The man in charge of the government's IT efficiency drive has told MPs that Whitehall should use more Apple Macs while castigating the previous government for trying to sex-up IT projects. Ian Watmore, COO of the Efficiency and Reform Group, told the public administration committee that Labour had poured cash into computer …
You can't buy this sort of marketing.
What next? Calls for Coca-cola to be the official government soft drink?
Or kool aid :D
And the guy wants to put in Mac's?
He's obviously an idiot when it comes to IT.
"Watmore told the committee that in his personal view, the government should use more Apple products, just like the ones he uses at home."
Could have guessed the "because it works at home" angle. Last I checked, a Windows Domain was a lot easier to manage and lock down. Of course, the this says just how much he knows about Apple or IT:
"which is all about smaller, more agile, more efficient projects with a bigger emphasis on open source."
While Open Source does make projects perhaps more agile, it definitely doesn't always lead to "more efficient" nor "smaller." Likely can save some money if a current staffer is already familiar with the FOSS in question....And no, Apple is not "Open Source," they just built a GUI on BSD.
An idiot goes with the flow
Is it better that they go with cash in hand straight to Microsoft without evaluating the competition?
Anyone doing a deal should always have a plan B to use as a bargaining chip. Microsoft office for instance is vastly overpriced for what it actually provides. It may have been an essential tool back when documents were laid out, printed and read. But these days you're more likely to read a website.
he probably wants to put in macs - and can punctuate :-)
And the justification is...?
@AC: "And the guy wants to put in Mac's? He's obviously an idiot when it comes to IT"
I've seen reports on ROI and support costs that rated Apple gear pretty highly. Perhaps thats no longer true, but I'd be reluctant to call someone "an idiot" for exploring that option. I don't need external data to know that Apple equipment is typically very long-lived. As with most things, you get what you pay for.
Otherwise, it's entirely possible the suggestion stacks up. There's a good case to be made for buying quality equipment, even (or particularly) in times of austerity, bearing in mind that the initial capital cost of equipment is a small fraction of overall IT costs. I've never seen a study that showed Apple equipment to significantly raise IT costs, but please link to such a report if you've seen one.
He wants Macs from Apple?
After a performance like that, I hope serving Big MACS and APPLE Apple pies is his next JOB. However, McDonalds may have a high enough bar for him to fail at the first hurdle.
Too much wishful thinking on my part. Must remember to keep taking the tablets.
He didn't call for the option to be explored. He called for Macs to be issued, because they work for him at home. That is an idiotic thing to say.
Moreover, I'm glad you don't need external data to know all about Apple reliability. Shame you're wrong, really:
It's not just about lock down...
One of the key issues with mobile government data assets is that they have to be encrypted with a Government Encryption algorithm while data is at rest, this means that you need a full disk encryption product installed within all laptops and any desktops that might be kept or transported through locations of low physical security.
At the present time, there is no software based full disk encryption solution (supporting these algorithms) that works with Mac's and there is no Hardware based encrypted disk that supports the EFI bootstrap process that Mac's use to launch OSX.
This is the first hurdle that needs to be cleared, without it, if you put protectively marked data obove a certain confidentiality level on to a Mac, then that machine has to be kept in a physically secure location, or shipped around with an armed guard! Even with data at the lowest level it would need to be stored in a locked box that was bolted in to a vehicle if you shipped it around anywhere.
The reason that Mac's aren't used much in government is because there is no way to get around this one simple fact and until there is a company that can put a government algorithm in to an encryption product that supports Mac's, this isn't going to change.
If you have ever worked in a Govt department you would know things are printed (in triplicate) and sent, even if never actually read.
Wrong, wrong, wrong.
Firstly, PGP Full Disk Encryption fully complies with Home Office requirement.s I should know, we use it on all our computers, to comply with such requirements!
Secondly, said software is fully Mac compatible. Again, I should know, we've been installing it on MacBook Pro, MacBook Airs, and the like for the last year.
As for AD integration with Macs, with all appropriate access control, easy - we've got our Macs bound into AD right now. Failing that, there's OD - which manages Macs natively.
We have around 4:6 in favour of Mac in our estate, and while we do get plenty of calls from mac users, they tend to be either that the hardware has failed, or a windows based service isnt working properly. Most of the real head scratchers are Windows machines that aren't doing what they should do properly.
Oh, and we manage our Macs very well with jamf Casper suite - which is superior to many PC based solutions like Landesk for auditing, policy control and deployment.
