Apple surprised the tech world last week by unveiling a developer preview of OS X Mountain Lion, the next generation of its desktop operating system set to ship this summer—just a year after OS X 10.7 Lion arrived.
Based on the information Apple has released so far, Mountain Lion will continue in the footsteps of its predecessor and bring more features from iOS to the desktop as well as strengthen ties to Apple’s iCloud service. (iOS powers Apple’s iPhone and iPad.) That makes Mountain Lion something of a mixed bag for enterprise environments: it has some features that are very useful for business users, while others—like its near-total integration with Apple’s personal cloud service—will likely raise red flags in the minds of CIOs and IT professionals.
Even so, the new OS offers some changes that will be particularly welcomed by mobile business users. Here’s a look at some of what’s new as well as a look at some of the concerns to keep in mind if you plan to update to Mountain Lion later this year.
If you’re someone who does presentations, you’ll like AirPlay mirroring, a feature that Apple first introduced on the iPad 2 and included with the iPhone 4S. AirPlay Mirroring allows a Mountain Lion Mac to wirelessly broadcast whatever is on its screen to an HDTV using the Apple TV set-top box. No doubt, this feature will be great for home uses like gaming and watching web-based video on your TV with next to no effort (something unlikely to sit well with Hollywood execs or companies like Netflix and Hulu that have gone to great lengths to secure licensing deals for streaming to set-top box devices).
What makes AirPlay mirroring for Macs valuable in the workplace is the ease of setup and the ubiquity of HDTVs (or projectors that can accept HDMI video). Pairing an Apple TV box with an Apple laptop creates a presentation system that can plug in virtually anywhere with just two cables (AC power and HDMI), no configuration needed. You don’t even need to be on a Wi-Fi network, because a MacBook Air or Pro can create an ad hoc network the Apple TV can join. That’s something that can easily be done in advance of a presentation.
Files in iCloud
The biggest business feature, however, has to be Apple’s iCloud. In Mountain Lion, iCloud will put cloud storage front and center. Mountain Lion’s open and save dialogs will include an iOS-like view of a user’s iCloud storage space, including iOS-style “folders” for grouping documents. Any documents stored in this space immediately propagate changes to versions of the documents on all of a user’s devices and Mountain Lion Macs. Updates take place in real time and you can even see the edits appear if you have a document open on two devices at the same time. You don’t even need to remember to save changes.
That’s a powerful feature that will let business users always have access to files they need, whether in the office, at a client worksite, at home, in an airport, or virtually anywhere else with Internet access. If Apple can get most of its developers, particularly those of business software, using iCloud document storage, it could revolutionize how we use mobile devices and computers in the workplace.
That may be a big “if,” though—iCloud document storage will only be available for apps sold through Apple’s Mac App Store. Beginning this spring, Apple will require developers to limit the ability of applications to interact with each other and with OS X itself—a process called sandboxing—if they want to sell their software through the Mac App Store. Many developers are hesitant about sandboxing and some claim complying with the requirement will mean stripping features out of most apps. (Some of Apple’s own Mac apps don’t meet the requirement at this point.)
It may also mean challenges for Macs deployed in the workplace, where IT staff typically roll out software using mass deployment tools. Apple has yet to create a Mac App Store version of its volume purchase plan for the iOS App Store, which allows businesses to buy apps in bulk for distribution to employee iPhones and iPads.
Even if Apple duplicates the volume purchase plan on the Mac App Store, the model may not work well in larger enterprise environments. The connection between purchases and individual Apple IDs runs contrary to the creation of standardized Mac configurations that are key to rolling out and managing large collections of computers in businesses or schools. That might force organizations to choose between deployment processes and tools that are tried and true (and efficient) and offering apps that are sold only in the Mac App Store.
Data security in an iCloud era
iCloud’s documents-in-the-cloud philosophy creates major security and privacy concerns for businesses. If data is placed in a user’s iCloud storage, it will be available on every device owned or used by that person. That makes it virtually impossible to secure private or confidential material. Even if there’s no intention to distribute confidential or sensitive data, the fact that it is accessible on so many devices and in Apple data centers makes it easy for documents to fall into the wrong hands. In regulated industries like healthcare, any use of iCloud or similar solutions can easily violate privacy laws with significant consequences. It also makes it easy for someone to alter documents, intentionally or not.
This is a already a concern with virtually any cloud service. But the potential impact when it comes to documents and any other data iCloud can sync is much broader—and much more serious.
I noted these concerns about iCloud when Apple shipped iOS 5 last fall. One of the big challenges I cited was that while administrators can use Apple’s mobile management frameworks to block iCloud functionality, they can’t do so in a granular way. The iOS 5 approach is pretty much all-or-nothing.
It’s too early to tell what iCloud management options Apple will include in Mountain Lion. Ideally, Apple will make it possible to configure iCloud access on a per-application basis. That would allow at least some flexibility. Otherwise, we may well end up in a situation where iCloud storage isn’t allowed on business Macs while other iCloud options like contact syncing are.
