About Georg Dauterman:
Georg believes in the fusion of technology and creativity. With a background in both fields, he started his career in IT departments of publishing and advertising agencies, realizing the critical need for tech aligned with business goals. Joining Valiant in 2004, Georg’s expertise and passion for efficiency brought industry recognition. He holds a history degree from Queens College and serves on Datto’s Global Partner Advisory Board. Beyond his leadership role, Georg enjoys exploring culinary skills, fitness, and outdoor adventures with his family.
About Megan Quick:
Megan is a member of the Valiant Marketing & Sales team, assisting in demonstrating the value of our services and ensuring positive experiences for prospective clients. When not working with technology, she is a theater production manager and performer, producing her own comedy shows, and is an avid writer. Megan has a B.A. in Theater from Sewanee: The University of The South.
What you’ll learn about in this episode:
- Why managed service providers specialize in either Mac or PC environments, and why Macs hold a strong presence in creative and agency IT ecosystems.
- The key difference between macOS and Windows, including macOS’s Unix-based foundation and Apple’s tightly integrated hardware-software security model.
- Three important first steps to secure a Mac ecosystem: protecting your Apple ID, creating a dedicated admin account, and enabling full-disk encryption with FileVault.
- The benefits of encryption, and how it scrambles data using a cryptographic key to protect sensitive information if a device is lost or stolen.
- How to approach macOS updates strategically, including why businesses should avoid day-one releases and follow a 90-day deployment cycle.
- How to secure company data on employee-owned iPhones and iPads through clear policies and mobile device management solutions.
- Why modern Mac hardware often delivers a longer lifecycle and lower total cost of ownership.
- The security risks of hybrid Mac and PC environments, and why under-managing Mac security compared to Windows can create hidden vulnerabilities.
Transcript:
Megan Quick:
Hello and welcome everyone back to The Creative Stack, a show about the intersection of creativity and information technology. I am your host, Megan Quick, and I am joined as always by my co-host and president of Valiant Technology, Georg Dauterman. Good afternoon, Georg.
Georg Dauterman:
Hey, what's up, Megan? How are you doing today?
Megan Quick:
I'm good. It's Monday, which that's a little behind the scenes action for the listeners, but otherway I'm happy to be here. I'm happy to chat with you. I'm excited.
Georg Dauterman:
It's probably interesting topic today too, I think.
Megan Quick:
Yes. Today's topic, and everyone, this is our episode three. Today's topic is something that is very close to the heart of Valiant. It's the fundamentals of securing a Mac environment, which Georg, I know you have a lot of thoughts on this.
Georg Dauterman:
Sure do. Yeah. No, it's an interesting topic. It's sort of a underrepresented community on some level, especially in the IT managed service space.
Megan Quick:
People don't know. I feel it's interesting. I feel like when I chat with people about it outside our industry, it's a little bit of lifting under the hood of the patterns in this industry. It's really interesting.
Georg Dauterman:
Yeah.
Megan Quick:
So we'll stop teasing you, dear listener. Georg, now, I know obviously as your colleague for six years, I know that Valiant supports Macs and PCs and that is unusual for a managed service provider. So why do so few shops support both?
Georg Dauterman:
It's a great question. And I think you have to look at the overall market share of Apple, especially for the desktop and laptop market. It's never been more than, even at its height, 10% of the market. So most people use Windows machines. And so if you're looking from a purely just numbers perspective, the Mac is a bit underrepresented. And when you have to support it, what that means that you're either training a substantial set of people in the organization and/or having tools that are cross-platform that can meet the requirements of securing and managing both the Windows and Macs. And what we found was that there's substantial differences in how you have to train people. And so everyone here at Valiant has a Mac and they'll learn how to use the Mac and a PC in various ways. So people have their preferences, but we tend to have people learn both sides of the house.