The real problem is that most IT systems managers havent got the first idea what they are talking about when it comes to Mac, they just sniff and turn up their nose bcause they see them as expensive toys, and not for Real Men.
This thread has demonstrated exactly that.
That said, it doesn't help that Apple hasn't the slightest interest in Enterprise level software and hardware - they only want to sell laptops and desktops along with iPads and iPhones.
That doesnt mean that integrating into enterprise is difficult or impossible!
FURTHER INFORMATION: PGP Whole Disk Encryption...
All you've done is prove my point: Windows system managers really havent a clue how to manage Macs and thus turn their noses up.
" Right, so when you want to set your Mac's browser home page remotely rather than go round every machine you do that via AD do you?
No you don't. Getting Macs to authenticate with AD is far from integrating with AD, and AD provides far more than authentication. It does everything from remote configuration to application deployment."
"Yes, I know you mentioned JAMF Casper Suite, and this really proves my point (for anyone interested, just Google it), it has about 1% of the features that AD provides natively and is an extra expense."
1., Get out of your MS Mindset. AD is not required t manage computers, and its not a freebie. (windows server CALs aren't free).
There's any number of LDAP systems, there's apple's own OD, for a start. One can also run a domain from UNIX if they so wish,. We do, as a parallel to our Windows domain. So even if you are a mixed environment, you dont need Windows servers.
2. Casper Suite. At around £8 per client, with free ongoing support (including server upgrades), it does offer more than the '1% of ADs features' - in fact, to offer what Casper offers, you need to look beyond MS products and buy Landesk - which costs considerably more than Casper!
3. If you absolutely must have AD, and dont want Casper, there are other options, such as Centrify - http://www.centrify.com/directcontrol/mac_os_x.asp. Full AD group and workgroup policy control with full desktop lockdown.
"No but it does mean it's a complete waste of time, effort, and money because you can just do it easier and more cheaply with Windows/Linux."
Except that in practice, that is not true. Yes, Linux is free, but it only makes sense at a server level But it makes far less sense at a desktop level.
Windows cheaper? Not according to so many TCO studies.
But I very much doubt you'll change your mind....
PGP CAPS approval
As clearly stated in the above link the only OS's that have CAPS approval for baseline are Windows OS variants . Mac is not mentioned on the CESG website which supercedes any BS you have been spun by the manufacturer. As long as your accreditor is aware it will be fine though as he/she may have accepted the risk based on its approval for Windows.
@AC re: Wrong, wrong, wrong
Actually, your wrong... and I can tell you this because I regularly ask within Industry for solutions that support Macs and when they will be available, believe it or not, I am not a Windows zealot and I am a Mac user (I'm writing this on my own MBP in fact), I've been using and supporting Mac's since 93 and I think I have a pretty good grasp of their capabilities by now, having also worked in Government for the last 7 years I think I also know in which environments I can use them and which I cant. However, unlike some I am more concerned with selecting an appropriate tool to meet requirements, rather than trying to shoehorn something I like in to a function it's not suitable for.
As has been pointed out by another poster, the target of evaluation for PGP full disk encryption does not cover the Mac version, if your accreditor is allowing you to use it, thats up to him if he wants to accept that risk, it probably means that your system has a pretty low risk profile attached and your data is probably mostly ILO-IL2 with only small amounts of IL3 data (if any). Either that, or the accreditor simply doesn't know the TOE for the product and he's mistaken in thinking that it's approved... it wouldn't surprise me.
A good architect will read the TOE for any security enforcing products he or she selects and will document how that product's configuration meets or contravenes the TOE so that the accreditor is informed. If you haven't read the TOE for products you utilise and your an architect in government, then you haven't done your job properly.
Even when used in an evaluated configuration, PGP Full disk encryption is only good enough for _Baseline_ level encryption, not Enhanced Grade or High Grade, which means you can only use it on RESTRICTED (IL3) systems... you don't even need a government disk encryption product for a RESTRICTED system, you can use Vista or Windows 7's Bitlocker feature and be compliant with a tiny piece of configuration... it's hardly much of a bar to reach these days, yet the Mac has nothing that fits the bill and Apple are not concerned about addressing that issue, why should they be? It's not a core market for them.
You're not a Creationist by any chance are you?
"Everyone knows Macs are a fucking joke in the enterprise due to Apple's inability to provide decent server and general centralised management software coupled with the fact the enterprise needs to control it's systems, not Apple, which goes against Apple's mindset where Apple controls everything."
We run Linux for servers, Apples for devs. Works absolutely fine and costs tons less and is far more reliable than the equivalent MS stuff. Macs talk fine to other brands of *nix. MS talks fine to ... MS.
