User Privacy + Private Relay

There was a school of thought behind IT management that admins always had to lock everything down. Just completely button it all up for a device (and its data) to be considered “secure”. I put secure in quotes because this iron-fisted approach often came at the cost of system usability, and almost always at the cost of the end-user experience.

This was long before the modern-day computing landscape we have today. The iPhones of today – and for that matter, most of the iPhones released – have more computing power than most computers twenty-plus years ago, pound for pound. Something else the devices have today that wasn’t really a thing back then is metadata. Specifically, all the various bits of data recorded, timestamped, and cataloged about the user when using cameras, microphones, taking photographs or sharing data across the Internet, such as through social media platforms. This metadata can be and is used by several sources the instant it’s recorded to answer many of the following questions about the user:

• When was something done?
• Who did it?
• What are their individual characteristics?
• Are there ties between this person and other data bits?
• Can a profile be created from this data?
• How can the profile be used to link the person to ‘XYZ’?

The questions are endless. The result though is straightforward, however, to be able to use this privacy data against you, the user, in some way, shape or form. Regardless of whether it’s something as seemingly benign as curating advertisements to target your interests to maliciously assembling all this data to steal your identity.

How do you balance that? Do you lock the device down so tightly that it can barely even be used? Or do you leave it as open as possible and permit users to take control over the dissemination of data in all forms? The answers to that are beyond the scope of this blog because, at its core, it really depends on your organization’s policies, how much and what types of data users share of their own volition and the risk appetite of both entities.

Here we’ll address:

• The different ways IT can address privacy vs security in mobile devices
• Some features of iOS/iPadOS 15 to protect privacy
• Resolve some of the issues that pertain to BYOD programs
• Use Jamf Pro’s recent additions to strike a balance between company-owned and personal devices

User Privacy and Private Relay

Privacy data, as explained in the previous paragraph, but to recap, is essentially any data that can and does personally identify a user and/or can be used to build profiles about the user, including shopping habits, interests, web history and so on.

Private Relay on the other hand is a new technology from Apple introduced in iOS/iPadOS 15 that, when enabled, limits the amount of private data that is leaked to websites and services when establishing connections to them over the Internet. Acting like a shield of sorts, Apple Private Relay works by routing your requests through Apple’s servers first where your DNS records are encrypted to hide the name of the website you’re requesting to access. The encrypted request is then sent to a second relay, which generates a temporary IP address, masking your real IP address before connecting you to the site you requested.

Over management = Underserving users

So how do user privacy, privacy relay and managing users and their devices tie together? That’s a good question and I’m glad you asked. See, in the larger security scheme, device management just doesn’t apply to updating the apps and patching the OS. While that’s a big part of it, securing access, what users can and cannot do is another part of it, but how to go about balancing both so that your users are free to use their BYOD devices for their own personal uses while still ensuring that the device is secured against security threats ultimately means that some compromises will need to take place on both sides.

Locking a personally owned device down to a state where it is largely unusable outside of company-provided apps and services is an easy way to foster discord among your users. Furthermore, while the device is technically configured for work, this approach can also backfire in a big way given that mobile devices will still collect some form of personally identifiable information (PII). Without a way for users to manage this themselves, the organization may very well run afoul of laws and regulations that are in place to protect users from these very practices.

Similarly, there’s a saying that a former supervisor would say to me during my years as a Sysadmin. “You touch it, you own it.” Intended as words of caution when considering working on certain projects that didn’t technically fall within our wheelhouse to support. The concern is that even though it’s not our problem to solve, sometimes in providing assistance for a problem we inadvertently create another in the process – that of taking on responsibility for the issue moving forward – despite our best intentions. This is very much the case with over management in this case, by taking upon yourself to turn management of privacy data exclusively into an IT function, end-users are left with no choice but to turn to IT for every single privacy-related matter – whether it pertains to work-related tasks or not. Not only is this a very slippery slope to skate on for IT, but may very well also present difficulties for HR, regulatory compliance concerns, worker’s unions and the organization itself, alongside the users as well.

