Bottom Line: Going into 2020, CISOs’ sense of urgency for managing their fleets of Android, Apple iOS & macOS, Windows Phone, and Windows 10 devices all from an integrated Unified Endpoint Management (UEM) is transforming the MacOS Management and Security landscape.
For many, CISOs, the highest priority project they’re starting the New Year with is getting their diverse fleet of devices on a common unified endpoint management platform. “We’ve gone through no less than a dozen UEMs (Unified Endpoint Management) systems, and they are either very good at supporting iOS and macOS or terrible at every other operating system or vice versa,” the CISO of a leading insurance and financial services firm told me over lunch recently. “Our sales, marketing, graphic artists, DevOps, and Customer Success teams all are running on Macs and iPhones, which makes it even more of a challenge to get everyone on the same endpoint management platform.” He went on to explain that the majority of macOS and iOS endpoint management systems aren’t built to support the advanced security he needs for protecting Android, Windows Phone, and Windows 10 devices.
Unified Endpoint Management is a key CISO priority in 2020
macOS and iOS devices had their own endpoint management tools in previous years when they were limited in use. Now they’re common in the enterprise and need to be considered part of an organization-wide fleet of devices, making it a high priority to add them to the unified endpoint management platform all other devices are on. Further accelerating this change is the success of BYOD policies that give employees the choice of using the tablets, smartphones, and laptops they’re the most productive with. One CISO told me their BYOD program made it clear macOS and iOS are the de facto standard across their enterprise.
While endpoint management platforms are going through an Apple-driven inflection point, forcing the need for a more inclusive unified endpoint management strategy, CISOs are focusing on how to improve application and content control at the same time. How enterprises choose to solve that challenge are predicting the future of MacOS management and security.
Five Factors Driving the Future of macOS Management and Security
CISOs piloting and only buying platforms that can equally protect every device operating system, macOS, and iOS’ rapidly growing enterprise popularity and better support for adaptive access are a few of the catalysts redefining the landscape today. The following five factors are defining how MacOS Management and Security will improve in 2020:
- Enterprises need more effective endpoint and application management that includes Android, Apple iOS & macOS, Windows Phone, and Windows 10. There’s a major gap in how effective endpoint protection is across the UEM platforms today. Data-at-risk encryption and App distribution, or how well a UEM system can create, update, and distribute macOS applications are two areas cybersecurity teams are focusing on today.
- System integration options needs to extend beyond log reports and provide real-time links to Security Information and Event Management (SIEM) systems. CISOs and their cybersecurity teams need real-time integration to incident management systems so they can be more effective troubleshooting potential breach attempts. Sharing log files across other systems is a first step, yet real-time integration is clearly what’s needed to protect enterprises’ many devices and threat surfaces today. The following Splunk dashboard illustrates the benefits of having real-time integration beyond log reports, encompassing SIEM systems:
- UEM platforms that differentiate between corporate-owned and personal devices, content and authentication workflows, and data are defining the future of macOS Management and Security. Key factors that CISOs need in this area of unmanaged device support include more effective content separation, improved privacy settings, support for actions taken on personally-owned devices, and role-based privacy settings. MobileIron is a leader in this area, with enterprises currently using their role-based workflows to limit and verify access to employee-owned devices. MobileIron can also limit IT’s scope of control over an employee device, including turning off location tracking.
- Support and proven integration of Identity solutions such as Okta, Ping Identity, Microsoft, and Single sign-on (SSO) are defining the future of adaptive access today. This is the most nascent area of UEM platform development today, yet the one area that CISOs need the greatest progress on this year. Endpoint protection and system integration are the two areas that most define how advanced a given UEM providers’ platform is today.
- The ability to provision, revoke, and manage device certificates over their lifecycles is becoming a must-have in enterprises today. UEM platforms, in large part, can handle certificate device provisioning, yet Certificate Authority (CA) integration is an area many struggle with. CISOs are asking for more effective certificate lifecycle management, especially given the proliferation of macOS and iOS devices.
The five factors of MacOS management and security are transforming the Unified Endpoint Management (UEM) solution landscape. CISOs speak often of wanting to have a more integrated UEM strategy, one that can provide better SIEM system integration, differentiate between corporate-owned and personal devices, and also manage the lifecycles of device certificates. MobileIron has proven their ability to scale in a BYOD world and is a UEM vendor to watch in 2020.