Megan Quick:
And what's actually cool about this topic overall is that the title of our podcast is The Creative Stack. We support creative agencies. And the reason core to that is that we also support Macs because creative agencies-
Georg Dauterman:
Yeah, absolutely. I mean, most creatives, many creatives, it's not as universal as I had been in the past, but many creatives who work on Macs for a very long time, they're definitely a market leader in graphic design. Part of it's training. When people go to school, they learn how to do all this Adobe's or Quark video editing on Macs. So it's got really used to it. And it becomes a second nature sort of thing. You work inside your environment and you know it and you know your tools. And generally speaking, was anyone who does this kind of work worked on the Mac. Also, Apple did a really good job of marketing to those folks. I'm going to say Think different was a really amazing ad campaign and it showed the big difference was that it showed people creating things with a computer versus the computer being the core of the messaging. It was like, Apple, we're a partner or tool for you versus just here's a computer, it's cool, you should learn how to do it.
Megan Quick:
That's such a good point. Yeah, that they really position themselves to be the creative person's tool, which is interesting. Then that does lead to us being the creative person's MSP.
Georg Dauterman:
Correct.
Megan Quick:
Thank you. No, I shouldn't say that. No endorsement here. So are there any major security differences between Macs and PCs?
Georg Dauterman:
I mean, fundamentally the macOS, you could argue that it's more secure out of the boxes as a BSD variant. It's more of a Unix kernel. I think it's not as different as you would think in terms of some of the holes that you, quote unquote, holes or practices, but Apple has a pretty strong dedication to privacy. And if I had to say one of the major differences that the Apple hardware and the operating system are very tightly wound together, both either iOS or macOS in a way that is very... It would be almost impossible for all Windows machine to be because Windows machines are basically a reference architecture for each machine and there's those subtle variations. And then there's hundreds of different drivers and it's 100 places that can go wrong. Whereas Apple is pretty dedicated to this is a dedicated environment for approved applications.
I mean, you really see it more, I'd say, in the iOS side of the house, that's sort of the controlled Apple, the App Store is a very controlled environment compared to a more wild west that is Google Play or even jailbroken apps, people just put whatever they want. So not that Apple is 100% always right, but it definitely has a level of trust that you wouldn't necessarily get out of the box from other providers.
Megan Quick:
Yeah, that's so true. I always like talking to you about this because I feel like you put to words my experience with these machines and it's like there's more alignment across the board when it comes to using a Mac machine. That's very intentional on their part.
Georg Dauterman:
Correct. Apple is a very strong dedication to privacy compared to, let's say, other providers. How that shakes out into the real world, I'm not qualified to say per se, but I think that they definitely do things that out of the box is probably more secure, I'd say.
Megan Quick:
Well, on that note, and we love lists here because we want the folks listening to be able to follow these directions, but what are the first three things someone with a Mac environment should do to secure the environment?
Georg Dauterman:
And it's sort of forced on you, but it's sort of important to understand it. You need to secure your Apple ID. It's really a really critical part. If you live inside the Apple ecosystem, that Apple ID has a lot of access to files and machines and location data. If you ever use the Find Me location in your iPhone to find your AirPods, that's the Find Me locations data, Find Me or AirTags, it's all tied and it's all secured by the Apple ID. So I would definitely look at securing the Apple ID as your first and most important thing to do. The second thing is I highly recommend people not to use their primary account as an admin account. It's better to set up a separate, what we call an admin dedicated admin account so that your, quote unquote, daily driver is not using the head of administrative rights. If your account's compromised for whatever reason, it limits the access.
And the last thing I'd really recommend everyone do, especially if they're a laptop, is to encrypt the machine with FileVault. It's a native Apple file encryption protocol or process system. iPhones and iOS devices like iPads are encrypted by default, but the macOSs are not. There's a couple of reasons why they're not out of the box is the way the encryption keys work. And there's some login decisions you have to make, but for about 99.9% of people, maybe it's a little higher average, maybe 98.8. You should encrypt the machine using the FileVault software, unless if your company is something completely different, but FileVault is the way to go.
Megan Quick:
Now, Georg, if you were talking to Megan six years ago or now, could you in layman's terms explain exactly what encryption does?
