As Apple continues to blend systems and features between OS X and iOS, lessons learned from iOS deployments are increasingly valuable to OS X deployments. In Apple’s iOS 6 Education Deployment Guide, three deployment models are identified. These models are adapted to OS X deployments below.
- The Personal Ownership model is described as “similar to the typical consumer experience. The education institution may or may not own the iOS device, but the end user takes responsibility for ongoing maintenance and retains ownership of all apps and content.” This model is applicable to a great many OS X deployments. I often define this as the user’s “functional ownership” of a computer even though the user may not have financial or legal ownership of the computer(s) in question. Bring Your Own (BYO) programs clearly fall into this model, however it’s not uncommon to find organization-owned computers deployed in such a manner. If the end user has an administrator account, you may be dealing with a personal ownership model.
- The Institutional Ownership model is what I have often described as a “traditional IT environment”. Words and phrases such as “lock down” and “prevent” are prevalent here. The user typically doesn’t have an administrator account and is often limited in how much they can deviate from the organization’s Standard Operating Environment (SOE, a useful term not very widely used in the USA, but prevalent elsewhere). Given a clear, finite and realistic set of requirements based on the functions needed by the end users, this model can be used to great effect. The environments where this model works best are those with well-defined workflows. Creative users tend to be stifled in such an environment, and it takes a great deal of work and preparation on the part of an IT staff to ensure that systems deployed under this model are able to respond to changes in user need and advances in the technological ecosystem.
- The Layered Ownership model blends the two models already discussed. According to Apple, “The Layered Ownership deployment allows for both the end user and the institution to own their respective content on the same device, and the end user performs the majority of maintenance tasks on the device.” This seems like the best of both worlds. The organization protects its data and assets while freeing the user to work in whatever manner they find most efficient. In this model, the user would have an administrator account, but the computer would receive some configuration and management from the organization’s IT staff.
Proprietary and/or confidential data should be a primary concern of any IT organization. iOS neatly sandboxes each application’s data making it easy to protect through managed apps, but this is not yet an option in OS X. The growth of cloud systems, both public and private, may provide a solution. Sensitive data can be accessed via secure websites and/or applications. If the data is never resident on the client’s hardware, there’s nothing to leak.