Mac security gets a business boost
Businesses often thwart Macs from infiltrating their laptop ranks, and one reason given is that there’s no good way of encrypting data. A lost personal Mac may bring a few tears to the hapless owner, but a corporate Mac with sensitive data falling into the wrong hands is a lawsuit in the making and potential headline-grabber.
Lack of good Mac encryption, though, is quickly becoming a bugaboo.
Monday, PGP, a well-known vendor of enterprise data protection, said it plans to ship a full-disk encryption product for Mac OS X next month. This comes on the heels of a similar announcement: Check Point Software said in late May that it has shipped the industry’s first full-disk encryption for Mac OS X.
There’s no question tech vendors that serve businesses are swooning over the Mac. “The Mac is starting to make its appearance in the enterprise to a greater extent,” says Jon Oltsik, analyst at the Enterprise Strategy Group. “There’s definitely demand for more enterprise-class systems management, desktop operations, and security tools.”
Forrester Research figures Mac adoption in businesses tripled last year to 4.2 percent, largely due to grassroots efforts by small workgroups to bring Macs to work. As more employees demand Macs, business can no longer turn a blind eye.
Jon Allen, information security officer at Baylor University in Texas, has seen first-hand the pendulum shift a couple of times. Nearly all students and faculty worked on Macs until the mid-1990s when Windows PCs began to take over. By 2005, “we were a 95-percent PC shop,” Allen says. “But now we’re definitely seeing an increase in our Mac population on campus.”
Today, Allen supports 580 Windows PCs and some 150 Macs. Securing Mac data through encryption hasn’t been easy. Mac OS X comes with FileVault, an encryption tool for the home directory — a tool Allen dislikes.
For starters, FileVault can have lawyers fuming. If a Mac is lost, attorneys don’t have assurances that sensitive data actually resided in the home directory and thus was encrypted. And so they can’t make their case when fronted with Texas law concerning loss of sensitive information. What they need is full-disk encryption to ensure everything on the Mac wasn’t accessible.
Another problem with FileVault: Some Mac users at Baylor had forgotten their FileVault passwords and lost data. That’s a problem with a client-only solution. A business, on the other hand, needs centralized management of encryption tools for installation and backup, as well as repairs—that is, technicians and help desk need a pathway to get into the computer. “We encouraged people not to turn on FileVault until we have an enterprise solution,” Allen says.
Allen currently doesn’t encrypt data on Macs, but he’s been beta testing PGP’s full-disk encryption and plans to roll it out when the product becomes available. Not only will full-disk encryption better protect the university, but PGP’s centralized management tools should make his job easier.
Centralized IT management is key for businesses, agrees analyst Oltsik. “There will be smaller companies who do encryption for the Mac that will be a great fit for the consumer but that is not going to make it in the enterprise,” he says. “Enterprises want big names and central management … and the PGPs of the world supporting the Mac is an important step.”