protection made easier for enterprises
Sean Ginevan, Senior Director Strategy at MobileIron comments:
"The iOS 9 update makes it easier for IT departments to protect devices, while maintaining user experience. Previous security gaps in Apple’s iOS have been corrected with iOS 9, with employees now able to access the apps and content they need, with less security barriers in place.
"Security improvements in app, device and network security, have made managing a corporate device simpler for corporate IT departments and more transparent for users.
"The new trust user interface allows users to know when they are installing an app from an unauthorised enterprise developer. Users operating under a managed service will be better safeguarded when downloading new apps, even though IT departments will not be able to block unmanaged apps on employee-owned devices."
3. You can’t rely on an OS vendor to solve security woes
Eldar Tuvey, CEO and Co-founder at Wandera, says:
"With the release of iOS 9, Apple has incorporated some security updates and introduced enhancements such as new MDM controls. While these optimisations are noteworthy, enterprises are still exposed to mobile threats that exploit the underlying design of the mobile operating system.
"For example, iOS devices can be fooled into attaching to rogue Wi-Fi hotspots, and approved apps can still leak user credentials over unencrypted channels. Device configurations are important for maintaining security, but so is thorough app analysis, real-time network protection and infrastructure security.
"We are unlikely to ever see any of this capability delivered through an operating system vendor — they simply lack the visibility into the real-time traffic to provide adequate protections for all the various mobile threats that exist."
4. Raising the app protection game
Graham Stuart Watts, Senior Product Manager at SOTI, says:
"Mandatory HTTPS communication for apps has been teamed with improved policy controls to govern the installation of third-party enterprise apps.
"Whilst this does restrict installation of apps from other developers, one of the greatest security threats to the corporate network is from slapdash app development where the speed of deployment has come at the expense of the necessary level of security enterprises must maintain.
"Finally, Apple has release additional tools to protect corporate data by restricting AirDrop transfer and offer better governance of this feature.
"This is very important in light of the newly discovered AirDrop vulnerability which allowed hackers to install malware on the devices without even needing the victim to approve the transfer. Before this update, simply initiating the AirDrop was enough to allow the malware to go through."