Georg Dauterman:
Sure. So think about, imagine you had a book that was in plain text, English language, you could read it. Imagine now if you could take that and scramble it with a sort of cryptographic key with a mathematical formula, I think it would do a deep dive on cryptography, but basically you have a private and public key and it's encrypting it against a specific password and using part of the machine's hardware as well to prevent access to the contents of the hard drive without having access to that password or that passcode. And the idea is that if the machine's lost or stolen, it's pretty difficult to gain access to it by a bunch of different methodologies. One of the simplest things is you boot your Mac into recovery mode and it's not encrypted, you have access to our hard drives contents. So I'd be a fairly well to demand if I had a couple bucks for every laptop that was left behind in a cab, airplane, it happens more often than you think.
If you went to TSA today and some of the laptops are float around in there in the airport, it happens all the time. And it's actually one of the biggest challenges for a company is that you want to make sure all your mobile devices are encrypted and you want to have a way of validating that they are, which I think one of the challenges that the Macs are, unless if you have a sort of Mac specific management system, it's sort of more difficult tasks to ensure that that's happening.
Megan Quick:
Yeah. And then even just getting over the hurdle of encrypting and then like you said, actually making sure it's done across the environment.
Georg Dauterman:
Correct. And if it's a company or machine, it gets even more complicated because you want to make sure that that encrypted encryption key or the code to unlock the machine is available if the employee is no longer employed at the organization. So there's some specific systems and tooling you have to do to make sure that that FileVault and that machine's hardware and contents are not lost if a person leaves their organization.
Megan Quick:
So hard enough that the casual person can't get it, but accessible enough that if the person leaves, it's accessible to the people who need that information.
Georg Dauterman:
Well, right. You want to enroll the machine in a proper administrative setup so that the machine's not running in a sort of standalone mode. When you go to Apple Store and buy a Mac, it's basically tied to your Apple ID, it's your machine, but it's kind of standalone. When you have to manage a fleet of them, there's some specific tooling. There's a tool that Apple provides called Apple Business Manager, and you want to make sure that it's really important that the machines are properly enrolled in it so that you have access to both the warranty data as well as specific app control data.
Megan Quick:
That's awesome. Thank you. So now we're all familiar with updates and new versions of its operating systems, Apple releasing those. Whenever Apple releases a new version of its operating system, it's a big deal in the community at large, of course. What should companies consider before automatically updating to the new macOS?
Georg Dauterman:
It's tricky. This is a really touchy subject. If you asked anybody who has to maintain a fleet of these things, you start making changes that adds a whole new level of complexity, unknown issues, broken drivers and printers and all sorts of things don't stop working applications. But generally speaking, you want to, within 90 to 180 days at the outside, and I think Apple's actually trying to force people into this 90-day cycle that all the machines are updated to the latest operating systems just to keep everything sort of in sync and secure. Also, from a support perspective, when you have machines on different operating system versions, it becomes more difficult to troubleshoot and maintain the fleet because now you have to make sure your staff knows or your team knows all these different versions and all the nuances that each one has.
Generally speaking, I would not run the .0 version of operating system release. Generally speaking, it's still in a late stage beta at that point. It's not really ready for primetime. I would start for after a couple of weeks of the .1 being released into the .2 version of the operating system. And then you really want to make sure that you have all the... As I said earlier, it gets tricky as printers and devices. So you want to start testing the vast majority of them and check the release notes and make sure that you're not going to cause a problem. But there's always a strange mix of configurations that could jam you up. So your mileage may vary.
Megan Quick:
Yes. And maybe not if, but we'll leave it mileage may vary. I think that was a very elegant way to say that. I'll keep that.
Georg Dauterman:
Yeah.
Megan Quick:
And you kind of touched on this earlier when you were discussing encryption of any Apple device, but obviously iPhones and iPads are also used in a lot of environments today. Folks have a laptop and [inaudible 00:15:26] devices. How can companies keep those things secure while employees are using their own devices and work related?
