The Importance of Data Loss Prevention for Macs
Apple products have increasingly gained popularity in enterprise environments due to perception that they are so secure they will never get attacked and no data will be leaked, but will they become a bigger target due to their growing market share?
Some of the biggest data breaches episodes of the last few years, from Target Corp. to Home Depot., share a common thread. Microsoft Corp. platforms were involved at some level. The most common explanation for the frequency of attacks on Microsoft platforms is that they are more or less everywhere, creating a bigger and more lucrative market opportunity for hackers.
What companies are using Macs?
There are two types of companies that adopt Macs. First one, companies that have Macs here and there, 3-5 in the Marketing department, 2-3 for top management and there are companies like Google who manage over 40000 Macs. Another example is Cisco where 25% of 63,870 employees use Macs due to the fact that users were allowed to choose between a PC and a Mac. Even though Apple’s support system for enterprises isn’t so advanced as in case of Microsoft, the higher cost per computer is compensated in big companies like Cisco by the fact that Mac users create a community and help each other. Also, Apple is notorious for seamless integration of software with hardware, which is why fewer incidents are reported to the support department, resulting in an additional factor to compensate costs. Look at IBM as well, which gives their workers the possibility to choose between Macs or PCs and plans to deploy 50000 Macs by the end of 2015.
BYOD has definitely contributed to the rapid increase of number of Macs in companies. Besides organizations that issue Apple computers to their employees, there are also businesses that allow people to bring their favorite computer to work. Apple fans bring that MacBooks for two reasons: one, because once they get used to a Mac, they cannot go back to Windows and two, because of the status that Apple products offer. If you spend 12 hours or more at a queue to buy the newest Apple product, there’s no way you miss the chance of showing it off to your friends and colleagues.
The rise of Macs in the enterprise environment
It’s amazing how Macs have been entering the enterprise environments in the last few years. In fact, in Q3 2014, Apple’s Mac market share for the US rose to 13.4, which was the highest ever and placed Apple on third place behind HP and Dell. At a global level, Apple market share for computers grew 20.5 percent between Q3 2013 and Q3 2014 and placed the company on number 5 among the top PC makers. Moreover, at the end of last year, Apple disclosed the fact that they are investing in a sales team dedicated for enterprise sales.
It’s clear that the number of Macs in the enterprise is constantly rising, so businesses must adapt their data security strategy to integrate OS X platforms. Regardless of the smaller number of attacks directed to Macs or the malware spread to OS X, there is still the threat of malicious and non-malicious insiders who, without proper DLP tools in place, can send sensitive information to recipients outside of the company network. In a recent research we made on our customers having both Windows and Mac OS X computers, we were surprised to find out that 50% of respondents have sent e-mails to the wrong person. The percentage is dangerously high and of course, the Operating System is less important in this case.
The main idea here is that Macs have the same level of vulnerability in the face of such threats, as Windows computers do. Data Loss Prevention software can prevent this type of incidents by filtering documents before they are sent by e-mail, according to the policies of each company. For some, there is sensitive customer data to prevent from leaking, for others, financial data, healthcare data, etc. There are several filters available in DLP solutions, like file type, keywords, predefined content like Credit Card Numbers, Social Security numbers, etc. or Regular Expressions. Policies can be optimized according to the behavior of employees in each company. There are detailed reports that notify the Admin about what documents are transferred or what content is copied, by who and on which application, if it’s Outlook, Skype, Dropbox, Evernote, etc. and these reports help the Admin to detect actions that violate the policies and take further measures to correct this behavior.
It is not easy to secure data in a cross-platform environment. People use different apps to transfer data on Macs than they use on Windows, users’ profile is different, most of the security tools are not available for Macs, etc. However, things are changing and vendors have started to realize the importance of developing features that are compatible with Macs for their security products. Slowly, Data Loss Prevention for Macs is becoming a must in any DLP vendor checklist and any organization that integrates Macs in the network.