There is at least one govt research dept that uses Macs for the scientists (because they're generally talking to the unix-based back end systems). There are 2x more macs than PC's and 2x more MS support staff than Mac. Work it out. It's people that cost the money, the higher price for a well built machine that doesn't crash constantly and will last for 5+ years more than compensates.
I do think they need to sort out their email and calendar clients though. The contention that they are really good at design and usability is very funny when you have to work with their awful offerings.
I've had an encrypted home directory on my Mac for years
Seriously, it's two mouse clicks.
I would also lay money that most of the govt pc's have no encryption at all. Straw man time.
AD easier to secure?
Well, no actually. LDAPS is easier to secure, and especialyl in government where there are both legacy novel systems, RACF on mainframes, and a littany of Linux and UNIX servers, AD is rarely the top level authentication system.
All you Windows trolls always assume that just because the PCs use AD that means everything else does too.
macs are in fact AD native. they have few OU and GPO settings, but that's because they don;t need many. They natively talk to Exchange 2007/2010, connect to SMB shares, use MS Office, and are very easy to centrally manage and secure through Apple's enterprise tools and super cheap server OS.
The TCO of individual workstations is also less for Mac than Windows, even counting as much as a $400 premium for the hardware (which is much less in corporate circles since companies don;t buy $400 laptops and desktops, macs are typically within $100 of business system cost for the same performance and size class, and in some cases are cheaper). Winn Schwartzau (probably spelled that wrong) did a great TCO analysis a few years ago for a large firm, and Macs were clear across the board cheaper, mostly because of greatly reduced IT and helpdeks hands-on support time with each machine. They also resell well vs the $50 you can sometimes get for a 4 year old Dell ,and that factors into IT finance too.
Government has clearly wasted huge amounts on prooly-specified, poorly-delivered IT projects. No argument there.
But there aren't many hard-nosed businesses that have adopted Apple products for their corporate IT. There are good reasons for this, and they amount to more than prejudice and inertia.
It's all down to a lack of attention to detail, which leads to prooly spilled wurds and hyphens where-there shouldn't be any!
And what about sense, not many business applications run natively in OSX.
Not talking Word, Excel thats easy, I'm talking SAP, Dynamics and any other BI or ERP.
And tried a few Macs (for display) to test for Terminal Services too, way too much hassle and whats the point after connecting to a server you have lost the point.
Then perhaps the answer is to run cheap little low powered end-points (Linux?) with centrally served apps for the majority and VMs for those that are outside of the norm. Government is one area where I'd imagine a standardised centrally administered and secured desktop would be a bonus given their propensity to lose data.
"It's all down to a lack of attention to detail, which leads to prooly spilled wurds and hyphens where-there shouldn't be any!"
Seriously? You are going to criticize someone based on a typo ("prooly" is obviously a typo, not a genuine error) and not knowing that there is no hyphen in adverb-adjective combinations? I have seen very few people (and these include journalists, authors, etc.) who accurately hyphenate, and this excludes me.
@ Mark65 and others
Sorry was meant to say it was not my choice to try Macs, I am testing your theory at the moment and have been with some users for a few months.
In my defence, poorly could be an adjective as well as an adverb, especially where Government projects are concerned. Making clear that it qualifies the following adjective doesn't seem so unreasonable to me. So 'tis a grammatical slip to be sure, but from the best of motives, and without introducing additional ambiguity (which is, surely, the point of grammar).
A Noms project?
Are they mad? Do they really want be be lolcatted to death?
Anyway, come to the Mac Side. We can haz toys.
The beeb article also has some mentions around open source:
He insisted the government was committed to using more "open source" software to save cash - but had to balance this with concerns about how easily it could be "hacked".
I'm confused as to the logic of that statement - if they'd said something about useability concerns sure, there's an argument to be made there (not saying I necessarily agree with it, but there is contention), however to say that we can't use open source because it's easily hacked is ridiculous...
you got that far before deciding this bloke is a complete ARSE!
well done you!
1 bit of good news for the economy, the IT gravy train will resume normal service shortly.
"1 bit of good news for the economy, the IT gravy train will resume normal service shortly."
Yes, but if he has his way it won't be the UK economy that improves, the sales will go to Cupertino...
