Bringing Apple into the InfoSec Fold

Addigy, a provider of cloud-based Apple device management software, just announced new security and management enhancements to the its Apple Device Management Platform. These include new anti-spoofing protections, authentication, device provisioning and single sign on through existing directly services like Microsoft Active Directory.

The news highlights a number of realities that the cyber security field should acknowledge, if not fully embrace:

  • Apple products, from Mac laptops to iOS tablets and iPhones, represent a significant attack surface area, one that is not being adequately defended in many organizations.
  • Users of Apple products tend to be in senior positions. Their devices may be few in number, but they likely contain highly valuable data assets like information about trade secrets and financial dealings.
  • A lot more IT vendors are involved in security than anyone realizes. (Or, these vendors should be.)

Addigy has made its name with management tools, but now, as is the case with other comparable companies, it has been enjoined in the fight against malicious actors. Why? Because system and device management is essential to cyber security. Attackers look for vulnerabilities everywhere. Provisioning of iOS devices is a natural place to find points of infiltration. Addigy is addressing this risk.

Jason Dettbarn, CEO of Addigy

“Apple has been something of a second-class citizen in the security realm,” said Jason Dettbarn, CEO of Addigy. “But, the threat environment has caught up with the corporate world. There is a strong mandate now to defend Apple products against attacks.”

Dettbarn acknowledged that some of Apple’s marginal status in the enterprise was a direct result of Apple co-founder Steve Jobs’ indifference toward enterprise users. “These devices have been deliberately engineered with a lot of specific features that the user can’t control,” Dettbarn added.

“This has led to several vulnerabilities. For example, with an Apple serial number as the device’s sole identifier, it’s possible to spoof the device using a virtual machine. Then, you can log into a VPN and have total access to the corporate network.” Addigy provides a software-based agent that obligates the user to authenticate using the organization’s Identity and Access Management (IAM) solution.