Your guide to using iCloud in business

A growing number of companies are using iCloud -- Apple’s storage and syncing suite for Mac and iOS. Here's how to take advantage of iCloud’s ease of use and tight security.

cloud
Michael Kan/IDG

Use of iOS across the enterprise is increasing. Tight integration between iPhones, iOS and iCloud present an opportunity to exploit Apple’s online device and data backup service. Spiceworks claims 7 percent of enterprise software budgets will be spent on backup and recovery in 2019.

FAO Schwarz recently moved to deploy Apple solutions across its business; SKF, the world’s largest producers of bearings and seals has cut production errors to zero as a result of moving its manufacturing processes to iOS and SAP. John Hopkins Medicine, Massachusetts General Hospital, Stanford Health Care and St. Jude Children’s Research Hospital are all deploying around iOS.

Egnyte claims various models of iPad and iPhone account for the entire top 10 most used mobile solutions, in terms of actual activity.

Apple’s service can become a useful component for any enterprise attempting to mitigate shadow IT. We know employees will use unapproved software if it’s easier or more accessible than sanctioned enterprise solutions, so why not find ways to use the secure software they probably already have.

How iCloud can help

While there are exceptions, enterprise security policies typically avoid the use of public document and data storage and sharing services. Challenges around server location, data protection and local data regulation mean public services aren’t always the best choice for confidential enterprise data.

While Apple doesn’t present iCloud as an enterprise-focused product, the highly secure service does provide a range of useful tools for enterprise pros.

The company also continues to make its platforms more enterprise friendly, including addition of new iCloud features for enterprises, not least data separation and enterprise iCloud.

However, with Apple occupying an ever-larger space in enterprise IT, perhaps enterprises should think about how its highly secure platforms can be used to supplement existing workflows.

Ease of use remains an advantage 

Apple’s universal advantage remains ease-of-use. For example, onboarding: A new

 

U.S. smartphone ownership has doubled since 2011.  Today, 95 percent of employees use mobile devices while at work and they demand that enterprise systems are as easy to use as the apps they use on their phones. If they are not, they just won’t use them.

iCloud enters the enterprise

Use of iOS across the enterprise is increasing. Tight integration between iPhones, iOS and iCloud present an opportunity to exploit Apple’s online device and data backup service. Spiceworks claims 7 percent of enterprise software budgets will be spent on backup and recovery in 2019.

Related: Is this iCloud for the enterprise?

FAO Schwarz recently moved to deploy Apple solutions across its business; SKF, the world’s largest producers of bearings and seals has cut production errors to zero as a result of moving its manufacturing processes to iOS and SAP. John Hopkins Medicine, Massachusetts General Hospital, Stanford Health Care and St. Jude Children’s Research Hospital are all deploying around iOS.

Egnyte claims various models of iPad and iPhone account for the entire top 10 most used mobile solutions, in terms of actual activity.

Apple’s service can become a useful component for any enterprise attempting to mitigate shadow IT. We know employees will use unapproved software if it’s easier or more accessible than sanctioned enterprise solutions, so why not find ways to use the secure software they probably already have.

How iCloud can help

While there are exceptions, enterprise security policies typically avoid the use of public document and data storage and sharing services. Challenges around server location, data protection and local data regulation mean public services aren’t always the best choice for confidential enterprise data.

While Apple doesn’t present iCloud as an enterprise-focused product, the highly secure service does provide a range of useful tools for enterprise pros.

Related: Q&A: How CIOs Can Benefit from Apple iOS 5, iCloud

The company also continues to make its platforms more enterprise friendly, including addition of new iCloud features for enterprises, not least data separation and enterprise iCloud.

However, with Apple occupying an ever-larger space in enterprise IT, perhaps enterprises should think about how its highly secure platforms can be used to supplement existing workflows.

