As mentioned in a previous post, A Least Privilege Apple a Day…, the adoption of the Mac OS is steadily increasing at the enterprise level; by some reports, doubling in recent years. Fostered by an association between iOS and Mac OS, and greater acceptance of BYOD, this trend is here to stay. As IT departments adjust to this changing landscape, so too must policy and security.
Organizations are faced with new challenges, (for example, BYOD is becoming the norm for many companies) and some old favorites (i.e. how often have your users done nothing to their computer, but it’s magically broken?) And while Apple continues to be vigilant about patching security holes, as do the respective vendors of software running on Mac, is that enough? We don’t think so.
BeyondTrust introduced PowerBroker for Mac in summer 2015 to address major security gaps in what is available for the Mac OS. Why? Because organizations want to adhere to least privilege standards across their enterprises – not just in their Windows desktop environments. We have been providing security products for Unix, Linux, and Windows for years, even holding patents on the methods for employing it. We knew from our customers they wanted similar functionality available for Mac as well.
To continue this forward momentum, we are adding some key features to the next release of PowerBroker for Mac, notably:
- The ability to deny applications from launching. Even a standard user with the best intentions can bite into a worm, (yes, it’s a cheesy Apple reference, but you can’t ‘deny’, it works). Setting deny policies on applications or processes greatly reduces the risk of malware, vulnerable applications, or misconfigurations of the system.
- User Messages. Users like to be informed, especially if they click an application that is being denied. Being able to provide a consistent message to users informing them why something has been denied, or prior to certain elevations, helps your users and you.
The evidence for the growth of Mac in the enterprise is there. The risks that come from this greater adoption are there. If your organization is supporting more Macs, check out PowerBroker for Mac. Because it is part of our IT Risk Management Platform, BeyondInsight, PowerBroker for Mac can be managed in the same way that our least privilege solutions on Windows, Unix and Linux are managed.
For more, check out the white paper, “Closing the Privilege Gap on Mac Desktops.”
Author: Jason Silva, Product Manager | BeyondTrust
Jason Silva, Sr. Solutions Engineer, BeyondTrust
Jason Silva brings over 25 years of solutions and management experience to the industry. Currently serving as Senior Solutions Engineer for BeyondTrusts' Universal Privilege Management Platform, he uses this knowledge to help customers realize the value of our solutions throughout the product lifecycle. Earlier in his career, he found success as a software developer in a global consulting company and spent over four years managing IT and Regulatory Compliance in the banking industry.
Specialties: Microsoft Active Directory, Microsoft Group Policy, Pre and Post Sales Training, Sales Engineering, Enterprise Security Tools, Privileged Access Management