Hacking Open Source
So you would think but more Linux boxes are hacked than Windows boxes. This is often because the sys-admins do not know what they are doing with Linux / Unix but it is way cooler saying you are a Linux guru compared to, say, a Windows Nerd even when you're not
Stats (zone-h 2008- 2010)
Linux 352.468 378.744 256.648
W2003 117.978 127.128 81.785
W2000 21.929 12.529 2.805
the mistake you are making in seeking logic here is to assume the man who was put in charge of huge white elephants in early 2000's, then leaves to run some football organisation, and then comes back to clean up the I.T. mess actually knows what he is talking about when it comes to I.T.
Previously he worked for one of the big 5 firms and has adopted a classic consultancy ethos.
Come in on the premise you are fixing something, break it, get out before the blame lands, come back and fix it again at a higher day rate...
that is all!
ah i didn thtink that far ahead
Open source software is created by hackers, I think he meant to say crackers.
What you're completely failing to take into account there is that those are Defacement statistics for websites. Since Apache on Linux is massively more widely used than IIS on Windows, those stats are hardly surprising. But if you look at computers being subverted and becoming part of a botnet, that's almost exclusively a windows problem. Using those figures to say that 'more linux boxes are hacked than windows boxes' is misleading, to say the least.
Where are the Windows XP, Vista, 7, and Server 2008 boxes on this list of yours? Oh, nowhere, because your list only counts defaced websites, not hacked systems. The government doesn't store all (or even a significant* portion) of its data on web servers, and the potential for open source doesn't begin or end at web servers.
So you've picked the one major market where Linux is much more prevalent than Windows to begin with (thus increasing the odds that a hack will hit a Linux box. Indeed if you normalized those numbers as a percentage of systems out there [i.e, the at least slightly relevant statistic in a decision of this type], I bet you'd find that the percentage of Linux-based boxes hacked would come out looking pretty good), and you're using that to justify your FUD about hackability of open source software? That's like saying that women are better drivers than men because more men crash in NASCAR races than do women (i.e, it's based on non-normalized data from a non-representative sample set -- and the data doesn't even relate directly to the question being asked anyway.)
*Significant as in volume, not as in impact. A single piece of data stored on a public server may have a significant impact.
Also, it is rarely (if ever) Linux that gets hacked. It's usually some poorly configured web application that has had the security set to "Ass out window, underpants optional".
Read from a certain angle..
There may be truth in what the guy recommends. However, there's very little detail as to why he considers this.
Without seeing the real plans.. Think we're all in the dark as to the intent behind the phrasing..
They should "use more Apple products" during an "efficiency drive"?!
We recently had a similar experience. One of our higher-ups decided that, for the upgraded systems we were putting in place, he wanted Macs.
Not only did they cost more than twice the price of the faster hardware we specced for him, the software *wouldn't even run natively* on Mac OSX. We would have had to either boot them into RHEL or run RHEL in a VM to make it work.
He just wanted Macs.
In the end we managed to slap him with a wet kipper (well, go over his head explaining the massive waste of resources he wanted to engage in) and he got a bunch of generic very fast workstations (the sort that starts tingly feelings in unmentionable areas) for half the cost, but he wasn't happy (I WANT A MAC WAH WAH WAH!!)
You are very cruel to deny him a Mac
I'm sure you can still find a first generation iMac (the huge heavy multicoloured ones) floating around somewhere and then downgrade it to OS 9.
Ooo, that sounds just like the place I used to work for!
My experience with macs
Has been that you couldnt pay me money to own one. (Hand-)Jobs has down a marvelous job of not only dumbing down the hardware/OS, but making it difficult at best for people who need to do real work on their device.
Or an etch-a-sketch
My other half works in one of the new-fangled (or are they just fangled) academies. As I've been working nearby recently I often go in with her and kill time there before going to my job. Over the days I've managed to have a look at almost evey room. I noticed that there were more than the average number of imacs in the place - particularly in the offices and admin places. Most of the classroom have 25 or so HP CPUs with CTX screens. I also noticed that with the exception of the imacs in the music room, most ofd the iMacs were running Windows 7. The staff are provided with Laptops - mostly Toshibas, but a fair number of teachers appear to have provided their own and they are using Macbooks.
This Monday morning I met one of the IT techs in the academy coffee shop (yes - and it's good coffee too!) and asked him why they had the imacs in the admin and HR departments when they appeared to be booted into Windows. He said that it was a suprise to him when he arrived and they even had them in the IT support unit. But, he said, in all honesty, Windows 7 and all our windows apps run much better and more reliably on the Macs than they do on the HPs.
Perhaps that's the efficiency he's talking about.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Intel's Raspberry Pi rival Galileo can now run Windows
- Microsoft and HTC are M8s again: New One mobe sports WinPhone