Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Two Lessons for Information Security from the iPhone and iPad

by Neil MacDonald  |  May 2, 2011  |  3 Comments

Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives?

1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those that Apple approves to be posted). Whitelisting is an extremely powerful security concept that hasn’t been widely used by enterprise IT – yet. Could Apple do more in terms of security testing? Absolutely, but there hasn’t been a major malware outbreak or market demand (yet) to change the current level of application certification.

2) The benefit of users running without administrative rights. You don’t have “root” rights on your iPhone/iPad unless you’ve jailbroken the device. The vast majority of users won’t be compelled to do this because they can do everything they need as a “standard user”. They extend the device, customize their environment, download and install applications, and so on without knowing that they don’t have “root” access.

Think about it.  Even with the removal of administrative rights and with implicit whitelisting, the users don’t complain about being “locked down”. 

Imagine what we could do for enterprise Windows users with a similar model…

3 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Microsoft Security Windows 7     Tags: , , , , , ,

3 responses so far ↓

  • 1 ed capaldi   May 3, 2011 at 4:47 am

    Hi

    I like your thoughts and we’ll try this out and get back to you on our prgoress. we’ve experimented successfully with BYOD and the users do what they want with it we just support them from the citrix session onwards, a NAC is fundamental in our set up

    For the record I’m CIO at a large Media (newspapers, magasines, online) Company. We are now 100% Microsoft after 10 years plus of having Macs and Windows we opted for citrix enabled workplace. Having thrown out the Apples we now have a much improved workplace, we had to educate users and techies because of their Apple bias but the fact is that with circa 1000 users we now have 300% improvement in performance and zero downtime on windows, in fact we have only ever suffered 2 ‘attacks’ and both came from G5s….Either we are lucky or maybe the truth is windows is more than adequate for corporate networks??? one thing is for sure since we dumped Apple the business and IT no longer fight, we are considered as partners and that can only be a good thing for both

  • 2 Anoop   May 3, 2011 at 6:31 am

    Yes true, the “Least Privilege policy” is applied across the resources, which helped our Microsoft environment secured, with less hassles and less complex. We have applied in the servers, Active directory. It was too complex and cumbersome to maintain Apple environment due to their security management limitation and of course the lack of centralized tool sets.

  • 3 Neil MacDonald   May 3, 2011 at 11:36 am

    @Ed and @Anoop

    Are you referring to limitations with the security management of enterprise Macs or of the iPad/iPhone devices?

    I ask because most of the endpoint security vendors have antimalware and firewall offerings for the Mac:
    http://blogs.gartner.com/neil_macdonald/2011/03/03/yes-macs-are-vulnerable/

    Also, third parties such as Centrify and Likewise have integrated Mac management policies including login credentails with Active Directory.

    On the iX devices – agree we are limited by what we can accomplish using ActiveSynch and the APIs that Apple has opened up.

    Neil