503.640.5100 sales@roinc.com

There are many positives to integrating more Apple Mac’s into your office flow, and some reasons why it may not be the right thing to do. Here’s our list

Gone are the days of strictly Mac and strictly PC workplaces. With more and more businesses utilizing a combination of machines running different operating systems, cross-platform networks really are everywhere.

Now, it’s completely commonplace to see a MacBook Air sitting on the same desk as Windows-running tower at a startup. And larger companies sometimes have  one wing or an entire department using Macs, and another using PCs. Instead of considering a way to outfit your company with one or the other, consider using both of them based on the needs and preferences of your organization.

The truth is not black and white, but the following are true, even if many IT shops remain willfully ignorant to the facts and hang on to Mac realities and stereotypes from the 1990s:

  • Macs are more secure out of the box than Windows PCs.
  • Macs can be managed at scale.
  • Macs provide an operational recovery option that an all-Windows environment doesn’t.
  • Macs do what most people need, though there are critical corporate needs that only Windows apps serve.
  • Macs cost a little more than business-class PCs, however their total cost of ownership (TCO) is usually lower.
  • An all-Mac environment is unreasonable; but maybe a an all-Windows one is equally so in today’s environment.
  • Windows PCs, running Windows 7 today and Windows 10 in a few years, will remain the standard computing device for the majority of users.

Best fit for a Mac

The bottom line: Executives and road warriors are the best candidates for Mac use in a company, in addition to the historic Mac enclaves of application development and creative functions such as marketing and design. Why? Because Macs are better suited to thwarting phishing and other attacks on these sensitive users’ systems and for operating outside your network.

“Regular” office workers should be given a choice as to whether to use Windows or OS X, if their job requirements are satisfied by either platform. Why? Because having a certain percentage of non-Windows users provides a fail-over capability in case of a malware or hacking meltdown, as well as lets some users work with devices they are more comfortable with.

A good metric is that about 15 to 25 percent of employees should be using a Mac, with the higher percentage aimed at companies that focus on software and creative work. For example, Cisco Systems, once adamantly an anti-Mac company, now has about 20 percent of its users on Macs (that’s 35,000 Macs), a feat that turned out to be easily accomplished and did not increase IT resource needs. (I hear similar stats from CIOs I meet at conferences, though so few companies use Macs to any scale that all I can offer are such anecdotes, rather than statistical “proof.”)

The pros of a Mac in an Enterprise Environment

The Mac aids your security and recovery needs

It still shocks me how much time and money IT organizations spend on securing Windows PCs, such as for incessant antivirus updates and frequent infection-cleanup efforts, for managing backups and encryption, and for dealing with dozens of often problematic fixes every month in the infamous Patch Tuesday releases.

Windows has lots of security and management APIs, of course, which let IT go to town in securing and managing them using tools like System Center — at a huge cost. Gartner estimates that IT organizations spend $2,000 to $2,300 per user per year to manage and secure their Windows PCs. Yikes!

Management tools. The good news is that you can manage Macs for the same or lower cost, depending on the approach you take. The more Windows-like your management approach, the more it will cost to manage your Macs. From high to low cost:

  • Microsoft’s System Center supports Macs running OS X Yosemite if running a Microsoft configuration client. There are also System Center add-ons to extend Mac management capabilities, such as from Centrify.
  • As of OS X Lion and more so OS X Mountain Lion, Apple made most of its iOS management and security APIs available to OS X. Using a mobile device management (MDM) server you likely already have, such as those from MobileIron and VMware’s AirWatch unit, for iPhones and iPads you can manage Macs’ security and configuration remotely, based on Active Directory groups.
  • Smaller organizations can use the $20 OS X Server to do the same, as well as manage network backups via central Time Machine servers.

Because few IT pros I talk to are aware of this, you should know that Macs have full-disk encryption that you can manage through policies, controls over admin privileges, password-required login, lock a Mac’s bootup to a specific drive (that requires hands-on setup at the Mac itself, though). For guest and shift workers, you can even set a Mac to work off a remote boot from an OS X Server or use the local multiple-accounts capability built into OS X that separates user data from each account (similar to Windows’ approach).

Where the Mac has less security than Windows is in its hardware: There’s no Trusted Platform Module to provide extra protection to encryption keys on the computer itself, and Macs don’t use UEFI for secure boot, only the less-sophisticated EFI technology.

Backup and recovery. Backup becomes less critical as more corporate data moves to cloud services such as Microsoft’s OneDrive, Box, or Dropbox. But automated backup is native to OS X, via its Time Machine tool. You can back up to a dedicated drive for each Mac or to departmental Time Machine server running on a Mac equipped with OS X Server. (Try that in Windows!) For broader-scale backup deployments, providers such as Acronis provide cross-platform backup.

Apple’s backup approach creates a fully usable environment image that you can install to another Mac if needed, so you can get a user up and running fully intact on a new Mac, or on a new drive, or on a wiped Mac. It’s quite easy to recover a Mac and mines downtime. By contrast, recovering Windows PCs takes much more time and effort.

Malware. Then there’s malware, the bane of users and IT departments everywhere. Malware is so common in Windows that new variants rarely make the news any more, whereas IT security folks are still obsessing over a Mac Trojan from several years ago that affected some thousands of users. That should speak volumes.