Georg Dauterman:
Really trick. This is a very tricky and loaded... Good question. Generally speaking, what we recommend, unless the device is going to be company owned and fully managed and enrolled in the full management solution, we like to have folks utilize whatever email, email platform tools they use. I probably recommend people not to use Apple Mail or Apple Calendar. We find the support and it breaks in strange ways, and it's a little harder to revoke the access. You want to make sure that the machine, you know about it, how it exists, where it is. There's a couple of different ways you can do that. Google and/or Microsoft, both know that the device is logging into the mail platform.
This is a very touchy and very personal subject to each company. So you need to really stop and think for a second, if we're paying for this, what data is being transmitted over the phone? Are we using the iPad or the iPhone with the direct company data? We work with folks that use it. They use an iPad as part of their sales pitching presentation methodology, and that's a fully managed iPad. They're not playing Subway Surfer on there. So they're in there using this thing day in, day out, not watching videos. It's a pretty heavy duty tool for them. So with that, you said they make a decision of how much you want to support, how much access you want to give people on mobile devices, and that you have a policy what's acceptable to you. If people leave the company, what happens? If they lose the device, what do we do?
What's our reporting in terms of locking things out? But for the most part, I'd say that Apple devices are pretty easy to manage. There's a bunch of different MDM tools out there that can manage them, be it from Microsoft Intune to Adage to some direct Google tools. So Jamf, there's a lot of ways to manage them, but if they're not company owned, it's a bit tricky to enroll the full thing into the system. So I would highly recommend checking with someone first that you're MSP or depending on where you live, you're maybe an attorney to make sure that what you can and can't do.
And I could tell you my personal life having wiped personal mobile device once years ago for customers instructions, I will say that that's probably one of the worst phone calls I've ever taken because the person wasn't told the machine was being wiped. It had all their photos and personal data. So if you're really worried about co-mingling, the best course action would be to buy a separate device. That's sort of like keep the separation.
Megan Quick:
Yeah. I know again, over the last six years, we've been on several calls where we've chatted with people who want to keep maybe more of a hybrid. I know we use that word for a lot of other things, but hybrid of device management. And I think a lot of MSPs would say like, "Hey, stay organized, know what's what."
Georg Dauterman:
It's all about understanding what risk you're taking and what you're not taking and what they have access to and being able to have a plan for revoking that access as needed. That's the most important thing is that you know it's out there. That's actually a big problem.
Megan Quick:
Again, I feel like every episode you say something like, "Oh, that kind of summarizes a lot for me." And I think when you said just knowing the risk you're taking, that's a huge part of any steps you want to take to securing any environment.
Georg Dauterman:
Right.
Megan Quick:
Now, Apple hardware, it's usually more expensive than PC counterparts. How often should companies replace things like laptops and desktops when it comes to Macs?
Georg Dauterman:
So I'll be the hot take guy for a second. I think Macs lasts a lot longer. The hardware I think is better built, and generally speaking, your total cost of ownership is going to be lower over time. Most Macs, we see as long as it wasn't sort of the real end of the life of the chipset type, there's a big reset happening in the Apple world right now where the next version of the operating system will not run on Intel Macs. So there's a couple Intel Macs are sold up until 2022, but don't hold me to that. And those will be no longer supported in the new operating system. And I think that's important if you have a fleet of those Intel Macs in your shop, this year you're probably buying new ones.
Megan Quick:
And one does. I know.
Georg Dauterman:
Yeah, they do. That being said, new OS runs great. I still have some M1 Macs that run excellent at that. The battery's a little weaker than it was when it was new, but in terms of functionality and able to do about 95% of what I need to do, it still works great. Also, I mean, this is sort of like a data I've seen from Apple and some other companies was that employees tend to like their Macs better. I feel like it's a better tool and they tend to have less support issues. It really depends on what your environment is, what tools you're using, if the Mac's set up correctly. If you're doing heavy financial analysis in Excel all day, you probably want a PC or a virtual machine on your Mac.
