This article misses the most import reason (outside of Express/Outlook, which really is a reason): lack of checklist compliance.
Most corporate "infosec" policies require all kinds of oddities like difficult password format, running an anti-virus, software pushes, micro-managing browser proxy, encrypted disks, "personal firewall", on and on and on. Corporate infosec standards are written to compensate for Windows weaknesses, and so require a large number of tweaks to a base linux configuration.
While each of these things individually is possible, all of them together is difficult, and non-standard and causes problems by interacting poorly. Windows at least nominally has all the features demanded by corporate infosec policies. Some infosec policy drone can check off a checklist of features, and give the green light to Windows far easier than he/she/it/them can do the same for a Linux desktop.
How do those changes interact poorly? A difficult password format requires a change to /etc/login.defs. Software pushes (if I understand what you mean by them) can be handled by the package manager (this would require the most work as you need to set up your own repository, but I imagine that is nessasary on windows as well). Configuring a browser proxy is done in the browser (or system wide). Encrypted /home directorys are the default on Ubuntu, and using TrueCrypt (or similar) fuel HD encryption is possible. Personal firewall is handled by ip tables.
GNU/Linux, by the nature of its userbase, has been forced to tolerate far more severe changes. The same software is used in countless configurations, on countless operating systems, some of which are neither GNU nor Linux. And once you have it set up, you could just make a master image and clone that to your target machines.
Or, you could make a corporate linux distro with all of these requirements built in by default.
his article misses the most import reason (outside of Express/Outlook, which really is a reason): lack of checklist compliance.
Most corporate "infosec" policies require all kinds of oddities like difficult password format, running an anti-virus, software pushes, micro-managing browser proxy, encrypted disks, "personal firewall", on and on and on. Corporate infosec standards are written to compensate for Windows weaknesses, and so require a large number of tweaks to a base linux configuration."
I totally agree with that and see that on a day to day basis as well. But I decided to keep the article short and let the debate commence. How can one secure something like google apps if you're a huge corporate entity? Also when your information is in the public domain and being controlled by say google. it's easier for say the feds to obtain your data because google lawyers aren't going to file injunctions for you or use any stall tactics. They will just comply and hand it over. Large multinational corporations don't want that.
Most corporate "infosec" policies require all kinds of oddities like difficult password format, running an anti-virus, software pushes, micro-managing browser proxy, encrypted disks, "personal firewall", on and on and on. Corporate infosec standards are written to compensate for Windows weaknesses, and so require a large number of tweaks to a base linux configuration.
While each of these things individually is possible, all of them together is difficult, and non-standard and causes problems by interacting poorly. Windows at least nominally has all the features demanded by corporate infosec policies. Some infosec policy drone can check off a checklist of features, and give the green light to Windows far easier than he/she/it/them can do the same for a Linux desktop.