I get it. You’re one of those enterprises that doesn’t (yet) support Apple products among employees, but does that moratorium extend to the C-suite? I’m willing to bet it does not, and that’s why even Windows-only IT shops must learn how to secure Apple’s products.
Ignore the fantasy, this is reality
The reality is that Apple’s products are popular at work. And while there are many businesses that don’t officially support them, one section of civil society that pretty much always does their own thing no matter what are the boys and girls in the C-suite. I can still recall the number of CFOs I spoke with early on in the iPad days who were deeply interested in trying the Apple tablet. Many did. At a time when no one else could.
The rest is history.
That’s a pattern that continues today. Your employees may not be living like the Jetsons at work, but your CEO, CFO, COO and all the other Cs and near-Cs are far more likely to be giving it a go. Which means your corporate data is already on iPhones, iPads and Macs – and it’s not just any old data: This is the most confidential data your company holds – the information your executive teams use to run the business that pays your team’s wages.
That’s a valuable payload, which means those Apple devices are most certainly a target.
Are you protecting them?
What are the biggest threats?
There is a certain irony that one IT support chap I spoke with some years ago said his team didn’t pay attention to securing the CEO’s Mac because they were so much more secure. He seemed upset when I asked why, if that was the case, he was deploying other platforms across the company.
We don’t speak anymore.
He made a good point, of course. Apple’s products are inherently more secure. But that doesn’t mean they are perfectly secure. Bad things do still happen and there are well-paid industries focused on cracking the security protection on iPads, Macs and iPhones. Successful exploits (such as they are) sell for top dollar on the grey markets.
All the same, the biggest security threat for any company remains the humans using the technology. Criminals know they’ll make the money if they can convince someone to click that link, visit that spoofed website or accidentally install that keylogger or tidbit of software designed only to contact a remote server so ransomware can be installed. Then there are the phishing attempts, in which criminals attempt to exfiltrate passcodes, corporate and account data.
All those threats are bad in the consumer markets, but they can become even more vicious across the enterprise. Cleaning out a person’s bank account hurts badly, but what happens when someone raids the corporate treasury? How will bills and wages get paid? That’s a lot of money, and such attacks have become incredibly sophisticated. Which is why every Mac, iPad or iPhone-using C-suite executive really needs to ensure their tech teams are monitoring for the signs of such behaviours. And, typically, in companies that don’t officially support Apple’s kit (for reasons that make no sense to me), they’re not.
That’s a disaster waiting to happen.
What other people do
Those enterprises that do support Apple’s ecosystem typically use MDM solutions from the likes of Jamf, Addigy, Fleetsmith (as it was) and others to protect their entire fleet. These solutions don’t provide 100% protection and are typically boosted by products like Jamf Protect, partnerships with cybersecurity services, or at least some form of location-aware data and services firewall. That’s still not perfect, but it helps – and the understanding of security protection has moved to a more holistic models, rather than relying on outmoded models around perimeter security. The latter is necessary, of course, but the security it provides is limited in the current environment.
Larger companies may use a combination of on- and off-premises multi-cloud solutions to provide corporate and enterprise services and access to data, a model that means the information never really sits on the end user device, or (if it does) only a limited quantity of it is exposed at any time.
That’s fine if you support multiple platforms. But if you’re not supporting Apple in this way, then it’s your salty tears that will eventually become oceans when your CFO accidentally leaves her/his data-crammed laptop in a cab. If you’re lucky, they may have figured out how to best protect the Mac with perimeter security protections such as alphanumeric passcodes, biometric authentication, password protected folders, FileVault, malware checkers, the T2 chip and so on.
But you don’t know if that machine has such protection, (and you may not have added any sourced from an external provider). After all, you don’t support Apple.
Isn’t it time you secured the C-Suite?
Copyright © 2020 IDG Communications, Inc.