Security could derail Apple's attempt to woo corporates

While Apple has established a dominant position in the consumer electronics market, enterprise buyers have proven a harder nut to crack. But there are signs that the number of Macs within the enterprise are increasing - albeit from a low base. That could be bad news for security chiefs.

According to figures from analyst group IDC, for Apple's most recent financial quarter, corporate sales accounted for about 3.5 per cent of all customers for its MacBook and iMac computers.

That may be a drop in the ocean for the Cupertino-based technology titan, given the stellar sales of its tablets and smartphones. But it's also indicative of how the corporate landscape is changing.

A recent survey of systems administrators conducted by the Enterprise Service Alliance, a consortium of Mac-based software vendors, showed companies expected the proportion of Macs within the enterprise to rise from three per cent of corporate systems in 2009 to five per cent by 2011.

Most IT leaders wouldn't countenance the idea of replacing their PC estate with Apple's Mac alternatives, but there is a growing acceptance that employees may be more comfortable with using their home system at work, said David Roberts, executive director of the blue chip IT users group, the Corporate IT Forum.

"So it may well be the case that there will be more Mac systems in the enterprise in future," he added.

But can Apple really be treated as enterprise ready? Its approach to security may give some IT leaders pause for thought.

The latest security update for Apple's OS X operating system addressed around 130 vulnerabilities. While the sheer number of vulnerabilities may have further dented Mac OS's supposed reputation for being secure, it is the sheer difficulty of assessing and verifying that a patch that size can be safely deployed which will concern IT professionals.

The key to managing security patches is to understand which systems need to be patched and to be able to test the patches in a timely manner, said John Kindervag, a senior analyst at Forrester Research.

"Security professionals must also agree with business units on a strategy for testing third-party applications," he said.

That process is made more difficult when vendor patching programmes deliver unexpectedly large updates, added Roberts.

"CIOs absolutely have to ensure that companies' computers are fully secure," said Roberts. But it is essential that the process is as painless as possible, he added.