John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

Is Apple an “Enterprise-class Vendor” From a Security Perspective? Nah

by John Pescatore  |  November 19, 2009  |  1 Comment

This week’s Twelve Word Tuesday was about all those holiday season presents showing up on your network when everyone comes back to work on January 5th.  Apple is one of the major vendors of those “toys” and last week colleague Nick Jones asked for input on this question: “Is Apple an Enterprise-class Vendor?” At Gartner’s Asia Pacific Symposium this week, Nick debated another Gartner analyst (Robin Simpson) on this topic, and Nick blogged about it here.

Here is the response I sent Nick from the security perspective:

On the iPhone side, the fact that there is no actually supported management app and that any user can change any policy setting pretty much says it all.

Pretty much the same thing on the Mac side, plus patching issues – Apple vulnerabilities go unpatched for long periods of time, patches come out with any warning or much information at all.

Years ago I did a Research Note on how to quickly judge how serious a vendor was about enterprise security, and I graded lots of vendors. The easy test: go to www.vendorname.com/security and see what you find. Vendors fall into 3 categories:

  1. They get it – /security has good security info, an easy place to report bugs, etc.
  2. They don’t really get it, but they are in the enterprise business – /security tries to sell you on how secure they are, vs. help you stay secure.
  3. Consumer-grade company – you get error 404 or equivalent

Check out www.apple.com/security and you find they are clearly type 3 – nice picture of a snow leopard though…

Take a look and compare AppleGoogle, NintendoMicrosoft, Cisco, Oracle, Juniper, Nintendo, etc. and you see the differences and similarities between consumer-oriented vendors and enterprise oriented vendors – and which enterprise-oriented vendors “get” security.

This litmus test doesn’t really work for security vendors – some of them (like Symantec) make good use of the /security real estate, while for some reason others (like McAfee and Checkpoint) let it waste away in error 404 land.

1 Comment »

Category: Uncategorized     Tags:

1 response so far ↓

  • 1 John Dillinger   January 13, 2010 at 2:19 am

    No, of course macs are not enterprise quality. Not only do they consistently use less secure technologies to integrate with central de facto standards like Microsoft Active Directory, they force these de facto standards to dumb down their security considerably to allow interoperability.

    Mac has an outstanding operating system for usability and always has. If you can afford all the accessories, bells, and whistles to buy inferior hardware at home, you still really really will enjoy the user experience.

    For the enterprise, stop even perpetuating the illusion that Mac has a place. To further complicate the costs, buy an enterprise software package that supports IE and Firefox as opposed to one that even attempts Chrome or Safari. Cross-platform programming costs a fortune, and it shows when you find yourself having to buy the fits-all enterprise apps from big players like IBM or others.

    I bet you could go to several billion-dollar-companies’ web sites like airlines and find many parts of the page don’t work in Safari. If they can’t afford to program for it, why on earth do you think your business or organization can?

    http://mac-zealot.urbanup.com/4275690

Leave a Comment