As mentioned in a previous post, A Least Privilege Apple a Day…, the adoption of the Mac OS is steadily increasing at the enterprise level; by some reports, doubling in recent years. Fostered by an association between iOS and Mac OS, and greater acceptance of BYOD, this trend is here to stay. As IT departments adjust to this changing landscape, so too must policy and security.
Organizations are faced with new challenges, (for example, BYOD is becoming the norm for many companies) and some old favorites (i.e. how often have your users done nothing to their computer, but it’s magically broken?) And while Apple continues to be vigilant about patching security holes, as do the respective vendors of software running on Mac, is that enough? We don’t think so.
BeyondTrust introduced PowerBroker for Mac in summer 2015 to address major security gaps in what is available for the Mac OS. Why? Because organizations want to adhere to least privilege standards across their enterprises – not just in their Windows desktop environments. We have been providing security products for Unix, Linux, and Windows for years, even holding patents on the methods for employing it. We knew from our customers they wanted similar functionality available for Mac as well.
To continue this forward momentum, we are adding some key features to the next release of PowerBroker for Mac, notably:
- The ability to deny applications from launching. Even a standard user with the best intentions can bite into a worm, (yes, it’s a cheesy Apple reference, but you can’t ‘deny’, it works). Setting deny policies on applications or processes greatly reduces the risk of malware, vulnerable applications, or misconfigurations of the system.
- User Messages. Users like to be informed, especially if they click an application that is being denied. Being able to provide a consistent message to users informing them why something has been denied, or prior to certain elevations, helps your users and you.
The evidence for the growth of Mac in the enterprise is there. The risks that come from this greater adoption are there. If your organization is supporting more Macs, check out PowerBroker for Mac. Because it is part of our IT Risk Management Platform, BeyondInsight, PowerBroker for Mac can be managed in the same way that our least privilege solutions on Windows, Unix and Linux are managed.
For more, check out the white paper, “Closing the Privilege Gap on Mac Desktops.”
Author: Jason Silva, Product Manager | BeyondTrust

Jason Silva, Sr. Solutions Architect
Jason Silva is a Senior Solutions Architect focused in Privilege Access Management (PAM), Identity and Access Management (IAM), and Least Privilege. Jason brings over 25 years of experience in solutions management to BeyondTrust's Privileged Access Management Solutions enforcing Privileged Password Management and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects including Automated Account Discovery, Privileged Management and Elevation, Audit and Compliance, and Reporting.