Whether you are considering how technology can enhance your business, have purchased your first Apple devices, or have been using Apple hardware and services for years, staying on top of Apple device security and information security is always a priority. With the power of mobile device management (MDM), taking proactive steps to make Apple device security even more protective is as easy as it has ever been.
Before we dive in, let’s take a look at how Apple is continuing to gain market share in business. According to a Dimensional Research survey, 66 percent of respondents say it is as easy or easier to maintain a secure environment on the Mac versus a PC, and 90 percent agree it is easier to secure Apple devices compared to mobile devices on other operating systems. Similar findings were reported when asked if Apple devices were easier to deploy, configure and support. Companies are quickly learning the benefits of having Apple’s ecosystem in their business environment.
Apple Ecosystem 101 and Apple Device Security
Apple designed iOS and macOS with an eye toward integrating hardware, software and business-class services. This makes it easier than ever for companies to configure, deploy and manage Apple devices in the workplace. Just as employees expect a consistent experience when using Apple devices at work, they should expect an equally consistent experience when configuring and managing those platforms.
To understand Apple’s approach to security, lets start with an overview of how they have built an integrated framework of platforms, services and tools for Apple security.
- Apple’s Deployment Program for Business: Apple Business Manager
- Apple’s Security Features:
- App Store: Keep your apps up-to-date and secure
- OS Updates: Enjoy the latest security features with operating system updates
- Biometrics: Secure and authenticate with FaceID and TouchID
- Activation Lock for iOS devices (and macOS computers this fall!)
- FileVault for macOS computers
- Apple Operating Systems: macOS for desktops and laptops and iOS for mobile phones
Apple’s Deployment Program for Business and Apple Device Security
If you have been using Apple devices for a long time in the workplace you may be more familiar with the terms device enrollment program and volume purchase program that have migrated into Apple Business Manager. Apple Business Manager creates a streamlined way to combine the ability to automate device enrollment and purchase apps in volume.
As mentioned, Apple Business Manager helps you quickly and easily deploy your Apple devices to employees, automatically enroll them within Jamf without physically touching or prepping each device, simplify your setup and onboarding process, as well as get more out of your MDM. Apple Business Manager also allows you to create Managed Apple IDs: a special account type that allows you to share your Apple Business Manager account with others in your organization. In addition to these functions, Apple Business Manager allows you to find, purchase and manage apps in bulk. It is by far the best way to save time and start managing apps across your organization. As a business using Apple to succeed, these completely free programs are a value add!
Apple Push Notifications server (APNs)
Apple’s entire framework for enabling MDM is built on a trusted relationship between the user, Apple and the MDM platform. To enable that relationship, Apple created APNs, a means to keep a constant connection between the device, Apple services and your trusted MDM vendor, like Jamf.
However, understanding this does not answer how to leverage APNs for security. A functioning APNs connection is vital for implementing a mobility strategy for several reasons:
- MDM is dependent on APNs for sending critical commands – like operating system updates or application installs – wirelessly to the device.
- APNs is responsible for triggering automatic check-ins with the MDM server.
- APNs is the means to send lock/wipe commands remotely.
- APNs unlocks functionality that is vital to managing and securing Apple devices at scale.
Apple Device Security Features
Both macOS and iOS contain a portfolio of security features that can help you take steps to become more secure individually and across an entire organization.
macOS security features include:
- FileVault — an additional layer of encryption built into macOS to protect user data if a device is lost or stolen.
- Software updates come directly from Apple and are signed for verification, so your organization knows it can be trusted.
- App sandboxing — a practice that ensures apps do not share — intentionally or unintentionally — data from the core system or another app.
- Privacy controls let users and IT admins define when location services are active and which apps have access to different kinds of data.
- Malware removal tool — a means for Apple to remove any malware that manages to get on the system.
- Supervision comes to the Mac this fall with macOS Catalina.
- The new Read-Only System Volume in macOS Catalina is another big step up for security and more tightly segregates certain vital portions of the system to protect its integrity.
iOS security features include:
- System security leverages technology like Secure Boot, Secure Enclave and more to protect the OS against compromise.
- Touch ID / Face ID leverages unique biometric security data like fingerprints and facial recognition to quickly authenticate a user that requests access to a device.
- Encryption and data protection ensure personal and corporate data can’t be compromised even if other aspects of the device have been wiped.
- Supervision is a deeper form of device management that can be used to control the near entirety of a device and its functionality.
Apple + Jamf for unmatched Apple device security and management
The best platforms for business technology demand the best MDM platform for device management. No other provider is more suited to ensure your success with Apple. That’s why 30,000 organizations trust Jamf to manage 14 million Apple devices around the world.
With support for iOS and macOS, and an intuitive platform that makes devices easy to deploy and manage, Jamf Now is the ideal solution for your small or medium business. Jamf Now’s platform is not only a great tool for managing Apple devices but also a great way to move device management off your plate so you can get back to doing other tasks at work.