Introducing data residency and security reporting to Jamf Safe Internet

Data residency and security reporting have come to Jamf Safe Internet! Read this blog to learn what this means for educational customers and how to configure privacy settings that help admins use student data effectively.

March 18 2024 by

Mat Pullen

US hosted server with Jamf Safe Internet data.

In the ever-evolving landscape of technology, where data security and privacy take center stage, the launch of data residency for information stored in the United States marks a significant milestone for Jamf customers. Particularly, the impact on education users is noteworthy, as it introduces a new layer of protection and compliance.

In this blog post, we explore the implications and benefits of this development, shedding light on what it means for educators, students and institutions.

What is data residency?

Data residency refers to the physical or geographical location where data is stored, processed and managed. It is a critical aspect of data governance, ensuring that information is handled according to the laws and regulations of a specific jurisdiction. This concept becomes even more crucial in sectors like education, where sensitive student and institutional data are involved.

Jamf’s approach towards enhanced data security

The introduction of data residency for education users signifies a commitment to prioritizing data security and privacy. By keeping the data within the boundaries of the United States, the software aims to comply with the local laws and regulations governing data protection, providing a secure environment for educational institutions.

Data residency helps with:

  • Legal compliance: Data residency aligns the software platform with U.S. data protection laws, ensuring that educational institutions using the software remain in compliance with regulatory requirements.
  • Enhanced privacy: Education users can expect heightened privacy for student and institutional data. With data stored within the country, concerns about data crossing international borders are alleviated.
  • Improved performance: Localized data storage often translates to faster data access and improved system performance. Education users can experience quicker response times and smoother interactions with the software.
  • Building confidence: Transparency in data handling helps education users feel more confidence their data is safe. Knowing that their data is subject to U.S. laws and regulations can instill confidence in both educators and students, contributing to a positive user experience.

A necessity for network security

Privacy settings are inherently designed to shield sensitive information from unauthorized access. However, in the educational technology landscape, a careful equilibrium is crucial. Striking the right balance means allowing IT admins to access certain identifying data in order to ensure the security of school-owned devices and networks without compromising individual privacy rights.

Why privacy settings matter for network security

By giving IT admins access to certain device and non-sensitive user data, admins have a greater ability to spot potential threats. This data could include the device ID, the associated user and certain behaviors. Armed with this data, IT has a better understanding of indicators of compromise and can achieve:

  • Protection against network-based threats: Schools are increasingly becoming prime targets for cyber threats, and network-based attacks can have severe consequences. If admins have access to adequate device and user data, they can spot signs of compromise or unusual activity.
  • Compliance with regulations: Educational institutions are bound by various data protection laws and regulations. Privacy settings that provide controlled access get schools one step closer to meeting compliance requirements while actively managing security risks associated with the use of technology.
  • Proactive security measures and faster incident response: In the event of a security incident, swift and informed decision-making is crucial. Deviations from baseline behavior helps admins respond to potential threats quickly.

A responsible implementation uses granular access controls. Privacy settings should be meticulously designed with granularity in mind. IT admins should have access to only the necessary information required for security monitoring and incident response, minimizing the risk of misuse and safeguarding individual privacy.

What does this mean for Jamf Safe Internet?

As we look to always develop our product to meet the needs of our users, we will be building on data residency to bring elements of PII to Jamf Safe Internet. Jamf believes strongly in a privacy-first approach, and as such Jamf Safe Internet has been built with privacy-by-default and privacy-by-design at its core.

Jamf Safe Internet will be bringing the essential role of privacy settings to support admins as they help guard against network-based threats while carefully navigating the delicate balance between privacy and security.

Student data is extremely sensitive. We wanted to ensure we built something that aligns with Jamf’s values around protecting student privacy while also maximizing the level of security we know schools need. We will be adding some level of identification of student data but with very deliberate ways of what, how, when and by whom this data can be seen.

Data residency can be configured in Settings > Privacy in Jamf Safe Internet. Full privacy can be turned on or off:

  • On: no device can be identified and stays anonymous
  • Off: privacy is still strong. Devices can be identified only in the device groups and security report pages. This helps the IT admin resolve administrative and security issues.

Turning full privacy on or off in Jamf Safe Internet

Only customer superadmins (i.e. regular and parent) with write access can toggle the privacy setting. All other admins will be able to see the page and the current setting but can not change it.

Check out the release notes.