Apple Devices Go Unmanaged in the Enterprise

In terms of mobile device management (MDM) and password security, most businesses are giving Apple devices a pass, according to a new survey from identity management specialist Centrify.
Conducted by Dimensional Research, the study of 2,249 U.S. workers found that only 28 percent of Apple devices in the workplace have company-provided MDM keeping an eye on things. A minority of iPhones, iPads and Macs (35 percent) encrypt company data.
As it turns out, many of those workers are bringing their own Apple gear to the office.
Nearly half (45 percent) of those polled said they use at least one Apple device for work. Of those devices, 63 percent are personally owned and used to access business applications, work email and corporate documents.


In the workplace, 58 percent of iPads and 51 percent of iPhones are used to access business applications. Sixty-five percent of Macs are used to access sensitive or regulated customer data and 59 percent are used to access confidential information.
The Cupertino, Calif.-based iPhone maker has had an undeniable impact on the enterprise mobility market, but many organizations are skimping on managing the company's wares, suggests Centrify's study.
In business environments, 58 percent of Apple devices lack software to enforce strong passwords and only 17 percent of have a company-supplied password manager installed. Users aren't helping matters, either. Fifty-six percent of them admitted to sharing their passwords with others.
Alarmingly, some organizations are allowing their users to access sensitive data and critical business applications with weak, easy-to-crack passwords. "Ultimately there is no discernable correlation between password strength and sensitivity of information accessed or accessible from a particular device or user," said Centrify in a statement.
As businesses rush to mobilize their business processes, iPad-wielding workers may be putting their data at risk, according to Bill Man, Centrify's chief product officer. And the consequences can be costly.
The study "spotlights the massive exposures that occur when devices do not comply with standard corporate security policies," said Man in a statement. More than a nuisance for security-conscious IT administrators, those non-compliant devices can cause the attorney bills to pile up.
"In particular, customer data represents a huge liability," warned Man. "Disclosure of regulated information such as healthcare records could expose corporations to fines and other legal action."