Ease of use remains an advantage

 Apple’s universal advantage remains ease-of-use. For example, onboarding: A new employee authorized to store files, mail and data on an iCloud account (including those using an enterprise mail address) can deploy a new Mac, iPhone or iPad in minutes by just signing the new device into their Apple ID. When they do, they’ll see the entire contents of the iCloud Drive, passwords in Keychain, Calendar and other assets automatically download to their device. They will also find third-party email addresses automatically populated to their mail account, though they will need to enter passwords.

iOS supports Entourage, and with Microsoft Office 365 apps also available to the platform, it’s possible for iCloud to become a component that enables fast deployment of new employees on Apple platforms.

In 2018, SAP vice president of IT services, enterprise mobility, Martin Lang, showed how a new employee could be onboarded within five minutes using iOS and MDM support from Jamf.

Apple provides tools to enable automatic device enrollment in your mobile device management (MDM) solution. Apple Business Manager is accessible on the web and is designed for technology managers and IT administrators.

How secure is iCloud?

The company says it strives to ensure it does not become a custodian of personal data. It collects only the essential data it needs to provide the service. Users can access this data, but no one else can in the absence of an Apple ID.

You can store most digital content on iCloud Drive: Files, folders, documents, images, spreadsheets, tables and more. For the most part, if you can put it on a Mac, you can store it in the iCloud Drive.

The integration between service and device is such that an end user will be able to interact with most files without being aware that encryption is applied. Apple makes heavy use of encryption across the iCloud data journey, to the extent that information stored on its servers remains protected by the original user’s hash/security keys and 128-bit AES encryption.

You can read more about iOS security in Apple’s white paper, though -- like any other secure technology -- Apple’s is only as secure as the passwords and security practices of end users.

As a quick reminder, IT leaders should encourage employees to use alphanumeric passcodes, enable two-factor authentication and ensure security practices are followed at all times. An open culture of internal security incident disclosure helps – if an employee gets hacked that’s a bad thing: if they don’t tell you it happened, it’s likely to be a disaster.

What iCloud services are available?

There are numerous specific services that use iCloud to sync, though the actual list of services that rely on Apple’s servers is much wider as this page shows.

The following are some of the services offered by iCloud that may be of use to enterprise workers:

  • iCloud Drive: Digital files and assets
  • Mail: iCloud email addresses, Mail app also works with other email providers through a concise setup interface.
  • Safari: Bookmark sync is useful, but Safari’s ability to share Safari tabs across all the devices logged into an Apple ID is of huge benefit to researchers.
  • iCloud keychain: Keychain is an important and highly secure element to Apple’s OS stack. It is a highly secure space in which passwords for accounts and services can be kept. iCloud Keychain enables users to easily and securely use complex passcodes across services and all their devices.
  • Find My: Apple will compound two services: Find My Friends and Find My Phone into the new Find My service, which uses low energy Bluetooth to enable users to find lost equipment, including Macs.
  • Contacts, Calendars, Reminders: With Siri support and integration across Apple’s stack, the PIN apps can be useful, though perhaps lacking for professional use. Apple’s upcoming Mac and iOS upgrades will integrate with Siri on your device, enabling users to quickly and securely set reminders in response to communications that take place on that device.
  • Notes: A useful addition. It’s possible to collaborate with other users on Notes, making these quite a useful place for brainstorming and casual requests. The facility to scan documents and share with other applications may also come in useful for iOS users.

iCloud system preferences/settings

 You set which apps and services sync through your iCloud account in System Preferences (Mac) or Settings (iOS). Here you can enable and disable the apps that sync through the service, including those apps that use iCloud Drive. Enterprise workers will likely check the Desktops and Documents folder, as this will sync data held in both to all their devices.

iCloud’s Files app: A secure Dropbox for Apple devices

Apple’s mobile devices use the Files app as a file manager. This already stores documents, images and other digital assets in a secure environment that can be accessed using any Apple device that’s logged into the relevant Apple ID.

