Home iOS Apple offers devs two useful enterprise security tools

Apple offers devs two useful enterprise security tools


Two sessions I attended at last week’s Worldwide Developer Conference (WWDC) — the Managed Device Attestation and Secure Endpoint sessions — highlight the company’s commitment to delivering increased capabilities for security tools. While both were naturally oriented more to developers of device management and security solutions than to end users or IT admins, some of the additional capabilities developers will be able to build into enterprise tools are noteworthy.

Managed Device Attestation

Let’s start with Managed Device Attestation, a new capability that helps ensure servers and services (on-premise or in the cloud) only respond to legitimate requests for access to resources.

The use of cloud services and the deployment of mobile devices both grew in tandem (and exponentially) during the past 10 years, which changed the enterprise security ballpark significantly. A decade or so ago, having strong security at the network perimeter coupled with VPN and similar secure remote access tools was the primary way of securing a network — and all enterprise information.

Security today, though, is much more complex. Many resources live outside the corporate network entirely, and that means trust evaluation has to occur across a broad range of local, remote, and cloud services. This typically encompasses multiple providers and each needs to be able to establish that the users and devices connecting to them are legitimate; that goes well beyond simple authentication and authorization.

Today, services rely on user identity, device identity, location, connectivity, date and time, and device management state to determine whether requests for access are valid. Services can use any or all of these criteria, and most — including MDM solutions — can use these criteria when granting or denying access.

Depending on the sensitivity of the data, simple user authentication may be enough for a given security posture or it may be prudent to rely on all of these criteria before granting access, particularly for sensitive or administrative systems.

Copyright © 2022 IDG Communications, Inc.