What's the difference between sensitive corporate or customer information on a Windows laptop and sensitive corporate...
or customer information on a Mac laptop?
"Compliance tends not to be a letter grade exercise -- it's pass or fail," said John Dasher, director of product management at PGP Corp. in Menlo Park, Calif. "If you're a Windows organization and 95% of your clients are protected because they're Windows, and 5% fail because they are Macs, you fail compliance for the company."
Whole-disk laptop encryption has gotten very popular in the last couple of years. Enormous numbers of laptops are lost or stolen each year, exposing credit card numbers and other personally identifiable information, including confidential business information such as intellectual property and memos about proposed mergers and acquisitions. If security isn't enough to make your organization shell out the money to encrypt its laptops, Payment Card Industry Data Security Standard (PCI DSS) and various privacy statutes could do the trick. The vast majority of corporate laptops run Windows, but a small but growing number run Mac OS X -- enough to make enterprises and security vendors take notice.
"Probably five years ago, we weren't seeing very many Macintoshes on campus, either for students or faculty," said Jon Allen, Baylor University's information security officer. "For students coming on campus now, it's amazing the number of Macs we're seeing, and, as a result, faculty staff have taken notice, so we are seeing a shift to more people adopting the Macs."
There are enough Macs to make them an important part of Baylor's program. The university is encrypting all employee laptops to comply with Texas privacy legislation. Baylor has encrypted some 600 Windows laptops with PGP Whole Disk Encryption, with perhaps 300 more machines, including as many as 150 Macs, to go. Mac encryption is now possible with the introduction of support for OS X, which was announced in June, shortly after Check Point Software Technologies Ltd. made a similar announcement for its full-disk encryption product.
PGP's Dasher likes to cite the case of the National Institutes of Health (NIH), which banned sensitive data from Mac laptops in April after a laptop containing at least 1,281 Social Security numbers was stolen. There are options now.
"Macs don't have to be treated like a dirty little secret," he said. "Now, from an IT perspective, it's just another client."
The overall numbers of Macs in enterprises -- 4.2% in 2007 according to a recent Forrester Research Inc. report -- isn't all that impressive, but that's triple the number from the previous year. Why? Start with a core of Mac devotees and the ease of the Mac interface; add the ability to run Windows robustly on the Intel platform, and throw in the Apple "cool" factor fueled by iPods and iPhones.
The who may be more important than the how many. OS X's Unix base makes it a popular choice for IT professionals. And the cool factor has spread to C-suite executives.
"Macs are very user friendly from an executive perspective," said David Vergara, Check Point's product marketing director of endpoint security. "They love their Mac laptops. They are putting very sensitive and timely information on there. They are dictating to IT the same level of protection of other machines throughout the enterprise."
Baylor's Allen said he feels that cross-platform support is increasingly important, citing backups, inventory and storage, in addition to encryption.
"We try to make sure vendors have cross-platform solutions, if they are available," he said. "Or, if they aren't, we try to get the commitment that they will pursue that."
Dig Deeper on Alternative OS security: Mac, Linux, Unix, etc.