Don Jones

Tech | Career | Musings

Here’s the article I’m commenting upon. While I’m a little bit of an Apple fanboy, I’m a critical thinker first and foremost, and I do hate it when people on the blogosphere – even writers I normally enjoy and respect – go off the deep end.

Read the article first. Don’t disagree or agree with anything – this isn’t a debate; it’s an exercise in critical thinking. Spot the flaws.

Not least among them the fact that 73% of IBM employees – the company whose personal computer division was once almost synonymous with Microsoft – want a Mac as their next PC. The company is currently equipping its employees with Macs at the rate of 1300 people per week.

That’s lovely – and must certainly be exciting for Apple. Given the higher overall acquisition cost of a MacBook versus the major competitors, like Lenovo, Dell, and HP (especially for business-class laptops), this is a big deal.

ndeed, IBM Japan has gone as far as making Macs standard-issue: any employee wanting a Windows machine instead has to make a special request justifying their need.

Well, okay then – but you can’t have it worth ways. If it’s been made a mandatory “choice,” then obviously the deployment numbers are going to be big. This isn’t so much a  “win” for Apple as it is the same-old lazy IT management philosophy we’ve seen for decades, just shifted from PCs to Macs. It’s still the “we can only deal with one option when it comes to support” attitude, which for a company the size of IBM is a little depressing.

Hard drive encryption, for example, used to be something the company had to implement on top of a standard Windows installation; with macOS, FileVault is a standard installation option.

Um, BitLocker.

It also saved money on anti-virus protection, XProtect built-in to Macs while Windows machines require third-party software.

Um, no. XProtect isn’t proper anti-malware. It doesn’t scan for bad behaviors or known malware signatures. It’s basically file quarantine, and only for apps that mark files as being downloaded from the Internet. It only “scans” those for known malware, too, so anything new, that hasn’t been added to the manifest, won’t get caught.

While 27% of Windows tickets end up requiring IT staff to physically fix something at the user’s desk, that was true for only 5% of Mac tickets. PC users drive twice the number of support calls as Mac users.

This is an interesting stat, and represents a mental shift for companies. While PCs were always praised for their relatively open nature in terms of hardware, Macs are likely cheaper from this support perspective because they have so little variety, and because they’re assembled in a single top-to-bottom stack. Whereas companies will let people use PCs with potentially incompatible or sketchy hardware – printers, scanners, etc – with Macs I’m betting people in IT pay more attention to the smaller compatibility list. I’m actually a little surprised IT hasn’t picked up on this already. If you’re in a “we need to minimize hardware diversity” shop, Macs make a ton of sense.

There was also a significant difference in the costs of keeping devices up to date. Comparing the number of updates and patches required, the company said that a Windows 7 PC needed 86 security patches and 49 others. For Mac, the numbers were 11 and 20 respectively – a total of 104 fewer.

Yeah, Windows definitely has too many updates – and that’s a function of Windows having so many more moving parts. It supports more hardware, has a sketchy browser that companies refuse to retire, and so on. Look at what happened when Microsoft created Nano Server – patches went down by like 90%, due simply to fewer moving parts. This is also our first clue that IBM is running macOS, not Windows, on that Apple hardware, which is an interesting and entire separate discussion.

It’s a similar tale in mobile, where two-thirds of employees are now rocking iOS devices compared to just a third for Android. Blackberry accounts for a mere 0.4%, while Windows Mobile is nowhere to be seen. One of the benefits, says IBM, is greatly improved security. Only 1% of Android devices were running the latest version; for iOS devices, the percentage was 65% despite the latest release being a month later than for Android.

This again goes to the “we need to reduce diversity” philosophy, but in this case it’s got a twist, because in the Android space you almost can’t reduce diversity. Aside from Google’s own-branded phones, there really isn’t such a thing as “Android;” you’ve got Samsung Android, HTC Android, and God knows what else. And those vendors are famously horrible about bringing updates to last year’s devices, let alone older ones. It’s definitely a security concern, and it’s a legitimate reason to consider iOS devices from an enterprise perspective.

