Centrify Corp. has commissioned a survey to find the level of use and the security compliance of Apple devices in the workplace. The survey, conducted by Dimensional Research, concludes that a lack of security and management of the number of Apple devices used may expose companies to potentially “significant liabilities.”
Some 2,249 U.S. workers participated and 45% of them say that they use at least one Apple device in the work environment. While individuals and non-corporations owned 63% of these devices, they were used to access work email, corporate documents and business applications. Other findings include:
- 59% of Macs are used to access confidential company information
- 65% of Macs are used to access sensitive or regulated customer information
- 51% of iPhones in the workplace are used to gain access to business applications
- 58% of iPads in the workplace are used to gain access to business apps
As to the security levels of the devices used, 51% of all devices are secured solely by a single word or series of numbers password. Most of the devices, 58%, did not have strong password enforcement software and 56% of users said they share their passwords.
According to the survey, 17% of Apple devices have a company-supplied password manager and 28% have company-provided device management solutions onboard. Finally, 35% of the devices have encryption of stored data enforced by the company.
Centrify says that customer data represents the biggest liability. Healthcare records alone are subject to fines and legal action when compromised, as well as employment records.
Apple recently issued an application with iOS 8.4.1 that patched a hole in the sandbox app, which made it possible for iOS devices operating in managed environments to leak configuration and credential data to third-party apps. The vulnerability involved a permissions issue in the managed app configuration system introduced with iOS 7, which makes it easier for enterprises to administer iOS devices by providing a built-in mechanism for distributing and storing customized app configuration data, such as server URLs and corporate network information. Although the intent of the system was to limit access to files to the apps involved, the files were readable by any app installed on the device.
Related links:
For Centrify’s approach visit: www.centrify.com/apple.