Mac is slowly entering the Corporate World, but can it cope with the security requirements?
Thursday, June 11th, 2009I am writing this item from Frankfurt Airport, Germany. I am using my MacBook Pro, connecting to the T-Mobile wireless account, and sharing the same infrastructure with everyone else here (same access point, same switch, sharing the same DHCP server with everyone etc.)
This has nothing to do with my post today, except that I just cannot tell you how I can “see everyone else, while no one can see me”. Well, not exactly. They see my Gatekeeper for Mac mini-computer and my MacBook is hiding behind it (I have my own DHCP Server on the Gatekeeper) – sorry, I cannot avoid mentioning it 
So, I am looking around and I see more Mac users than Windows-based PC users. This is not a real statistic, but the interesting point is that it’s no longer only students or young people. You start to see the suit and tie crowd using these computers, connecting to their corporate servers, “VPNing”, doing their corporate work that was totally dominated by Windows till not long ago.
This is in line with recent publications from analysts showing that since switching to Intel processors, Mac entered the corporate world, and is increasing its presence there. It is still a one digit % number, but this brings a new challenge to corporate IT. Many of these Mac owners, are very senior employees (only senior people can decide to get a non standard corporate PC). They also expect IT to support it.
Mac didn’t suffer from many Viruses and Malware attacks in the past. But, as the Mac is starting to be used by senior corporate people, it becomes an attractive target, very well selected, for identify theft, hacking into financial information and sources, getting credit card information, and do what hackers do today to Windows based PCs. OS X is not really more secure than Windows Vista, it was just less popular.
For IT, this is a huge headache, not only do they lack experience and knowledge in these systems as well as lacking tools and infrastructure to provide adequate service, but Apple and the security vendors are not ready to provide them with security infrastructure and solutions.
IT doesn’t have a security response team that is gathering information from Mac security experts, building procedures and tools, and providing real-time answers to Mac related security vulnerabilities. All that they have with Windows based PCs is missing with the Mac.
In addition, over 15 years of progress in Windows security is missing in OS X and it takes time to catch up. Meanwhile, corporate exposure is growing, and the hackers, using strong hunting instincts, are closing in.
Apple, is trying to close this security gap, and be proactive. Last Monday, Apple announced Safari 4.0, a release that fixes more than 50 vulnerabilities in the browser. I believe that Apple is trying to increase its effort and investment in security, however, they have a long way to go, and more importantly, it really requires to change some of the Apple culture and vision – which is the more difficult task.
So, it’s not that I wish for Apple to change its culture, but instead, upon entering the corporate world, I expect Apple to grow-up a bit security-wise, and step up to the challenge.
Meanwhile, I am using my MacBook with Gatekeeper Card. 
Cheers,
Shlomo.
