What about security? In an era in which enterprise users are constantly under attack by malicious forces made up of hackers, cybercriminals, bots and automated malware, imagination and teamwork don’t necessarily correlate with security. Ingenuity and collaboration is paramount, but security is also paramount. In the traditional world, security isn’t supposed to be fun. For CISOs, compliance surpasses personalization.
Here is the good news. Security can coexist alongside inspiration and creativity. Apple has found the proper balance between freedom and security, usability and sanctuary. Apple has managed to assure an enhanced user experience that is secure at the same time.
While users love their MAC devices, they hate passwords, and who doesn’t. The ordeal of juggling multiple elongated passwords that must perpetually be changed is aggravating and in the end compromises security. So, Apple does authentication a better way. Apple unique security system called Secure Enclave enables Touch ID and Face ID to provide secure authentication. With Apple, even authentication can be fun.
In order for security to be effective, it cannot be an afterthought. Apple just didn’t encapsulate layers of security. Security is built into the hardware itself. Its security capabilities are actually designed into silicon, making them secure by design.
Take the example of Secure Enclave used for ID. Secure Enclave utilizes a separate and dedicated hardware processor to handle the biometric information of the user during authentication. Think of it as a separate computer dedicated just for security. It boots separately from the rest of the device and runs its own microkernel in total isolation. It is there in 4 MB of flash storage that the unique keys of that device reside. The OS never even sees the keys. All of this makes it next to impossible for hackers to decrypt sensitive information without having direct physical access to your device.
Security begins long before the ID process, however. The Secure Enclave Boot ROM is immutable code that establishes a hardware trust process from the moment the device is powered up. A secure boot process, which also runs in isolation to the rest of the device, builds a chain of trust through software, where each step ensures that the next is functioning properly before handing over control. This guarantees that only trusted code and apps run on the device.
Of course mobile devices demand encryption today and all Apple devices have encryption features to safeguard user data, even when other elements of the infrastructure have been compromised. Current iOS and iPad devices use file encryption methodology called Data Protection, while the data on Mac computers is protected with a volume encryption technology called FileVault. Both leverage a dedicated AES engine that is enabled out of the box in order to support line-speed encryption, ensuring that long-lived encryption keys never need to be provided to the kernel OS or CPU. In the case of device theft or loss, all Apple devices are protected by remote wipe so all data is safeguarded.
Of course, it is software that is the most vulnerable to malicious code. That is why Apple provides multiple layers of protection in order to combat malware. It all starts with the OS, and that means that devices must stay updated in order to garner the most secure code possible. All software updates are authorized to ensure that only software provided by Apple is installed. Not only does the internal software update mechanism ensure that updates are timely, it prevents downgrade attacks so devices cannot be rolled back to an earlier OS version as a method of attack.
With so many apps available for Apple devices, one may wonder how Apple is able to ensure the integrity of each and every one of them. Well, here’s how:
As a stopgap measure, Apple integrates internal sandboxing in order to protect user data from unauthorized access by Apps. In fact, data in critical areas of the macOS is even sandboxed, ensuring that users remain in control of all facets of the device interface. The end result is that users can download, install and run any app on their Apple device with total confidence that the apps themselves are only accessing their data in authorized ways.
In today’s mobile world, network traffic must be protected on and off premise. That is why Apple devices support standard security protocols such as VPN and secure Wi-Fi to ensure that users have a secure connection with the corporate infrastructure regardless of location.
Being locked down doesn’t have to stifle the user experience. Apple has definitely found a way to achieve the utmost security and protection of their devices, without compromising usability. Apple has always been dedicated to the idea that the interaction between users and their devices should be individualized. At the same time however, Apple also ensures that all interactions are uniformly secured as well. That is the balance that Apple has achieved and will continue to maintain.
As an Apple Authorized Reseller, discover WEI's recommendations for deplying Mac and Apple devices in yourorganization by reading our white paper, 5 Critical Best Practices for Deploying Mac Devices in Enterprise Networks.