Four key enterprise features in iOS 7 that aren't ready to go out of the box
Apple's iOS 7 offers many new capabilities to IT departments regardless of whether the iOS devices they manage are employee-owned BYOD devices, more traditional locked-down corporate devices, or fit into the emerging choose your own device (CYOD) or company-owned personally enabled (COPE) models that are beginning to take hold in Europe and the U.S. respectively. While many iOS 7 additions are easily understood by IT pros and can be implemented immediately via the appropriate enterprise mobility management solutions, there are a handful that aren't quite as easy to understand, have unexpected limitations, and that come with unexpected requirements.
Of the nearly two dozen new mobile management capabilities, there are four that aren't quite the easily implemented options that they seem: enterprise single open-in management, managed app configuration, enterprise single sign-on, and per-app VPN.
Open in management: Less restrictive than containerization but more limited
One of the most attractive additions to iOS 7 from an IT perspective is open in management (also called managed open in). The concept of this feature is very simple. It allows an administrator to limit which apps and services appear in the share sheet of iOS 7 apps. That affords a form of de-facto containerization and data leakage protection, and is almost transparent to the user since they simply don't see any obvious sign of restriction.
At first glance, this is an incredible capability. The challenge is that the settings are global and cannot be set on a per-app basis.
Managed open in is based around Apple's emerging concept of managed vs. unmanaged apps (those installed or provided by the IT department vs. those installed by individuals from the public iOS App Store). It offers essentially four basic choices for allowing or restricting sharing of content between apps.
- Managed apps can send data to both managed and unmanaged apps (essentially no restriction).
- Managed apps can send data only to other managed apps (restricting "work" apps to only speaking to other "work" apps, but not to personal apps).
- Unmanaged apps can send data to both managed and unmanaged apps (the major restriction here is that "work" apps cannot send data to personal apps but can receive content from them).
- Unmanaged apps can send data only to other unmanaged apps (again restricting personal apps to only personal content).
This feature does create a security baseline by separating work and personal apps without much impact on the user experience. But you can't configure rules based on the type of data or creating app-specific rules. If a user has enterprise apps A, B, and C installed as managed apps, the three can exchange data freely. You cannot create a rule that says app A can share with app B but not with app C.
For organizations that have invested in containerization or mobile app management (MAM) solutions, this feature isn't going to be particularly useful because you probably already have better and more granular capabilities. For organizations that haven't mane such an investment or that are still determining MAM and content management strategies, this is a great option because it puts in place some controls (including control for user privacy by limiting the sharing from unmanaged apps) while investigating other options. Some organizations may also find that this basic capability effectively meets their needs.
Managed app configuration: A great idea that requires developer support
Like Windows or Mac applications, most iOS apps have a series of settings options that allow the user to tailor the app to their needs, link it to network resources, specify user credentials, and activate or disable certain features for both personal preference and data security needs. Although many iOS features can be pre-configured using a mobile management tool or manually installed configuration profiles, until iOS 7 there wasn't an easy way to ensure that apps were properly configured for use in a specific company or department.
iOS 7 introduces the concept of managed app configurations, which allow administrators to push down app configurations as well as the app itself. The approach used to enable this capability in iOS 7 is similar to the way Apple has been allowing IT administrators to pre-configure OS X apps for years, or the ways in which PCs can be managed by Active Directory group policies. When an organization deploys a managed app to iOS devices (by pushing the app out over the air or by including it in an enterprise app store), administrators can also push out configuration data for that app.
Customers have taken control of the buying process, and gone are the days of the carefully crafted marketing message. That means you have to deliver relevant, quality content in the proper context of the customer's situation and device they are using -- and that's a huge challenge for most companies.
Four months after Quip launched on iOS, the company delivers on its promise of an Android app for its eponymous word processor. Today's release comes on the heels of a major update to its Web and iOS apps that finally lets you import Microsoft Word files, a feature the Android version lacks for now. Still, with these two updates, Quip edges closer to its ideal of being a collaborative cross-platform word processor.