Of course, IT could also simply disallow all iCloud access. That might be going a step further than most people (users and IT professionals alike) would want, since it negates most of the functionality that Apple is bringing to Mountain Lion.
It’s intriguing to picture Apple offering a business iCloud feature — whether built-in to Mountain Lion Server, as an appliance device similar to the company’s Time Capsule, or as a service hosted by Apple that has enterprise-type controls. Although possible, I don’t think this is very likely, particularly given Apple’s general move out of the data center over the past couple of years.
In short, iCloud offers some powerful features and equally powerful risks.
One of the big advantages of the BlackBerry for business users has always been secure push messaging. Apple’s iMessage service in iOS 5 delivers that style of functionality for iPhones and iPads and Mountain Lion will bring that to OS X in the new Messages app . (You can try out the public beta of Messages now to get a feel for it, if you want.) Including this feature in Mountain Lion is a no-brainer and its functionality already works pretty well. Note: Messages replaces iChat, which has effectively been rolled into the new app.
Messages is without a doubt a great solution for mobile professionals, particularly since it can fall back on other technologies when communicating with non-Mac/iOS users, including SMS and various instant messaging services such as Jabber, which allows for intra-organization chat services (using iChat Server in OS X Server or another solution). That means Messages and Jabber can be combined into a unified and relatively secure messaging solution.
In other words, move over BlackBerry.
The new Notification Center’s power for any user is that it furthers the anywhere/anytime ethos of iCloud. Being implemented on iPhones and iPads as well as Mountain Lion Macs will create an ecosystem under which anytime a user needs to know something, he or she is alerted. This definitely has business implications because it makes sure that important information flows to a user and can be retrieved anyplace using whatever device or medium is most available.
Notification Center access on iOS and—once Mountain Lion arrives—on OS X really delivers on the idea of the connected mobile professional.
Reminders and Notes
It’s pretty easy to see how well these features will work for professionals. Quite frankly, it’s about time that OS X gained some of this capability in an easy-to-use and easy-to-sync fashion. Yes to-dos and notes have been around in OS X for the better part of a decade, but they’ve always been crammed into other applications where they didn’t quite fit. Again, its the iCloud integration that’s the killer feature for these apps. Unfortunately, it’s also a concern for IT as it creates the same risk of sensitive data escaping an organization (particularly with Notes).
Mountain Lion’s emphasis on sharing definitely makes it a social-first operating system. The inclusion of the new Share Sheets in the built-in apps and, presumably, in third-party apps makes it effortless to share any type of content. While there’s a limit to Twitter use in business, the ability to instantly share content using other methods — such as by email or Messages—offers the potential to drive a more collaborative work experience.
Interestingly enough, while Twitter sharing is built into the Share Sheet, there’s nothing there for sending content to big social networking sites like LinkedIn, Facebook or Google+.
Gatekeeper is more consumer than business
Gatekeeper has gotten a lot of attention as a security feature of Mountain Lion. It’s part of the Security & Privacy preference pane, and it essentially allows a user (or company) to limit the apps that can be used on a Mac. The options are pretty straight-forward: You can allow apps downloaded only from the Mac App Store, from the Mac App Store and trusted developers, or from anywhere.
Its inclusion in Mountain Lion is certainly an effective addition to Apple’s strategy of protecting Macs from malware. That said, I see Gatekeeper as being aimed more at consumers than the workplace. Businesses should already have broad anti-malware strategies in place that encompass Macs as well as PCs. That strategy should include restrictions against most users installing software, a standardized software update and patch management system and centralized antivirus/anti-malware solutions that are already in place.
In short, the situations Gatekeeper protects against should already be protected in business environments. Of course, a little extra protection never hurts anyone.
Mountain Lion Server—is Apple finally out of the data center?
Apple also made a developer preview of Mountain Lion Server available, but there’s been little discussion about it so far. (The Mac mini colocation blog did post some initial screenshots and impressions.) So far, it looks like Apple is sticking with its basic but simple small-business approach to OS X Server. That’s not really a surprise. In fact, I wouldn’t be particularly surprised to see some advanced functionality be removed or further deprecated than Lion Server. That remains to be seen — as does Apple’s overall plan for OS X Server as a whole.
OS X Mountain Lion continues the progression of creating a complete ecosystem for Apple users. The tie-ins between OS X, iOS and iCloud are prominent and they offer a lot of potential for business users. The big challenge for Apple (or third-party developers) will be figuring out how to provide IT solutions that offer the useful functionality of this ecosystem while still maintaining core needs like data security and mass deployment.
It’s important to remember that this is, after all, a developer preview and other features and tweaks may well show up before the final version is released later this year. Judging from what developers have been reporting online, however, this preview appears to be solid and functional, giving companies time to test it and figure out how best to incorporate it in their operations.
[Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to Peachpit.com. Faas is also the author of iPhone for Work (Apress, 2009).]