If you’re concerned about malware, you should use a Mac. Until malware creators figure out how to bypass OS X’s native security — it has a lot, including code-signing so that malware can’t self-install — the Mac is a safer platform. Plus, Apple updates the antimalware signatures automatically every day. Although no IT department believes me, you don’t need antimalware software on a Mac — but, hey, install it if it makes you feel better. It’s your money.

The monoculture risk. I recommended that executives and road warriors be issued Macs mainly because Macs are more resistant to phishing and other malware attacks, so the usually critical information for these users is better protected. Also, the use of MDM to manage the Macs works easily whether a Mac is in the office or in a hotel or café.

I also recommend that every department have at least some Mac users, around 10 percent, so the company can keep operating if it gets nuked by a malware attack. This is a real possibility, as we saw with the Sony Pictures Entertainment attack last fall. The malware neutralized all the Windows PCs and servers at Sony, and the only computers that could function (because they were immune to the malware) were Macs and iPads.

As any biologist will tell you, a monoculture is dangerous because a single pest or disease can wipe out an entire forest or field. You need diversity to increase the chances that some entities will survive. IT security should think the same way: You need technodiversity in case of a techno-pest or techno-disease. IT likes to standardize, to a fault. Operational recovery will be faster if not everything fails. Think of those Macs as your fail-over PCs.

Given that IT organizations have long known how to support both Linux and Windows servers, and in recent years have learned to support two or three mobile platforms, supporting two desktop platforms should be well within their capabilities.

Macs are not overpriced versus Windows PCs

There’s no question that Macs are expensive, easily $2,000 for a business-class iMac, MacBook, or Mac Mini setup. That’s usually cited as a reason to pooh-pooh Mac adoption. However, a comparable business-class PC from Dell, Hewlett-Packard, or Lenovo costs about the same — maybe $200 less, maybe $100 more, depending on configuration and level of portability.

Comparing the cost of Macs to cheap PCs is misleading, as enterprises don’t buy cheap PCs that home users do. It’s a dishonest argument.

Macs are also more durable than PCs, so over time, you’ll spend less on repairs and replacements. That’s certainly my company’s experience, where about a quarter of all computers are Macs, and I’ve heard the same from Cisco, Intel, and others.

Support costs are typically lower for Macs, mainly because OS X users need less support. That stat is somewhat misleading because in most companies the people who have Macs are the ones who choose to have Macs, and such people tend to be more computer-literate and self-supporting no matter what technology they use.

I’m sure that support costs, especially around training, for the typical users will be the same whether they use a Mac or Windows PC. But the malware remediation costs for Mac users will be much, much lower (close to nil).

The bottom line is that the TCO for Macs is no higher than for Windows PCs, and in most cases lower. IT organizations fretting over budgets should take note.

The applications mix is a key consideration

Macs integrate so easily with other Apple devices, such as iPhones, iPads, other Macs (like the ones at home), and Apple TVs — especially if you use Apple’s Mail, Calendar, and Contacts clients, as well as its iWork suite. Settings stay in sync, for example, and moving data around them is easy, as is making presentations in a conference room via AirPlay.

The integration is a real convenience for users, but it often scares the bejesus out of IT, which (incorrectly) views that “liquid computing” flow as data leakage. IT will have to get over that fear, since Microsoft is also on that road with Office 365, which includes not only Office but Exchange, Azure Active Directory, OneDrive, SharePoint, and Windows settings synchronization.

The real question is whether you allow users to live in their platform’s native app ecosystem (since files move pretty easily across them) or enforce a Microsoft-centric ecosystem across Windows and OS X (and iOS and Android). Microsoft is probably a year or two away from having its extended Office 365 suite work reasonably well on all four platforms, so you’ll probably need to supplement it with Apple’s own apps for a while.

The good news is that Office 2016 for Mac looks to be a reasonable subset of the Windows version, and although Microsoft’s Outlook client has a clunky UI, it offers some capabilities not available to Apple’s clients, like email delegation. Basically, IT can keep to the Microsoft standards for office and communications apps for good-enough functionality and give some users the discretion to go with Apple’s clients where it doesn’t conflict with legitimate management and security policies.

For browsers, the Mac has Safari, Chrome, and Firefox, which are equivalent to their Windows versions, so no real issues here. With Internet Explorer on its deathbed, the browser issue and related dependencies on ActiveX are no longer the operational problems they once were. And though the new Edge browser (aka Project Spartan) doesn’t look like it will come to OS X, its greater support for HTML standards should help websites and Web apps on it fit well with the Mac’s browsers.

The big issues come up for apps when you leave the office productivity realm. For every cross-platform business app like AutoCAD and Acrobat, there are more apps that are Windows-only, such as Statistica. And there are apps whose Mac versions lack core functionality available only on Windows, such as many Oracle and SAP client apps, Excel (for macros and Visual Basic support), and Intuit QuickBooks.

The increasing use of Web apps is minimizing the Mac’s app isolation, but it remains a big issue for most specialty apps. Sure, you could run Windows via Parallels Desktop or VMware Fusion on a Mac for such Windows-focused apps, but if you use such apps routinely, you should cut out the middleman and opt for a Windows PC.

Saving Windows

PCs are strong computers to have for enterprises, as there is more support readily available to run a PC network for a large company.

However, that’s beginning to change as more offices have networks consisting of both Macs and PCs. Both systems have their pros and cons, so we suggest talking to your IT Company or a reputable technology vendor about what your people will need to do their jobs. Resource One is an Apple Certified IT provider.