macOS devices are becoming an ever more prominent presence in the work place. This is chiefly due to two trends: bring your own device (BYOD) and employee choice policies. The first allows employees to bring their own devices onto the company network, while the second lets them choose which device they will be using in the work place. A survey conducted by Jamf earlier this year showed that, in the 580 organizations that participated, 72% of employees chose Macs and a further 75% chose iPhones when given the option.
Apple has been actively pushing for a higher adoption rate of Macs in the business environment, with new security features in High Sierra specifically aimed at enterprises. With the launch of its new 64-bit Apple File System (APFS), native encryption options available through FileVault and the possibility to set a firmware password that will prevent non-standard booting through USB sticks, Apple has shown its commitment to making Macs a viable alternative to PCs in the work place.
As Macs become more and more common in office environments, they can also become prime sources for data loss. While PCs running on Windows are more likely to fall victims to malicious outsiders because they make easier targets than devices running on macOS’s Unix-based architecture, neither OS protects data from their users. In the age of data protection regulations and massive data breaches, companies’ worst security vulnerabilities are often their own employees.
Luckily, there are Data Loss Prevention (DLP) solutions that help companies monitor and control sensitive data flows on their company networks. While there are fewer offerings on the market of DLP tools for Macs, there are a few things organizations should consider when shopping for a DLP solution. Here are the most important five:
1. Feature parity between operating systems
Most company networks run on multiple operating systems. Mac-only work environments are rare and are usually confined to the creative industries or small organizations. Bigger companies will oftentimes run on both Windows and macOS, sometimes adding Linux to the mix as well.
While organizations might be tempted to choose exclusively macOS-aimed DLP products, it’s important to keep in mind that an administrator needs to manage the DLP solution network-wide and having multiple solutions can prove a time-consuming and complicated task.
At the same time, because Windows continues to be the network of choice in the business environment, DLP offerings for it are the most advanced and varied on the market, with macOS counterparts often being limited and treated as an afterthought. When choosing a product, organizations must check that there is feature parity between DLP tools for Windows and macOS. In this way, companies get the same level of protection for data, whether on a Windows PC or Mac.
2. Zero-day support
With Apple rolling out one major macOS upgrade every year and updates on an almost monthly basis, zero-day support is essential for any company using Macs in the work place. This means choosing DLP solutions that ensure zero-day support, namely product compatibility before the official launch of new updates and versions of the macOS.
Without zero-day support, companies risk not only errors and the dreaded Kernel panics, but a lapse in their data loss prevention strategy which puts not only their data at risk, but if DLP tools are used as an active part of compliance policies with data protection regulations such as HIPAA, GDPR etc., it can also lead to noncompliance and steep fines.
3. Minimum device performance impact
One of the main fears concerning the adoption of DLP tools company-wide is the sort of impact they will have on both the speed of devices they are monitoring and employees’ productivity.
Endpoint DLP solutions generally operate on a server-client architecture which means a client must be installed on a device for DLP policies to be applied. For that reason, it is essential that the products companies choose have a small digital footprint and a minimum impact on device performance.
4. Easy to update
Updates can be an irritating and constant interruption in employees’ daily work. They can become especially troublesome in the case of DLP solutions when admins are the ones pushing client software upgrades and updates.
It is important therefore that these can be easily applied, without requiring device reboot or reinstallation. In this way, updates can run smoothly in the background without ever bothering employees in their work.
5. Test for Kernel Panics
Kernel panics happen when Macs encounter a critical error and automatically shut down. The frequency of kernel panics depends on what’s causing the error: it can happen once every few weeks or every time a Mac is booted up. 90% of the time software conflicts are to blame.
Consequently, it is crucial that, when testing DLP products prior to purchase, companies test the client software to make sure it does not cause Kernel panics in the Macs it’s installed on.
As Apple works on improving macOS’s security features and addressing the demands of enterprises, companies must not ignore its growing importance in the work place and ensure they have a solid plan for protecting data stored on Macs.