So… not a bad piece overall, although it obviously has a couple of seriously misleading/misinformed facts. It’s interesting, for me, to see a company like IBM going all-in on the “reduce hardware diversity” approach, only doing it with the one vendor that’s always lacked hardware diversity. Apple has, what, three basic laptop models and two basic desktops? Dell has, what, a jillion? Apple tends to stick with the same hardware – chipsets, for example – across entire lines, whereas HP’s various lines sport a lot more diversity.

Now go back and read the comments on the article. No, just kidding. Don’t. Your brain will melt ;). The word “bitlocker” literally doesn’t exist on the page.

7 thoughts on “Critical Thinking: “IBM’s Apple deployment stats should be a lesson to enterprise companies everywhere”

  1. David Jones says:

    It would seem they are comparing N-2 windows 7 retail verses the latest MacOS. Not really a fair comparison.

    They also focused on price and reduced diversity, and not security.

    Governments and militaries are going to Windows 10 / Server 2016 for security.

    1. Don Jones says:

      I’m honestly not even sure it’d ben accurate against Windows 7, to be honest. It was just broadly misinformed. Don’t get me wrong, I love Macs, but I also love accuracy ;).

  2. Frank Tucker says:

    Couldn’t help myself… I read the comments on article. I should have listened. INFORMATION Technology professionals can be rude, difficult, and so incapable of sharing and discussing information.

    1. Don Jones says:

      That’s most people, especially behind a wall of anonymity.

  3. Frank Tucker says:

    Yea guess it’s a little like road rage…

    I could make statements: Win7 enterprise supported bitlocker. The free MS AV that could be tracked via the event log. Microsoft has a Digital Rights Solutions. MDT, WDS, Wim allow for really nice deployments… and of course powershell is going to change how PC/s are administered.

    But that article gave me so many questions: How does IBM keeps their apples matching? Does the help desk just take over the GUI or do they SSH for some tasks? Are the apples linked to AD or LDAP to AD? Do the Windows machine have to support some old IE app? What are the default web browsers on the two platforms. How old is the average PC?

    Thanks Mr. Jones for ‘keeping it real’

  4. Timbo says:

    We went through a similar project 4 years ago. We had similar results. I’ve head IBMs VP/project lead a number of times since they started this journey and believe he presents solid facts about his success with Mac. What I believe he misses in his delivery, and in this article, and some of what you point out, is in almost every case there is a very similar windows feature or process. A large reason this is so successful is the approach to end users and personal computers. It’s not really about macOS, it’s an exercise in managing an enterprise differently, and macOS is the catalyst for that.

    Don’t get me wrong, I love my Mac and it definitely has its advantages, but most of the gains were because we had to ask ourselves every day “What is the best way to solve this? We can’t do what we’ve always done. Is this something we have to force down and lock the user into, or can we set our corporate default and allow our users some freedom?” The last missing piece that I would caution EVERYONE who is looking at this path:
    MacOS isn’t going to make dump people smart. You will be fooled into thinking that as the more knowledgeable people move first and your Mac community seems like a gift from above.
    MacOS isn’t going to stop people from making bad choices. You’ll feel more secure than you really are simply because your early adopters will be more computer savvy than those that follow later.
    MacOS really does have some advantages over the more open winTel choices, and one of the costs for this is,, there aren’t many choices. If you’re committed to support MacOS, be committed to Apple and their future product announcements (whatever they may be). Be committed to live in that ecosystem. Be committed to the fact that you’ll have to abandon some things that you now believe are required. For instance, do you really need to bind every computer to AD? No, you need to enforce some security baselines and policies and rules, and there’s an apple way to do that too.

  5. Keith says:

    As long as someone is using Windows 8 and up there is built in virus protection, Windows Defender. Another thing that is not mentioned in the article when discussing vulnerabilities is the total number of vulnerabilities found within an OS over a years time. A way to measure security of an operating system. Over the last few years MacOS or OS X had the most vulnerabilities for both 2014 and 2015.
    http://techtalk.gfi.com/most-vulnerable-operating-systems-and-applications-in-2014/
    http://techtalk.gfi.com/2015s-mvps-the-most-vulnerable-players/

Comments are closed.

%d bloggers like this: