Apple's iOS 7 is the company's most feature packed mobile operating systems yet - and undoubtedly its most colourful.

But for many businesses, it's what's under the surface that will count. Some organisations will look to take advantage of iOS 7's new security and mobile device management (MDM) features straight away, while others may survey the situation and make the switch down the line.

Green light

Jay McLaughlin, Chief Security Officer (CSO) at Q2ebanking, says that organisations that do want to upgrade employees' devices to iOS 7 can confidently give employees the green light to do so now - so long as the handsets are in a "non-jailbroken" state.

"iOS 7 presents new vulnerabilities in the fact it contains new code, technology and features," he says. "Once discovered, you'll see new exploits created - many of which would be used for jailbreaking purposes - which inherently breaks and destroys the strength of Apple's underlying security model for iOS."

He adds: "Historically, Apple has tightened its security within iOS with each subsequent release, adding stronger encryption, Data Execution Prevention, ASLR and the new A7 processor's 'Secure Enclave.' As such, when in a non-jailbroken state, the iPhone is one of the most secure consumer devices."

Blindfolded business people
Without IT assistance, device users updating to iOS 7 will be going in blindfolded

Preventative measures

"For some organisations, device wipe will be the only line of protection"

But what can a company do if it's not confident in giving the go ahead? Gartner analyst Ken Dulaney says that small businesses in particular will have little success in preventing users from updating to iOS 7 if they have no existing MDM solution in use.

"Upgrading can be a problem if bugs are found in the software, as there have been in previous iOS releases," he says. "There is an iPhone Configuration Manager that can be used to block some updates, but than can take great effort to use [for the first time] as employees would have to agree to the company's 'bring your own device' policies."

Delaney adds businesses with an MDM policy should issue a note to employees requesting that they wait to download and install the upgrade. The business can use this interval to evaluate risks and note bugs that emerge in the first few months after iOS 7's release.

"Some organisations may have little discipline to stop this, and if something goes wrong they will have to use device wipe through Exchange Active Sync as the only line of protection," he says. "They should make users aware that backup of personal information is their responsibility and that the business has no ability to protect it if lost during a device reset to protect the enterprise."

Controlling data

For Q2ebanking's McLaughlin, businesses with "bring your own device" (BYOD) policies in place should focus less on aiming to control employee's iPhones in the aftermath of the update and more on protecting corporate data.

"What organisations must keep in mind and realise is that they don't control the device," he says. "IT is losing more and more control of devices. Instead, they should be focused on what controls they can use to protect the corporate data, and information transmitted and stored on these devices."

He adds that companies should check to make sure the MDM solutions they are currently using to enforce BYOD policies will be compatible with iOS 7 and the iPhone 5S.

"This is critical for ensuring patches and updates can still be pushed to devices - not to mention being able to take control of the newest security features," he says.

iOS7
iOS 7 looks to offer greater control over data

App Wrapping

One feature that enterprise mobility company Cortado believes iOS 7 has killed off is that of "app wrapping," a technology for modifying existing apps by replacing aspects of it to add specific enterprise functionality like manged open-in, encryption, network access control, single sign-in and more.