Apple must pay the cost to be the boss

The big news in the markets this week was that Apple at long last has gotten a leg up on Microsoft, at least when measured by market capitalization. But the folks in Cupertino may find it’s not easy being king — and that growing size and influence bring more scrutiny. Nowhere is that truer than in software security.

Long the whipping post for the folks in Redmond, Apple has been on a tear ever since the iPhone shipped in the summer of 2007. At the same time, Mac laptops and desktops continue to gain market share (though numbers remain relatively small). Even in the enterprise space, Mac use is increasing, as the shift to Web-based computing and applications has reduced dependence on Windows and Office. Of course, Microsoft has provided an unintentional assist to its rivals, from the debacle that was Vista to the continued difficulty with its Windows Mobile OS.

But Apple’s ascent to the heights of the software world will almost surely bring the notoriously private company more unwanted attention, with the security of its software and hardware merely the most obvious point of tension. Security has long been a strong suit for Apple — the scarcity of viruses, worms, and other malicious code that run on its Mac OS have made Apple laptops and desktops a relatively safe haven. That may all be about to change.

Microsoft, on the other hand, is battle-hardened. It has learned the tough lessons: the importance of secure coding practices, transparency with its customers about security, and a robust, capable security response function. Microsoft surely isn’t perfect; the implication of a flaw in its Internet Explorer Web browser in the recent scandal over the theft of intellectual property from Google and other top IT firms was just the latest proof of that. But hardly anyone would accuse the company of not trying.

Not so Apple, which has too often shown itself to be prickly when it comes to questions about the security of its products and lackadaisical in addressing the problems that it does acknowledge. An article on a critical security hole in Apple’s Safari browser that remains open two years after it was first reported is just the latest data point.

Security is a numbers game. Hackers could care less about the relative market capitalization of Apple or Microsoft (unless, of course, you can point them to some weakly protected corporate bank accounts). Attacks on Mac laptops or iPhones will correlate with the prevalence of those devices, the value of data on them, and the relative ease of attack and compromise. Apple may soon reap the bitter fruit of success and face a hard rethink of its approach to secure development and security response.

Paul F. Roberts is a senior analyst covering enterprise security for The 451 Group.

This article, “Apple must pay the cost to be the boss,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.