For the first time in 15 years, Apple has announced a major architecture change for the Macintosh platform. They are moving their primary processor from Intel to ARM-based Apple Silicon using the same architecture that powers the iPhones, iPads, and iPod Touch. Apple has grown to be one of the largest suppliers of electronic devices in healthcare. Their use by medical staff is indispensable and has enabled significant innovation. The 21st Century CURES Act Final Rule also provides for their use by applications so patients can retrieve and use their information to improve their care via FHIR 4.0.1 APIs. The Apple Watch and HealthKit have provided significant benefit to organizations.
Don’t Panic!
The first thing to remember is not to panic over this and make technology decisions that will have negative repercussions down the line because of initial thoughts. Apple has switched processor architectures three times. Microsoft has made epochal changes to their technology stack several times as well. Yet we didn’t throw out Microsoft when XP had massive security issues, or when they twice laid turkeys with Vista and 8 (although some will argue that maybe we should have). There’s been a lot of people who have voiced initial thoughts of dumping Apple because of a processor switch. This is not something to panic over. This is something a CIO or IT Director manages.
This article is going to go over several steps you can take as a CIO or IT Director now to more effectively manage what you have and set yourself up for success with Apple Silicon in your environment. Our end goal here is for you to avoid the major pitfalls that beset your predecessors during the 68K to PowerPC and PowerPC to Intel transitions, specifically with legacy applications. We want you to be able to meet customer demand and use these devices as part of a good long-term healthcare technology strategy that supports and reinforces the organization’s.
Mobile Device Management
If your current deployed Macs aren’t in Mobile Device Management (MDM), now is a good time to start. These tools, available from Microsoft, JAMF, or VMWare, amongst others, allow you to manage your Macs like they are iPhones or iPads. They also allow you to set security requirements and inventory devices for applications and libraries used. You can also configure wireless and deploy wireless and VPN connections. Apple has done a lot to get management right.
Security Requirements
You should define your organization’s security configurations in MDM first. This will allow you to configure baselines for encryption, Touch ID, password complexity, and whether or not you can run non-App Store apps. This also will let you easily transfer these settings over to Apple Silicon.
Traditional anti-virus applications are also going away. Many of these rely on Kernel Extensions, a feature of MacOS that was deprecated in the latest production version, Catalina. They are being replaced by System Extensions, which provide much of the same data via a defined Application Programming Interface.
What this means for you is that you need to also look for a good Endpoint Detection and Response platform that uses System Extensions which will be supported by Apple Silicon in macOS Big Sur.
Support and Staffing
If Macintosh support has one common issue, it’s that many organizations do not have dedicated support for them. Customers are on their own. They have been motivated to fit the Mac in a PC-centric environment. With Apple Silicon, this changes. iPhone and iPad apps will be able to run natively on the Mac. macOS Big Sur also has a Control Center, just like iOS . This convergence of app support and similar configurations means that the skills used to manage iPhones will transfer over to these new devices. This also can provide some assurance to already-worried customers who are worried about their Mac support.
Apps – You Don’t Want to Have Legacy Equipment!
FileMaker was the Microsoft Access of its day for Macs. It made it very easy to build quick and dirty applications to collect data. Due to scripting and customization, it was very easy to make a database that only ran on a certain version of macOS. It was also possible to make a database with more fields than the ODBC driver allowed you to export (1000), or with non-standard data. These databases often became mission critical as they were developed to store medical data before EMRs were common. During my time as a consultant I had 2 customers who had developed full solutions on FileMaker For Macintosh that had to be migrated over to newer systems.
Also, numerous developers did not make the transition when macOS switched processor platforms. There were always applications that someone loved to use that did not make it over to the next generation. Also, there were unsupported legacy applications that would never move either.
What this means is that every organization running a Mac likely has a vintage G4, Intel Mac running Snow Leopard, or even older humming away in a corner doing work. While this would be viewed as a display of good fiscal jurisprudence several years ago, this is no longer the case. These devices are security and data risks. Apple also only emulated PowerPC for three versions of the OS before cutting support. The emulation was holding back macOS. We expect the same activity to repeat itself again, despite the assurances given this week at WWDC.
We need to use MDM and inventory the apps used on Macs in your organization. Catalog them and see which ones will still be supported on Apple Silicon, which need to be emulated, and which will no longer be supported. Find equivalents for those that will not be supported or need emulation. Start now, as you don’t want to put yourself in a position where a mission critical app failed due to old hardware, hacking, or an inability to run on a new OS. Your end product should be a transition plan to address your old applications.
With Big Sur on Apple Silicon, new Macs can run apps from the App Store meant for iPhones or iPads. While this does sound appealing, the first versions of these apps will not take full advantage of the hardware. Apps designed for smaller devices generally have less functionality than full desktop equivalents. In particular, the major EMR apps have significantly less functionality using their iPhone versions. We recommend delivering the major apps that have PC equivalents over Virtual Desktops or Citrix to sidestep this issue until developers are able to make more full-featured apps that work on multiple platforms.
One question that has to be answered is whether or not vendors of two-factor authentication applications will have configuration settings to deny use of their applications on Mac desktops and laptops. Two-factor isn’t really that secure if you keep the authentication app on the same device you use to log into it.
Virtual Desktops and Citrix
One of the first groups of applications that gets ported over to a new platform are remote access technologies. When Macs moved from PowerPC to Intel, Citrix Receiver was one of the first apps to make it over. Other VDI tools also followed quickly. We anticipate that even in emulation, Citrix Receiver and VMWare Horizon View, two of the most dominant healthcare remote access platforms, will work. We further anticipate other technologies will soon follow. We need to reassure customers that they will still be able to do work remotely using Apple Silicon Macs with decent performance.
Innovation, New Form Factors, and User Interfaces
Mac users are some of the most determined users in healthcare. Despite not having the full support of their IT departments, users have banded together to support each other and run their applications in a hostile environment. They have managed to keep these devices supported very well in healthcare, which is normally meant for PCs. Many of our users also work in academia, where their usage is significantly more common.
That being said, IT departments got a very rude awakening with the iPad and iPhone. These devices disrupted healthcare IT service delivery for the better. However, CIOs were often caught flat-footed when the medical staff started using them productively as they did not know how to use or support them.
The lessons learned are that innovation requires keeping constant contact with trends and seeing what the team is trying to fit into the environment. Apple will be introducing multiple new devices with different form factors. We have to see what fits and doesn’t for the customers’ use cases.
Conclusion
Apple moving platforms isn’t a big deal. We have much better tools in Mobile Device Management to handle this transition, and many lessons learned from the PowerPC to Intel one. Many of us also just migrated our devices to Windows 10, which is a version that like macOS, breaks backward compatibility for many older apps. We need to focus on building a good security configuration baseline in MDM and with a good EDR platform, application management and building transition plans for them, emphasizing that VDI and Citrix will likely be working day 1, and that we will have to establish a strong innovation arm to understand what our customers truly need to support strategy.
Don’t Panic! You can manage this and do it very well.
This was a great read! Thanks for helping IT leaders continue to navigate continual IT environment shifts, and for your perspective on ways to overcome the Apple Silicon transition.