Apple's iOS 7 is the company's most feature packed mobile operating systems yet - and undoubtedly its most colourful.
But for many businesses, it's what's under the surface that will count. Some organisations will look to take advantage of iOS 7's new security and mobile device management (MDM) features straight away, while others may survey the situation and make the switch down the line.
Green light
Jay McLaughlin, Chief Security Officer (CSO) at Q2ebanking, says that organisations that do want to upgrade employees' devices to iOS 7 can confidently give employees the green light to do so now - so long as the handsets are in a "non-jailbroken" state.
"iOS 7 presents new vulnerabilities in the fact it contains new code, technology and features," he says. "Once discovered, you'll see new exploits created - many of which would be used for jailbreaking purposes - which inherently breaks and destroys the strength of Apple's underlying security model for iOS."
He adds: "Historically, Apple has tightened its security within iOS with each subsequent release, adding stronger encryption, Data Execution Prevention, ASLR and the new A7 processor's 'Secure Enclave.' As such, when in a non-jailbroken state, the iPhone is one of the most secure consumer devices."
Preventative measures
But what can a company do if it's not confident in giving the go ahead? Gartner analyst Ken Dulaney says that small businesses in particular will have little success in preventing users from updating to iOS 7 if they have no existing MDM solution in use.
"Upgrading can be a problem if bugs are found in the software, as there have been in previous iOS releases," he says. "There is an iPhone Configuration Manager that can be used to block some updates, but than can take great effort to use [for the first time] as employees would have to agree to the company's 'bring your own device' policies."
Delaney adds businesses with an MDM policy should issue a note to employees requesting that they wait to download and install the upgrade. The business can use this interval to evaluate risks and note bugs that emerge in the first few months after iOS 7's release.
"Some organisations may have little discipline to stop this, and if something goes wrong they will have to use device wipe through Exchange Active Sync as the only line of protection," he says. "They should make users aware that backup of personal information is their responsibility and that the business has no ability to protect it if lost during a device reset to protect the enterprise."
Controlling data
For Q2ebanking's McLaughlin, businesses with "bring your own device" (BYOD) policies in place should focus less on aiming to control employee's iPhones in the aftermath of the update and more on protecting corporate data.
"What organisations must keep in mind and realise is that they don't control the device," he says. "IT is losing more and more control of devices. Instead, they should be focused on what controls they can use to protect the corporate data, and information transmitted and stored on these devices."
He adds that companies should check to make sure the MDM solutions they are currently using to enforce BYOD policies will be compatible with iOS 7 and the iPhone 5S.
"This is critical for ensuring patches and updates can still be pushed to devices - not to mention being able to take control of the newest security features," he says.
App Wrapping
One feature that enterprise mobility company Cortado believes iOS 7 has killed off is that of "app wrapping," a technology for modifying existing apps by replacing aspects of it to add specific enterprise functionality like manged open-in, encryption, network access control, single sign-in and more.
"We've never believed in third-third party solutions that provide such functionality," says Cortado CEO Carsten Mickeleit. "With iOS 7 nearly every app wrapping feature is covered by the operating system, with no need to change the app."
He adds: "Companies should be aware that with iOS 7, projects regarding app wrapping and containerisation are redundant and that they need a MDM solution and a VPN that is compatible with the new iOS 7 Per App VPN. If they are informed, then they will understand that iOS 7 is an opportunity to realise not just a secure but also a productive MDM system including corporate file sharing with which employees are happy to work."
Vendor backed
Once an organisation decides to go ahead with upgrading devices to iOS 7, it can take advantage of the new version's numerous MDM and security APIs that are made useful when paired with offerings from vendors to provide full enterprise capabilities.
Nigel Hawthorn, Director of Marketing at mobile IT solutions company MobileIron, says that previous challenges such as establishing secure connections to enterprise data sources, configuring apps at scale, and preventing data loss is now possible without manual configuration and maintenance or specialist skills from app developers.
"With iOS 7, each of these capabilities is available at OS level and can be managed and enforced by MobileIron, meaning developers can focus on building apps without being security specialists," he says.
Other iOS 7 features assisted by MobileIron include Open-In control (defining which apps documents and messages are opened in), VPN rules to start VPN connections to corporate networks when apps need access to secured resources and the ability to disable the iPhone 5S's fingerprint scanner.
Identity Management Software maker Centrify places a greater focus on the BYOD aspects of iOS 7 to increase simplicity for IT administrators.
"Our Centrify User Suite is able to integrate mobile devices and OS, including iOS 7, into an organisation's existing Microsoft Active Directory infrastructure, allowing users a secure Single Sign-On (SSO) for access to all their corporate apps on the device," explains Centrify CEO and President Tom Kemp.
"From an IT administrator perspective, we provide iOS 7 support for locking or remotely wiping devices, securing access to email networks and enforcing of user passcodes," he adds. "Organisations can easily assign devices to users and manage the associated properties and settings for each user's device without the hassle of deploying complex new infrastructure or a separate management console."