Making mobile device programs work

Hence the “iron-fisted” approach written about above simply doesn’t work in this day and age. The sheer variety of users, their needs, different types of mobile devices, use cases, and the disparity in distance between each user and the office for remote and hybrid work environments all mean that one size most definitely does not fit all. Oh, and adding BYOD into the mix means that the devices are personally owned, so it wouldn’t be exactly fair nor sustainable to lock a user out of their device due to BYOD security risks. After all, users can simply “opt out” of management at any time when enrolling personal devices in company MDM solutions.

So, what’s the answer then? You might be asking. Well, that’s tough because each organization is different with varying needs. BYOD security solutions ensure the security of corporate data while keeping a balanced, “hands-off” approach to safeguard user privacy matters, which is a solid goal to aim for.

Luckily, there are several models available that may be a better fit for your organization. They each offer their own trade-offs, of course, but may provide the solid foundation to move forward with developing a management plan that works to the benefit of all stakeholders.

BYOD

(Bring Your Own Device): The user owns the hardware and is free to use it as they see fit. Device management offers control of the user-based functions of the device, but not full control by design. This is the least costly option for organizations. It is important to note that while BYOD limits what your employer can see on your device, it does allow IT to focus solely on managing the apps/services/data that are tied exclusively to securing company resources. Users retain control of their devices and their use, while corporate data – which they do not govern – is still safeguarded to company standards and adherence to corporate policy.

CYOD

(Choose Your Own Device): The company owns the hardware and provides it to employees to use for work-related purposes. This is the costliest model as it requires the company to purchase and manage the devices and infrastructure. With this model, IT may opt to restrict devices as they see fit in theory, but as mentioned before that doesn’t really work out so well in practice if devices are so locked down users simply cannot use them. Instead, users feel forced to carry a secondary mobile device that is more flexible in terms of allowing them to do their work and use it for personal uses. A big downside to this is, if corporate data is not being managed appropriately in the backend, users will figure out quickly that they can use their personal device to meet their needs, eschewing the corporate-owned device altogether. This represents not only a waste of funds for the organization but potential security risks as IT will have no insight into the personal device, meaning company data may be open to compromise at any point.

COPE

(Corporate owned, Personal Enabled): The company owns the hardware in this model as well, which keeps the costs up for both devices and management infrastructure. However, the biggest delineation between COPE and CYOD is that the former shares more flexibility with BYOD than with CYOD’s locked-down model. In other words, the ability for companies to own the hardware means they can secure corporate resources as needed without compromising security. However, the user-based policies provide the ability for users to utilize the mobile device for personal tasks in addition to work, without one infringing on the other. Company data remains protected and personal data remains with the user.

Lastly, there is one piece to this equation that we’ve only touched upon: the MDM component. Specifically, the software used to manage the mobile devices regardless of which deployment model is chosen. In this case, the new additions Apple has incorporated into iOS/iPadOS 15 have a heavy focus on security and privacy. Jamf has also adopted these features into the latest version of Jamf Pro to streamline user enrollment and provisioning access to company resources while maintaining user privacy on their personal device.

Leveraging Apple’s Account-Driven User Enrollment, Jamf Pro allows organizations to take advantage of the onboarding workflow to allow end-users the ability to securely enroll their personal or corporate-owned devices by authenticating with their cloud-based credentials and utilizing both personal and managed Apple IDs to keep personal and corporate data respectively separate.

Frankly, it’s the best of both worlds, having two Apple IDs allows users able to keep privacy data linked to their personal Apple ID; while company data is linked to their organizationally provided managed Apple ID. Furthermore, personal devices allow limited IT management without allowing access to commands that may be considered too heavy-handed, such as viewing personal data, location tracking or collecting privacy data from the device. Conversely, It can still lock devices that are reported lost or stolen, install/update corporate apps & data and apply configurations to secure corporate resources, like VPN or Email remotely.

The end result is a mobile device management strategy where all stakeholders win: users can benefit from a unified experience, blending personal and professional from just one device with transparency into IT management capabilities, protection of privacy data and access to corporate resources. Organizations strike the all-too-important balance between security and end-user privacy by keeping employees protected and productive while allowing for flexibility to use devices for personal tasks that are secured, without infringing on the privacy of their users.