Macs are gradually gaining popularity in the enterprise world and deploying a data loss prevention solution on these devices is becoming a pressing question.
macOS devices are becoming an ever more prominent presence in the workplace. This is chiefly due to two trends: bring your own device (BYOD) and employee choice policies. The first allows employees to bring their own devices onto the company network, while the second lets them choose which device they will be using in the workplace. A survey conducted by Jamf showed that, in the 580 organizations that participated, 72% of employees chose Macs and a further 75% chose iPhones when given the option. Another interesting fact to mention is that when comparing all the implied costs, like software and hardware updates, management and support, it turns out that Macs have a significantly lower total cost of ownership (TCO) than PCs.
Apple has shown its commitment to making Macs a viable alternative to PCs in the workplace, with security features specifically aimed at enterprises. As Macs become more and more common in office environments, they can also become prime sources for data loss. While PCs running on Windows are more likely to fall victims to malicious outsiders because they make easier targets than devices running on macOS’s Unix-based architecture, neither OS protects sensitive data such as Personally Identifiable Information (PII) or Intellectual Property (IP) from their users. In the age of data protection regulations, workstream collaboration (WSC) platforms and massive data breaches, companies’ worst security vulnerabilities are often their own employees.
Luckily, there are Data Loss Prevention (DLP) solutions that help companies monitor and control sensitive data flows on their company networks. These solutions prevent data leakage and data theft by scanning data in motion and data at rest, restricting the unauthorized use of removable devices, provide encryption options and more. While there are fewer offerings on the market of DLP tools for Macs, there are a few things organizations should consider when shopping for a DLP solution. Here are the most important five:
1. Zero-day support
With Apple rolling out one major macOS upgrade every year and updates on an almost monthly basis, zero-day support is essential for any company using Mac endpoints in the workplace. This means choosing DLP solutions that ensure zero-day support, namely product compatibility before the official launch of new updates and versions of the macOS.
Without zero-day support, companies risk not only errors and the dreaded Kernel panics, but a lapse in their data loss prevention strategy. This not only puts their data at risk, but if DLP tools are used as an active part of compliance policies with data protection regulations such as HIPAA, GDPR, PCI DSS etc., it can also lead to noncompliance and steep fines.
2. Minimum device performance impact
One of the main fears concerning the adoption of DLP tools company-wide is the sort of impact they will have on both the speed of devices they are monitoring and employees’ productivity.
Endpoint DLP solutions generally operate on a server-client architecture which means a client must be installed on a device for DLP policies to be applied. For that reason, it is essential that the products companies choose have a small digital footprint and a minimum impact on device performance.
3. Easy to update
Updates can be an irritating and constant interruption in employees’ daily work. They can become especially troublesome in the case of DLP solutions when admins are the ones pushing client software upgrades and updates.
It is important therefore that these can be easily applied, without requiring device reboot or reinstallation. In this way, updates can run smoothly in the background without ever bothering employees in their work.
4. Test for Kernel Panics
Kernel panics happen when Macs encounter a critical error and automatically shut down. The frequency of kernel panics depends on what’s causing the error: it can happen once every few weeks or every time a Mac is booted up. 90% of the time software conflicts are to blame.
Consequently, it is crucial that, when testing DLP products prior to purchase, companies test the client software to make sure it does not cause Kernel panics in the Macs it’s installed on.
As Apple works on improving macOS’s security features and addressing the demands of enterprises, companies must not ignore its growing importance in the workplace and ensure they have a solid plan for protecting data stored on Macs.
5. Feature parity between operating systems
Most company networks run on multiple operating systems. Mac-only work environments are rare and are usually confined to the creative industries or small organizations. Bigger companies will oftentimes run on both Windows and macOS, sometimes adding Linux to the mix as well.
While organizations might be tempted to choose exclusively macOS-aimed DLP products, it’s important to keep in mind that an administrator needs to manage the DLP solution network-wide and having multiple solutions can prove a time-consuming and complicated task.
At the same time, because Microsoft Windows continues to be the network of choice in the business environment, DLP offerings for it are the most advanced and varied on the market, with macOS counterparts often being limited and treated as an afterthought. When choosing a product, organizations must check that there is feature parity between DLP tools for Windows and macOS to safeguard sensitive information easier and more efficiently. In this way, companies get the same level of protection for data, whether on a Windows PC or Mac.
Endpoint Protector by CoSoSys is an enterprise-grade DLP solution that offers cross-platform Device Control, Content Aware Protection, eDiscovery and Enforced Encryption. If you’re looking for an industry-leading solution to ensure that your sensitive data stays safe on your Macs, we invite you to get in touch with us and learn how we can support you in your efforts.
Tags: dlp for mac