Files already works with and syncs iCloud Drive, and is compatible with third-party online storage services, including those from Dropbox, Box, OneDrive, Google Drive, SugarSync, Amazon Drive and others. Developers can make use of Apple’s CloudKit APIs to build online sync and storage into apps.

Files in iOS 13 will also be able to access files from external storage devices like SD cards, USB flash drives and SMB network drives. It will also introduce enhanced collaboration features: at present it is possible to collaborate on individual files, but iOS 13 will introduce shared folders in Files.

This integration means employees can interact with items stored on multiple file services within one app and drag & drop them between storage locations.

Anecdotally, this means iOS users get virtually real-time access to files they keep on online services – and in many cases sync is faster and more efficient.

Similar to most browser-based online storage solutions, users can also access all the files they have stored in iCloud Drive through a browser at www.icloud.com.

How to collaborate on an item stored in iCloud Drive:

  • Select it.
  • Tap the Share
  • Choose Add People from the lowest row of options.
  • Set who can access the item: Only people you invite or anyone with a link.
  • Set permissions: Can make changes or View only.
  • Choose how you wish to send the invitation to collaborate on the item.
  • Choose the person(so) you hope to share with.
  • They will be provided with a link they can use to collaborate/review.

Apple’s iOS 13 brings big enterprise improvements

Apple this fall will ship iOS 13. This will make iOS – and iCloud – much more useful within enterprise deployments. One focus is data separation, enabling enterprises to protect their own data while also protecting employee privacy.

  1. Managed Apple IDs improve in iOS 13: Managed Apple IDs for business are improved in iOS 13. Available to enterprises in countries supported by Apple Business Manager, these make it possible to assign separate work-related Apple IDs to employees.
  2. Single Sign-on Extension: The new Single Sign-on Extension is designed so enterprise app developers can deploy corporate ID solutions from the likes of Okta or Azure. (The much-discussed Sign-in with Apple solution isn’t intended as an enterprise product, the company has said).

Data separation for BYOD

Apple will also introduce data separation for BYOD programs in iOS 13. This consists of new User Enrollment tools that enable IT to deploy enterprise Apple IDs on employee devices to control enterprise apps and data while leaving employee data untouched.

Apps can either be unmanaged or managed, with the exception of Mail and Notes. Managed apps installed by a business will be controlled by IT while unmanaged apps (including Photos and so on) remain the domain of the user, and their personal Apple ID.

If a Note is created in a managed Apple ID it will be controlled, but if created in a personal account it will not be. The result is that it becomes possible to separate corporate from personal information and delete data once an employee leaves the firm without breaking an employee’s data – or monitoring an employee’s private life.

The end result?

It will be possible for enterprises to give employees two iCloud Drives: one will be a highly secure environment for personal data; the other a highly secure and also managed environment for enterprise data, which can be remotely managed through Apple Business Manager.

iCloud proves to be a viable enterprise addition

Apple’s growing market share and high degree of platform and online security makes iCloud a viable addition to an enterprise toolkit.

Related: Data shows time is right for ‘iCloud: Enterprise edition’

The ability to separate employee from corporate data on a single device, and to remotely manage permissions, deployment and new device setup through Apple Business Manager and third party MDM solutions provides a good starting point for wider enterprise use of iCloud.

However, data regulation and the need to satisfy sometimes complex data protection and data journey law means in more heavily regulated industries, iCloud becomes a useful addition to proprietary core services, rather than a replacement.

What are the system requirements for iCloud? 

iCloud requires a Mac running at least Yosemite and iOS devices running at least iOS 8. You can also access the service online through a compliant web browser and on Windows using the free iCloud for Windows app. The latter provides users with access to iCloud Drive and data sync from their devices. iCloud does not support Android.

Need a little more help?

Apple hosts its own extensive selection of resources to support MDM and device management here.

Numerous companies will guide enterprises in the deployment of Apple kit within existing infrastructure: Jamf, MobileIron, VMWare, SOTI, Cisco, BlackBerry, Accenture, SAP, Salesforce, IBM, GE and many others all offer various forms of support.