A tale of two securities

ZTNA vs VPN

With the release of iOS & iPadOS 15, Apple unveiled a slew of new security technologies aimed at protecting user privacy while on the Internet, like Private Relay does when accessing websites or communicating via email. More recently, Jamf unveiled Private Access*, one of its newest security offerings that replaces legacy conditional access and VPN technology with a modern, Zero Trust Network Access solution to secure connections to business resources, preserve end-user privacy and optimize network performance through policies to ensure compliance and data security.

Two technologies purpose-built for Apple devices, designed to protect end-users, network communications and access permissions to Internet-based resources — ultimately to safeguard data from unauthorized users. While Apple Private Relay and Jamf Private Access share commonalities in going about strengthening privacy and security — what they protect, where they are implemented and how they perform their task are as different as London and Paris themselves.

See below for a high-level view of each technology’s key features before we dive deeper into the benefits of integrating both into your enterprise’s security framework:

Apple Private Relay

• Protects your identity online
• Hides browsing habits from websites
• Encrypted connections mask DNS records
• Uses temporary IP addresses — not your real one

Jamf Private Access*

• Application-based microtunnels to secure transmissions
• Authenticates users via cloud-based Identity Provider (IdP)
• Risk-aware access policies maintain compliance
• Zero Trust Network Access provides the least privilege
• Unified access policy applies to modern OSs, like macOS/iOS

“It was the best of times, it was the worst of times…”

As Charles Dickens eloquently wrote in his 1859 novel, A Tale of Two Cities, and remarkably it remains true in comparison to current times. Specifically, I’m referring to modern society and the marvel of the Internet that has transformed how we communicate with one another, where we work and countless other ways having the vast Internet at our fingertips has revolutionized our daily life. Conversely, and in line with the Dickens quote, we all face a global pandemic that has served as the catalyst for changing how many businesses do work, switching to fully remote or hybrid models.

Paired together with larger scale, more technically advanced security threats that seemingly target users everywhere they go — and show no signs of slowing — it’s important that we have the right tools in place to not only stave off the attacks but protect sensitive data at all times.

This requires having the right tools for the job. Yes, I said “tools”, as in more than one. Contrary to popular belief, there is no silver bullet solution. Multi-prong security threats require multiple endpoint security software solutions to thwart them effectively and consistently.

Apple + Jamf = Privacy and Security

Enter the integration of Apple Private Relay and Jamf Private Access*.

The former, a service offering that’s a part of iCloud+ to keep end-user, web-based traffic hidden, including the DNS records and masking a device’s IP address, to utterly disguise the privacy information that is normally made available to websites, apps and services and used to track users by building a profile through information gathering:

• Who you are?
• Where do you live?
• Which places do you visit?
• What services are used to provide supporting details, like location, microphone and camera?
• Who are your contacts and how often do you communicate with them?
• When do you do certain things, like times and dates of appointments?

The latter, Jamf Private Access* covers the security side of the equation leveraging Zero Trust Network Access to secure access to company resources in a modern, hybrid, or remote work environment, because let’s face it? Devices are rarely connecting to these resources from within the traditional network perimeter — simply put: they need to be protected no matter where they are.

This type of solution conforms to traditional business models while being flexible enough to adapt to the “new normal”, ensuring that after users authenticate into their device(s), they only have access to exactly what software, apps and services they need to remain productive — nothing more, nothing less.

Furthermore, since mobile device usage has surged in recent times, establishing a work-life balance is easy for IT to manage right from the web-based console. By leveraging policies, business applications are secured through microtunnels to keep corporate data safe, while non-business applications can be routed directly to the Internet using split-tunneling to optimize the network infrastructure for greater performance while still preserving end-user privacy and data security.

With its increased commitment to privacy, Apple’s Private Relay aims to limit access to privacy information from leaking and/or being shared while users are online. And Jamf’s Private Access* safeguards sensitive data, including network connectivity, through strong encryption and secure access policies.

Together, both services ensure user privacy, corporate data and access to services remain protected from threat actors and unauthorized users alike.

*As of February 2023, Jamf Private Access capabilities are included with Jamf Connect.