The other nice part of the Mac, I'd say this is where it gets a little pretty cool in my opinion, was that there's some really great tools like parallels you can run a full Windows environment on your Mac. Obviously there's cost because you're buying licensing and you have EDR license and another management tool, but if you need both, you can run them on one piece of hardware and a sufficiently powerful Mac, it runs great. And so you can do full models, you can have different environments set up. It's pretty powerful. I mean, I know a lot of folks who operate that way, and I mean, you can do everything. So if you have some need for a really powerful hardware, I think your mid-tier Mac is a great option for many companies, and I think the support will be lower. I think what happens, unfortunately, is that people think that the support being lower then means that there's no support needed or there's no management needed. That's not true. It's just that it doesn't require as much care and feeding. That's my sort of take on it.
Megan Quick:
Yeah. No, I understand that. It's that also the IT conundrum where it's like if it runs well, it runs well.
Georg Dauterman:
Yeah.
Megan Quick:
And then what are we even... It's like well...
Georg Dauterman:
Yeah. If everything's working, I don't understand why you guys are here. It's like keeping it running. And Macs are just like that too, because if you let people... Let's go back to the operating system example. If you had the madness and let people deploy the operating system on their own timeframe, that could be a complete disaster because you might have all different... You may have unsupported security tools, you could have a supportive VPN tools, networking. I mean, there's hundreds of things that can go... You want to test before you deploy. I know we thoroughly test particularly security tools. Less you want to do is deploy an operating system that can't be secured, so pretty big deal.
Megan Quick:
I feel like that does... And sort of what you were talking about before about being able to run a Mac machine, being able to run some PC things, this kind of leads well into that for those businesses, because we do as a business that supports both Macs and PCs, we are actually a hybrid environment as well of Mac [inaudible 00:24:25] We have clients who are Macs and PC hybrid environments too. Are there any specific concerns that folks with a hybrid environment should be aware of when it comes to security of how the two different platforms work together?
Georg Dauterman:
I don't think there's anything specifically different in terms of the two platforms. Where I think the issue lies is that there's sort of an attitude that the Mac does not need a level of support securing or configuration management that the Windows machine has. So what happens, I see when we start working with the customers, particularly when they have a mixed environment, and let's say the provider or the in house team wasn't quite as adept at working on Macs or Windows for that matter, either way, you'll find that one is not at the same level of security or management than the other one.
So you might have this super robust Windows security program for your Windows machines and servers, but your executives have Macs that they bought at the Apple Store running on an unmanaged ID with no encryption, but they're accessing company data. So I think where I think that the challenge is is kind of getting a control and wrangling all that into one unified view and system where you can say, "Okay. This is all of our Macs, this is all our Windows machines, this is all of our cloud applications." And I think that's where, I want to say magic happens, but I think you have a consistent level of what the outcome is regardless of the platform they're on. That's what you're striving for.
Megan Quick:
I think that is such a great place for us to end this episode then. Yeah, just whatever you need to do to make your environment as healthy as possible. Macs and PCs can exist together. We're evidence of it and we believe.
Georg Dauterman:
Yes. Exactly. My final thought is that they're not magic and they're not any more or less complicated. They're just a little bit different and this require a level of dedication to making them work better, making them work at the level you want them to. And in the end, really what I would say is that if you don't know how to do that, there's a lot of great resources out there and there's a lot of great tools. And I think that you can really build a great environment on your Macs that would be spectacular and his work. And if you look at some of the companies using Macs day in, day out, there's some really great heavy hitters out there. So check out the resources and don't be afraid to ask questions.
Megan Quick:
Yeah, please ask us questions. I was going to say, leave comments where we're happy to answer any questions you may have. And as Georg said, there are great resources out there for this exact issue. Well, all right, Georg. It was so nice talking to you today and I hope this was an informative episode for you listeners and we will see you next time. Thank you so much for joining us.
Georg Dauterman:
Thanks everyone.
Megan Quick:
Thank you so much for listening to The Creative Stack. If you enjoyed the episode, please rate, review, and subscribe to us wherever you get your podcasts. The Creative Stack is created by Valiant Technology, a managed IT service provider based in New York that specializes in providing creative agencies and PR firms with the technology they need to achieve their goals. Please visit us at thevaliantway.com to learn more about our services. We'll see you next time.
Tags:
Mar 18, 2026