The vendors realize it, and pro-level Mac-management tools are now available from AirWatch, Centrify, MobileIron, and Symantec. More are coming from vendors like AppSense and AT&T (via its partnership with OpenPeak), as security and management vendors see both the user demand and the native capabilities in OS X and iOS to satisfy most businesses' needs.
Yes, it's more work for IT, but given how many IT organizations are still freaking out because they equate BYOD support with having to support anything and everything (not my definition, by the way), it's a lot less work than the alternative. Many organizations have gone this way with the iPad -- in fact, business adoption of the iPad has been more driven by the business than BYOD-seeking employees, unlike the case for smartphones. Why not extend that philosophy to Macs and iPhones?
The formalized Apple approach may not be the complete solution
If your organization has strict management over equipment and information, then the Juniper approach is the right answer. By "strict management," I mean:
- You do not let employees use home PCs (or Macs) to access the corporate environment, including email.
- You do not let employees install their own software (like iTunes or GoToMeeting) on the company-issued PC.
- You restrict access to at least some websites (including Webmail) and perhaps use the network to block or filter access to file-sharing and personal email.
It's these organizations that freak out the most about BYOD because the heterogeneous nature of the devices and apps means you simply can't achieve strict control. If you must be that strict, then be that strict. OS X and iOS allow it with the proper tools, just as Windows does with its panoply of third-party tools.
But most companies aren't that strict, and that's where the Juniper example is too simplistic an approach. For example, if you let people work at home on their own PCs, you've already accepted the risks of malware and information loss. You're actually safer from a malware standpoint if you allow OS X and iOS usage rather than Windows (and Android usage); if malware is your concern but you allow home-PC use, you certainly won't create more risk by allowing non-Windows devices into the at-home mix. You may even decrease it.
If you allow people to use their own PCs, then you have BYOD whether you know it or not. And if you're a reasonably well-managed larger company, you already have some technology in place to monitor access and even filter some of that access at the network level. Those approaches work for mobile devices, too.
Ask yourself why you allow people to use their own PCs. The answer is probably around cost savings and employee convenience. Well, that's why you would also let employees access email, some network services (via VPN, I hope), and files (presentations, employee evaluations, and all the similar work many white-collar employees tend to do in the peace and quiet of home) on their mobile devices. If you use segregation technologies like virtualization or policy-based containers (like AppSense's Strata Apps), you can do the same on mobile.
Now ask yourself why people want to use their own equipment rather than yours. The old standby of not wanting to tote around a heavy laptop is a weak excuse these days, given the lightweight options available. Their answer probably boils down to artisanship. Like chefs with their knives, contractors with their tools, and doctors with their medical bag, many knowledge workers pick a tool set they prefer because it "fits" them. Choosing to use a Mac or Windows 7 PC (if XP is the norm at work), an iPad or iPhone, or an equivalent Android or Windows mobile device, is the same thing. Ditto on choosing to use Office 2010, iWork, or LibreOffice at home even if the company uses Office 2007.