It’s possibly the #1 item on the minds of IT administrators and information security (InfoSec) teams. In honor of October being Cyber Security Awareness Month, we take an in-depth look at why security breaches continue to lead the nightly news and what resources and tools are available to ensure security is at its best.
Understanding the device security landscape
Many organizations leverage lots of different hardware out there — desktops, tablets and phones. And many types of hardware leads to different types of operating systems that must be supported. A common misconception to overcome these challenges is to use one mobile device management (MDM) solution to cover all hardware and operating systems. The reality is many features (including security) are forfeited when trying to find one MDM to rule all devices.
When looking at the themes of MDM — provisioning, deployment and security — across three common platforms, you see few, if any, commonalities for execution, encryption, provisioning, settings management or even the framework itself.
With no consistency, there can’t possibly be reliable security measures in place across all devices at all times.
So, how do you satisfy supporting hardware and operating systems to their fullest without sacrificing any security features and needs? The answer: Find an MDM to best support each OS type, or as we like to call it, ecosystem management.
Jamf focuses solely on Apple to ensure InfoSec, IT admins and the users they support have everything they need to succeed with Mac, iPad, iPhone and Apple TV devices. The results include same-day compatibly support for Apple OS updates and features, streamlined integration with Apple Business Manager and Apple School Manager, and enterprise-level security and management features for Apple devices.
Let’s examine 11 of the security and management components Jamf Pro — the gold standard for Apple device management — offers to ensure devices, apps and networks are secure this and every other month.
1. Passcode enforcement
Often thought of as the first level of defense, Jamf Pro ensures that a passcode is always required to turned on the device. Admins can even enforce a complex passcode and require that it be changed every so often. You can also ensure the passcode isn’t something easily guessable for your Mac or iOS devices such as “1-2-3-4” or “0-0-0-0.”At the very least, having a passcode on will help with data and privacy security that is located on the device. When an MDM isn’t being used, employees can go into settings and turn the passcode feature off at any time.
2. Encryption on Mac
In the Windows world, many organizations tend to purchase encryption software and then attempt to make it work with their Microsoft management solution or function independently. With Apple, you don’t need to worry about add-ons. Jamf Pro can enforce all native Apple security features and even have Macs auto-encrypt, store the passcode key, and retrieve it or reissue if necessary.
3. Gatekeeper for app security
Gatekeeper is one of Apple’s native security features to ensure applications or software are signed by authorized and known developers. It is on every Mac, but may not be enforced or the settings can get turned off if you have a savvy user on your hands. With Jamf Pro, you can enforce Gatekeeper settings and put restrictions on where software and applications come from.
4. User authentication
For those who want or need to manage both the identity of the user and the device, Jamf Pro can integrate with directory services to accomplish security around device and user management. To help bridge any connections between the device and directory service, we also have integrations with Jamf Connect (formerly NoMAD) and Apple’s Enterprise Connect.
5. Restrict consumer features
iCloud, iCloud Drive, iCloud Photo sharing — all great features for a consumer. But perhaps for your organization’s compliance, they could be viewed as a gap in data security and privacy.
If you want your employees to have access or not have access to these, with just a few checks of a box within Jamf Pro, you can ensure that these consumer features are not available on Mac or iOS devices.
6. Air traffic, network and port security
Air traffic, network security and port security all play a role in enhancing an organization’s security. Jamf Pro can help enforce and enhance each of these with our framework or by uploading custom packages or scripts. Block or control incoming traffic to your firewall, control which ports your organization can connect or not connect to, and set up VPN and allow per-app VPN to ensure you’re securely linked.
7. Restrict adult content
This may seem obvious but restricting adult content is an easy way to avoid cyber attacks. With Jamf Pro, you can restrict specific websites entirely or blanket-restrict anything that may be perceived as “adult content” in case a user stumbles upon sites they shouldn’t — preventing them from getting viruses or malware from visiting pages they shouldn’t be at to begin with.
8. Restrict admin rights and software installations
Avoid the likelihood of users accidentally installing malware by leveraging Jamf Pro to restrict admin rights and system preferences — preventing users from authenticating. Also, use Jamf Self Service to create a custom app store with IT-approved software and package installs.
This allows users to still install software, but at the same time, allow IT to carefully consider what should be installed on a user’s device.
9. Inventory and reporting
Stay on top of Apple device information by running customized inventory reports and being proactive with security needs. While there are an infinite variety of searches you can conduct to locate the inventory information you need, below are just a few examples of ones you may want to consider:
- Encryption Searches: Knowing which devices are encrypted or not encrypted.
- Anti-Virus Software Searches: Distribute and see which devices have anti-virus, or don’t, who needs it and leverage patch policies to ensure they have it on there.
- Lost or Stolen Devices: With Jamf Pro, you can build a dedicated report for devices that have been deemed lost that you wish to recover.
- Gatekeeper: Build a report to ensure your Gatekeeper settings are on all devices. This can be extremely helpful so only authorized developer software or apps are on your devices.
10. Integrations and customized packages and scripts
Create packages and run scripts to customize devices and tell them how to behave. Go beyond these workflows to integrate Jamf Pro with network security systems. With an API connection or a webhook, you can integrate Jamf Pro into other security software to ensure you are covering all ground. To see if a product or service already integrates with Jamf Pro, visit our Marketplace.
11. MDM commands
Should you ever need to wipe a device, Jamf Pro not only has easy-to-use MDM commands to wipe and reset the device, but can also create a timestamp of when the wipe was executed. This ensures data is secure should the device not be recovered.
Secure the best hardware with the best software
At the end of the day, whether you have Apple hardware already or are thinking about offering the ecosystem, we’re here to help support you and your organization.
This is just a small sampling of what is possible with Jamf Pro device security. While there are common security requirements across organizations, we recognize each organization has its own needs. That’s why we offer hands-on implementations to ensure you hit the ground running with Jamf and Apple. With world-class support included in each license, you can always phone a Jamf should you have questions. And should you need anything beyond that? We have plenty more to offer.
Contact us and let us know how you’re looking to enhance security for your Apple devices. And when you’re ready, take Jamf Pro for a free test trial and start putting these Apple security features to use.