Is Apple secure for the Enterprise?

Migration to Apple has security risks - time to train your staff? By David Swinden, 7Safe Digital Forensics Consultant | 22 February 2016

Apple has seen a steady rise in sales and popularity since its return to profitability in the late 90’s. Fast forward 15 years and Apple's growth both in revenues, and popularity has exploded with a company value of $775 billion during 2015 and analysts predicting it could be the first $trillion company over the next few years.

Compare this to Microsoft, that saw its heyday in the late 90’s with a value of $619 billion; and has a current valuation nearer $350 billion. Of course, Windows technology still accounts for around 90% of computer systems around the world. But surely with such opposing numbers you would expect the global tide to be turning…?

Apple for the Enterprise: the seachange is coming

Apple went through a phase of not wanting to fully embrace the enterprise market, being a largely consumer-focused company. Rather, it was quite happy to sit in a space of its own making and maintain a balance that allows it to sell large numbers of devices without having to bend to enterprise demands; instead empowering partners like Cisco and IBM to deliver on its behalf. However it is these new partnerships that show Apple is starting to see enterprise as its next  challenge. Apple CEO Tim Cook said in an earnings call at the end of October that the enterprise market is now a “major growth vector” with revenue up 40% on the previous year and earning them $25 billion.

So is 2016 the year that industry will start a shift to Apple in the work place? IBM has certainly made significant moves to embrace Apple and for a number of very good reasons citing that their Mac conversion is both making and saving them money. According to the IBM’s VP or Workplace-as-a-Service, employees with Apple devices need much less assistance from the helpdesk, 5% compared to 40% on the Windows side [1]. Employees are also more productive, are happier and although upfront costs may be slightly higher than Windows alternatives; residual values are significantly higher and the speed at which employees get up and running and productive is faster. At the end of 2015 it had already kitted 130.000 employees with almost 2000 more being deployed each week. 98% of Fortune 500 companies now use Apple products.

Could the shift to Apple reveal a shortfall in forensics and response?

Cyber crime is set to be the biggest financial cost to business over the coming years. Serious and Organised crime groups now make more money from cyber crime than drugs with its greater rewards and minimal risks. The cost of cyber crime to the global economy, according to Mcafee, was estimated to be more than $400 billion and is a growth industry. With the move to digital by companies; those that do not adequately prepare will be at an increasingly competitive disadvantage. Microsoft has long dominated enterprise and home markets with its Windows operating system but has had to deal with legacy systems; compatibility across an infinite combination of hardware; and the attention from ne’er-do-well’s that being the most popular brings. Because of its commanding position in the market there has been an almost exclusive investment in digital forensic research and training towards this platform. In 2014, over 317 million new pieces of malware were created; the majority of which were targeted at Windows desktop and mobile OS’s.

Apple Security - fact or fiction?

Apple has sat in relative harmony with the odd (but becoming more frequent) blip. Apple has always been perceived as having a number of factors in its favour from a security perspective. Firstly, it controls both the hardware and software meaning there are far fewer variables to take into consideration; it has an open source Unix foundation adding that low level functionality and security, and accounting for only 10% of the market has meant it is less appealing for cyber criminals or hackers to spend their valuable time developing exploits when there will be a greater return on their investment targeting the remaining 90%. But Apple exploits and vulnerabilities are increasing, or perhaps they have always been there but safe in Apples relative obscurity. With the release of El Capitan, Apple has made an interesting move to get ahead of the game and lockdown its Operating System. System Integrity Protection (SIP) is a relatively simple concept that was introduced with the latest OS and effectively prevents any user, including root, from modifying, deleting or adding to any system locations that could cause compromise. A very strong defence but is it a challenge to hackers that see a growing market for their OS X/iOS wares? The mobile First for iOS program between Apple and IBM has also seen the release of 100 iOS apps that target 65 professions across 14 industries including healthcare, banking and travel – three of the industries topping the cyber crime target chart.

With enterprise beginning to embrace Apple devices, there will be an inevitable increase in the demand for digital forensics and incident response skills focused towards compromises on this platform. It has often been the case that OS X investigations were volunteered to the Mac enthusiast in a unit and if security companies, CIRT’s, initial responders and investigators don’t start to make efforts to better support knowledge and research of the Apple platforms we could start to see a negative impact in successful mitigation and investigation.

David Swinden is an experienced Cyber Forensics Investigator and trainer at 7Safe – PA Consulting Group’s technical security team.  He is an acknowledged Apple OSX and iOS digital forensic expert, and specialises in Incident Response, Malware and Cyber investigations.

David developed and leads the delivery of our Certified Mac Forensics Specialist course and also instructs on the Certified Malware Investigator (CMI) and Certified Cyber Investigator (CCI) courses.

 David Swinden, Digital Forensic Consultant  

(Photo: David Swinden, 7Safe Digital Forensics Consultant)

"With Enterprise beginning to embrace Apple devices there will be an inevitable increase in the demand for digital forensics and incident response skills focused towards compromises on this platform."


« Back