The switch to mobile and remote work exposed grim security realities for many companies during the pandemic, and this seems to be driving change at the very top of the tech tree. For example, Apple has joined the Cyber Readiness Institute (CRI) as a co-chair.
The Institute focuses on helping SMBs (small and mid-sized businesses) improve security practices by developing free resources to help them. This builds on the work platform providers already do to secure their platforms by educating and preparing enterprise customers with enhanced security awareness.
This will become increasingly important in the new post-pandemic business landscape in which at least 57% of U.S. companies have made major investments in expanding their mobile device deployments, according to SOTI. But many enterprises face problems managing these fleets, and one enterprise’s management challenge is a cybercriminal’s exploit opportunity.
The need to protect the entire supply chain is critical to the function of the CRI. As Co-chair Samuel L Palmisano said:
“We need to quite honestly simplify best practices for small businesses. Part of the process in convening leadership is to converge their ideas and come up with an approach that applies to SMBs.”
Apple’s decision to join CRI follows an agreement to work with the White House and tech firms to improve supply chain security resilience. Now as a co-chair of the Cyber Readiness Institute, it can share best practices and experiences it has learned that may help protect businesses.
Apple’s promise at the White House was that it would “establish a new program to drive continuous security improvements throughout the technology supply chain.”
As part of that attempt, it said it would work with suppliers to “drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.”
The decision to join CRI potentially follows this commitment.
The existence of CRI reflects growing comprehension among larger enterprises of the necessity to protect the entire supply chain, including smaller outsourced suppliers. Experience, ransomware heists and highly targeted phishing attacks have shown how poorly secured suppliers can fall to determined cyberattacks, particularly as nation-state backed and well-sponsored criminal attacks multiply. At every point, enterprises must get smart about security.
“Apple’s commitment to raising the bar for cybersecurity across businesses of all sizes, as well as its global reach, will help CRI advance its content and scale its mission,” said Christopher G. Caine, a co-founding member of CRI.
“We look forward to collaborating with Apple on developing innovative programs to improve the security of global supply chains by focusing on practical steps SMBs can take to be more cyber ready.”
I imagine part of this work will see Apple publish a range of free and in-depth security guides focused on the needs of business users. That’s a good thing, given the company generally has a good security story to tell (scare stories around Visa cards and Apple Pay aside). But part of that story must be the concession that security protection is a constant challenge.
COVID-19 accelerated a move to remote working and support for mobility, but the rapid proliferation also enabled security weak points to develop. SOTI’s recent “A Defining Year: State of Mobility 2021 Report” exposed deployment problems around such use. While 87% of US enterprise leaders agree their organizations can do more to improve agility and adaptability to new scenarios, managing all these distributed devices has been a challenge.
We’ve seen plenty of movement across the Apple-focused device management space in the last year as companies respond to this growing need to secure mobile device fleets. Along with its partnership with Acronis, Jamf’s acquisition of Wandera and cmdSecurity ramped up that MDM provider’s security credentials, and we’re seeing contextual (time, person, location, device) security models emerge.
Elsewhere, Apple, 1Password, and Cloudflare have all introduced systems to help protect email; iCloud+ provides a built-in private relay system to protect your Safari browsing traffic; and we continue to see new bulwarks for security and privacy appear.
All the same, the need for organizations such as CRI to explain and lead on enterprise security reflects the speed of security evolution across all platforms. For many businesses, just keeping up with and verifying the flotilla of new security enhancements and vulnerabilities across multiple platforms, providers, and services becomes its own challenge.
Helping business users navigate change is what digital transformation leadership is all about, and security is just one (important) component of that.
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.