Mac bridges the gap between security and development freedom.

The eternal tension between developers needing maximum freedom to innovate and security teams needing to secure systems according to increasingly stringent compliance requirements often leads to lost productivity, frustration and risky workarounds.

‘This dilemma need not be as sharp as it is often perceived,’ states Maarten, development team leader and sub-security officer at Pro Warehouse. ‘With macOS, this contradiction significantly reduces thanks to its fundamental security design. In a rapidly changing landscape of legislation and security challenges, we worry less because macOS is already basically a secure system.’

The classic security dilemma.

Maarten knows the scenario all too well: ‘About five to 10 years ago, development teams were often banished as a whole group to a WiFi island. They were told: you won't get support, figure it out.’ A classic example of how organisations deal with teams who want to work outside the established IT frameworks - whether they are Mac users in a Windows environment or developers who need different tools from the corporate standard.

‘At some organisations, developers working on a Mac even had to walk to a Windows PC to log their hours or reset passwords,’ Maarten adds. The result? Developers going under the radar with unapproved tools. ‘As soon as people look for an alternative route, you lose track as an organisation,’ he warns. ‘Then you also lose control.’

Secure by design.

How does macOS break through this dilemma? The fundamental difference lies in Apple's security-first approach. ‘macOS is already fundamentally very secure because of the link between hardware and software,’ Maarten explains. Unlike Windows, where users are often not given admin rights for fear of uncontrollability, and Linux, which, while offering a lot of freedom, is also more difficult to manage centrally as a result, macOS offers a better balance between freedom and frameworks.

For example, when the Mobile Device Management system Jamf is combined with macOS, anomalies are automatically detected and corrected. ‘For example, if someone were to disable the firewall, our MDM solution immediately reverses that setting,’ says Maarten. This architecture eliminates the need for drastic restrictions. ‘We can have more targeted security without capping everything.’

Targeted freedom for developers.

How does this approach work concretely at Pro Warehouse? ‘We apply Jamf policies in a differentiated way,’ explains Maarten. Developers are given specific exceptions, such as firewall permissions for testing web services. ‘Golang developers regularly need to build applications that use proprietary network ports. Instead of blocking this, we give that group targeted freedoms. The rest of the organisation keeps stricter restrictions.’

The basis for this flexibility starts from the moment of purchase: ‘Apple devices are linked to Apple Business Manager from the box and therefore directly to our organisation. They never come into use “unattended”, allowing us to allow differentiated freedoms without security risks.’

Open culture and compliance.

This balance between security and freedom rests on two pillars: an open corporate culture and a strong compliance foundation. ‘Transparency helps significantly in reducing shadow IT,’ states Maarten. ‘With us, tools are tested against compliance criteria, but the difference is that this is done in open dialogue. Keeping thresholds low significantly reduces the need for alternative routes.’ This principle also works for updates: development teams test new updates first, so that any problems are known before the whole organisation follows.

For CISOs, this approach provides a firmer starting point in the changing compliance landscape. ‘With macOS as a foundation, we have a good technical starting position for new regulations such as NIS2 and DORA, although organisational processes and policies remain indispensable, of course,’ says Martin. ‘The platform provides many of the technical requirements on which the central government bases its policies.’

In doing so, Pro Warehouse has experience with customers in various industries: ‘Financial institutions have stricter security requirements than creative agencies. We know those specific challenges and have solved them before. Whether it is the complex organisational structure of an airline, the strict security requirements of a bank, or the speed of a scale-up - we tailor our security implementation for each customer to their specific industry requirements.’

The perfect balance.

March's advice to organisations is clear: ‘Promote an open culture around technology and delve into what employees really need. Mac offers a better balance - security that CISOs appreciate and freedom that developers can build on. It helps reduce the tension between security and innovation.’

In an increasingly complex IT landscape, one thing is clear: organisations that are better at striking the balance between security and development freedom have a competitive advantage. With macOS as a foundation, that balance becomes a strategic advantage rather than a difficult trade-off.

This article is the third in a series on the benefits of Mac for development teams.

In het eerste artikel bespraken we waarom macOS de ideale balans biedt voor developers. In het tweede artikel keken we naar Mac als bondgenoot in je DevOps-toolkit. In volgende artikelen gaan we dieper in op specifieke aspecten zoals cross-platform development op Mac, de perfecte development setup en Mac als AI/ML development machine.