Jamf Blog
Addressing mobile security needs
July 1, 2016 by Nick Thompson

Addressing mobile security needs

Discover a workflow that meets IT security protocols and empowers users to get the most out of their iPhone and iPad devices.

Security has always been a top priority for organizations needing to manage endpoints. The traditional desktop model involves an ethernet connection to a desktop that is always on and requires admin rights to perform maintenance tasks. Mobile is different. Mobile doesn’t have a hard-wired connection. It’s not always connected to a fast local area network, and there are no admin users. Securing mobile devices requires a different approach from the traditional desktop model, and the Casper Suite helps you do just that.

iOS in the enterprise
Mobile devices have seen significant increases in the enterprise, with iOS leading the way. According to a recent IBM C-suite study, 76% of CIO’s consider mobile security a top concern. iOS has been a solid security-minded choice for most organizations crafting a mobile strategy. Thanks to its built-in encryption, support for modern networking, secure App Store model and features like Touch ID, it’s easy to see why organizations choose iOS as their mobile platform.

While Android is popular for consumers, it can be difficult to manage in the enterprise due to fragmentation and various security concerns. Only 10% of Android devices are on the current operating system (Marshmallow), compared to 85% of iOS users who are on iOS 9. This fragmentation of operating systems makes it difficult for any organization to roll out security updates or app patches across multiple OS versions. Additionally, there are over 1.5 million known Android malware and viruses, which forces another layer of security for companies managing Android.

Mobile device management security
Enterprise mobility management (EMM) and mobile device management (MDM) are the most common methods to manage iPhone and iPad. Apple has built-in management frameworks which allow tools like the Casper Suite to remotely deploy, configure and secure these devices. This framework is possible because of Apple’s Push Notification Service, which maintains a consistent connection to devices so you don’t have to.

iOS also has a special mode, known as supervision, which enables a deeper-level of IT management. It’s recommended that any device that’s organizationally-owned is placed into supervision mode. This is accomplished either over USB with Apple Configurator or wirelessly with the Device Enrollment Program. Once in supervised mode, IT admins can send configurations to devices to set various settings including Wi-Fi, VPN, e-mail, as well as enforcing passcode and restricting items such as apps or other settings from being modified.

Now that your mobile devices are configured and in the field, what happens when you need to take specific action on a device? You can use remote management commands available in the Casper Suite to put missing devices into Lost Mode, lock them and even wipe them. You can also use commands to update iOS—ensuring your fleet is always up-to-date.

MDM also allows organizations to deploy apps in a secure method by pre-configuring them with app configurations and restricting the flow of data from app to app. You can even manage Activation Lock and bypass that security restriction on previously managed devices.

Balancing end user experience with security
Finally, it’s important to not lose sight of your end users when crafting your mobile security playbook. Users expect the same experience as going to an Apple store and setting up an iPad or iPhone for the first time. They don’t want IT pre-configuring all the settings first on their mobile device. This is where DEP and the Casper Suite can help. IT admins can now send users a new-in-box device and as it boots up for the first time, it will automatically enroll and download all the important configurations—preserving the user experience without sacrificing security.

It’s important to empower your users to get the resources they need without having to submit a ticket each and every time. Self Service—an app catalog that comes with the Casper Suite—can help alleviate this issue. Simply populate Self Service with the apps, e-books and settings you’d like your users to have access to and they can grab them without ever needing to submit a help desk ticket.

Learn more about mobile security by watching our on-demand webinar, Mobile Security Playbook: How Secure are You? and reach out to us to discuss your specific security needs.

Nick Thompson
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.