IBM last week announced a new scheme to sell Macs to larger enterprises, with help from JAMF Software’s Casper Suite. I caught up with JAMF Software CTO, Jason Wudi, to find out what pitfalls enterprise chiefs should avoid when deploying Macs.
Don’t manage Macs like iPads
Macs aren’t iPads based on a mobile-focused and fully networked operating system like iOS. The versatility of the Mac means there’s life in the Apple “truck” yet, but also demands management tools to be more versatile than the MDM solutions used for mobile deployments. “There are many times when a more complete toolkit is required for maintaining a fleet of Macs. One example? MDM tools lack the imaging workflow capabilities for scalable Mac deployment,” says Wudi.
But don’t manage them like PCs, either
Some IT departments may attempt to manage their new Mac infrastructure using tools developed to manage Windows deployments. This is a mistake. “The platforms are different enough that it’s nearly impossible to manage both well from a single tool. Many vendors offer a “cross-platform” solution, but none deliver a great experience,” warns Wudi.
Don’t scrap usability for security
There is huge pressure (and a massive need) for enterprises to deploy strong and effective security policy to manage any kind of tech infrastructure deployments. Yet these solutions are built for humans (IBM’s 2014 Cyber Security Intelligence Index found 95 percent of all security incidents involve human error). It’s easy to rely on old security concepts (such as firewalls) rather than to focus on new solutions for intrusion detection or pattern recognition. However an enterprise chooses to secure itself, the benefit of digital transformation of the business relies on empowering, not inhibiting, employees. “Nothing turns users against organizations and IT faster than an overzealous security policy,” warns Wudi. “While it’s vitally important to maintain good security posture; it can’t be at the expense of usability.”
Don’t skip the updates
Apple ships new versions of its OS each year with frequent updates across the typical 12-month cycle. “Consumers are familiar with upgrading their Macs at home and they will expect an update in the workplace as well,” Wudi says. Enterprises can satisfy themselves as to compatibility with major system upgrades with the rest of their infrastructure by joining Apple’s beta programs, “to test the new OS before public release to help identify and remediate any potential issues,” he advises.
Don’t rely on third-party encryption tools
Macs ship with built-in disk encryption capabilities. FileVault, will automatically encrypt all the data on your disk. This means the entire disk can be encrypted and secured. “With an Apple device management tool, you can enforce encryption and escrow recovery keys from a central console,” Wudi points out – though his company is one of those that develops such tools.
Don’t block the App Store
There’s this enduring mind set among enterprise computing types that just because employees don’t make the purchasing decisions they should be offered no or little choice as to how they set up their machines. This is an antiquated mind set because “employees more readily become high-impact performers when their work experiences are contextualized to meet their needs,” explains Gartner research VP, Mike Gotta.This contextualization should embrace Apple’s App Store where Mac users can purchase and install apps. The App Store also benefits enterprise users. “With the Volume Purchase Program (VPP), organizations can take advantage of this distribution channel while still maintaining central purchasing and licensing controls,” says Wudi. “Barring exceptional circumstances, there’s no reason not to embrace the App Store,” he said. Do your concerns about shadow IT really reflect poor user experiences in your chosen solutions?
Apple has worked hard to make it easier to integrate its platforms within heterogenous set-ups.OS X ships with a native Active Directory (AD) plug-in, connects to Microsoft Exchange with the native Mail client, and supports all standard networking, printing, and file share protocols. “Today, there’s no reason to segregate the Mac environment. Go ahead, bind the Macs to AD, connect all your network shares, and bring them into the fold,” says JAMF Software’s CTO.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Got a story?Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.