Open source is coming to the Apple enterprise with Fleet

The continued evolution Apple is experiencing within the enterprise is real. Because that’s the case, the growing ecosystem now encompasses numerous alternative approaches to enterprise device security and management.

With that in mind, I spoke recently with Mike McNeil, CEO of Fleet, an open-source endpoint security company that recently added support of osquery for script execution of managed devices for its business clients.

Open-source for the Mac enterprise

The advantage of this is it lets admins who cannot administer their Macs via conventional mobile device management platforms a way to accomplish tasks such as remote lock/wipe or executing remote “raw” MDM commands. (Regular readers might recall we spoke with Fleet last spring, when the company had just introduced its own cross-platform, open-source take on device management.

That’s when we also learned that Fleet’s co-founder, Zach Wasserman, was also a co-creator of osquery, which provides some synchronicity to the company’s latest move.

What is Fleet?

Fleet is built with an open architecture and embraces GitOps, allowing IT departments to approve script changes and execute them on demand. This approach means enterprise security teams can run pre-approved scripts via a simple REST API, which provides some opportunities for flexible device management.

While this won’t fit every enterprise, Fleet believes the open-source nature of what it does provide gives business owners a flexible solution with which to manage and protect their hybrid IT operations.

What it provides: from read-only to script execution

“The most significant advantage for Mac Admins with Fleet’s remote script execution capabilities comes to admins who cannot administer their macOS devices via Mobile Device Management (MDM),” said Wasserman. “Fleet allows you to escalate from a read-only system to a script execution system, allowing for not just monitoring but remediation as well. Previously, this was possible only for users with control over the device via MDM.”

Wasserman also explained that the system delivers granular access to infrastructure that’s difficult to achieve using other systems. For customers, “being able to be more exact allows them to go to these teams less, which saves everybody time,” he said.

The beauty of an open-source approach is that this kind of information might be easier to find, at least for some users in some scenarios.

Build out better

It also limits the tendency to keep throwing software at problems. He cited a customer, who said: “Half the problem is that our executives just keep buying things and tacking on new tools. IT and security budgets fluctuate with the trends, and right now we don’t have much extra cash to play with, even if buying something was the answer.”

It makes more sense, he thinks, to use an architecture that can be more easily extended to handle new challenges, rather than end up with multiple applications running alongside each other to achieve different things — particularly when these applications often do similar things.

This may generate scenarios in which an admin might have security tools, “but they don’t tell me who (which user) the device is checked out to, so I have to go to my inventory management for that information. Then, I have four other pieces of software to gather information about my endpoints, and I even have spreadsheets from 10 years ago. All these things get slapped together in the moment, and none of them communicate with each other. But the higher-ups do not understand the technical debt or the importance of intentionally streamlining the tools for us to work effectively.”

Better is not necessarily better than best

“Juggling diverse platforms will often lead to adopting more vendors, which translates to higher costs and reduced efficiency due to the need for additional personnel with unique skill sets that translate poorly from one platform to the next,” he said. “There’s no one-size-fits-all solution to this complex situation, no ‘easy button’ or single vendor that can solve these problems effortlessly.”

That’s why Wasserman thinks his offering, “gives you the flexibility and freedom to adapt and grow without being locked into proprietary solutions.”

There are larger enterprises that develop their own in-house options for device management and security. Fleet should help make that tactic available to a wider congregation of businesses that don’t have the budget to reinvent the wheel. It might be of particular use for admins managing complex platform infrastructure.

Meanwhile, existing MDM and security environments such as Jamf, Mosyle, Addigy, Kandji, and others provide solid, tested solutions designed to support the transformation of enterprise IT.

The times continue a-changing

If you look back across the decade leading to today, it is clear that rapid growth in the number of vendors offering Apple focused software and services represents a burgeoning sector of the tech industry. It’s a sector on a mission to promote continued change in the traditional shape of enterprise IT, even as the next phase of generative AI prepares to transform the environment all over again.

Follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.