_iOS 13 and Android Enterprise simplify the use of BYOD devices
The professional use of personal devices can be an attractive approach for companies and employees. But so far, data protection has been a problem – for companies as well as for employees. To ensure the protection of corporate data, many companies rely on a Unified Endpoint Management solution that can securely manage the devices and data. However, while the UEM APIs at Android were not sufficient to protect corporate data for a long time, UEM at iOS impaired the protection of personal data because UEM there had extensive access to the device – including personal data.
Many users have therefore refused to install a UEM client on their devices. Business use of the devices was therefore not possible or entailed a risk in terms of data protection. And this is exactly why many companies have decided not to adopt the use of BYOD devices.
iOS 13 introduces a completely new way of enrollment, with a major change that takes care of users‘ privacy: the introduction of User Enrollment, a fundamentally new form at Apple for device management. And Android is also well positioned for BYOD scenarios since the introduction of Android Enterprise and the Work Profile.
We will show you why you can now integrate private devices into your device landscape both with iOS 13 and Android Enterprise.
_BYOD – an attractive approach for companies and employees
Bring Your Own Device (BYOD) – this approach allows employees to use their personal devices for business purposes. At first glance, an advantage for the employee and the company: employees can work with the devices of their choice and do not have to carry multiple devices around. Employers save on device costs and increase their employer attractiveness through the flexibility they offer their employees. But what about the security of company data and the protection of personal data? Privacy continues to be a concern in this scenario.
_BYOD scenarios require clear guidelines
If personal devices are used for business purposes, they could have access to the company’s IT infrastructure and sensitive data.
_A comprehensive security concept including usage guidelines is therefore enormously important for BYOD scenarios and is also required both for compliance reasons and by the legislature_ Markus Adolph Founder and Managing Partner EBF
Because laws define clear regulations for the protection of data – both personal and business-related – and require clear separation.
Companies should, therefore, provide their employees with clear guidelines for the professional use of private devices – for example for passwords, screen locking, anti-virus protection, operating system updates, and app updates – and make the employees aware of their own responsibility for protecting sensitive data.
_We also recommend using a Unified Endpoint Management system to manage applications and data on the devices and delete company data from the device when needed_ Thierry Lammers CEO BLAUD
_iOS 13: User Enrollment now provides privacy for BYOD devices
_iOS 13 introduces the so-called User Enrollment. This puts a much greater focus on BYOD and user privacy which makes it a major step forward in data protection for both users and businesses_ Ronan Murphy Managing Director CWSI
Because so far the UEM profile had extensive access to the device. This has led to inconvenience for many users which resulted in not wanting to put their device under the management of an UEM solution.
Under iOS 13, enrolled using User Enrollment, for example, a UEM will no longer be able to do the following:
- Have an insight into the installed applications or the device identifier
- Erase the device and the device password
- Define complex password requirements
However, the UEM can still do everything that is necessary to manage the enterprise applications, accounts, and data, e.g.:
- Install and configure enterprise apps
- Force a passcode
- Query data relevant for enterprise applications, certificates, and profiles
With iOS 13 data of managed applications is stored in a separate managed and encrypted APFS volume that is created during registration, separately from user data, and deleted when unrolled.
With iOS 13, enterprise data, apps and policies are no longer bound to a single device, but to a managed Apple ID that can be created through Apple Business Manager and optionally connected to the Microsoft Azure Active Directory using Security Assertion Mark-up Language. Users can use their AD user credentials as a Managed Apple ID and log on to the device.
The user registration process is streamlined with iOS 13, as the interface is clearer and the dialog is simplified. The UEM system makes the profile available for which the managed Apple ID is stored as a reference to the user for download. After the download, the user selects the profile in the settings and performs the installation. In the last step, the user authenticates himself to the UEM with the Managed Apple ID.
_Android Enterprise: The Work Profile ensures data protection on both sides
With the introduction of Android Enterprise, Google has implemented „Work Profile“, which can be rolled out for BYOD and company-owned devices. It ensures that business and personal data and applications are separated from each other and professional applications and data are stored in a container. This is protected by special security guidelines and does not affect personal data.
_This ensures that sensitive company data is secure and the privacy of users is protected_ Philipp Klomp Founder & CEO Nomasis
For enterprise applications, restrictions can be made for example:
- Taking screenshots can be prevented.
- The sharing of data via NFC and Bluetooth may be restricted.
- „Copy & Paste“ from business to private areas can be forbidden.
In addition, the download of applications from unknown sources can be prevented.
For the personal use of the BYOD devices, a personal Google ID is required, which is also used once for the installation of the UEM app.
_iOS 13 vs. Android Enterprise: Where are BYOD scenarios supported better?
_With iOS 13, Apple is now catching up and offers, like Google with Android Enterprise, significantly more security for corporate data and more protection for the privacy of users_ Ulrik Van Schepdael CEO mobco
In contrast to Google, Apple doesn’t use a multi-user approach, but a multi-account approach.
Android Enterprise therefore offers the following advantages:
- The Google PlayStore for Work serves as a separate app store for business applications, where business apps can optionally be distributed.
- For professional apps, the Work Profile on Android offers the possibility to implement global settings – e.g. the use of VPN for business apps.
- With Android, there are no restrictions on device access.
- The Work Profile can be deactivated after closing time or during vacation and the professional area can be switched off temporarily.
Apple, on the other hand, has advantages compared to Android in other regards when it comes to BYOD devices:
- Different calendars can be shown all at once in one app.
- Apple offers a per App-VPN functionally.
- Certain domains can be declared as managed domains. For example, downloaded documents remain in the managed area.
All in all iOS 13 and Android Enterprise offer companies completely new possibilities for handling BYOD devices. For more information on iOS 13 and Android Enterprise, please contact us at any time.
If you want to learn more about iOS 13 in general, you can download our whitepaper here: