Automating Secure Access Control with Device Compliance & Jamf Connect ZTNA

In this session, learn about cybersecurity compliance, the importance device of establishing device baselines in maintaining compliance and what compliance looks like with Apple and Jamf in enterprise workflows.

October 3 2024 by

Jesus Vigo

JNUC Session title card

Why cybersecurity compliance is important?

Compliance serves as a fundamental methodology framework safeguarding data protection.” — Winston Wong

Before diving into the processes related to device compliance, Winston Wong, Security Sales Engineer at Jamf, discusses the various facets that go into cybersecurity compliance, explaining how it encompasses:

  • Standards and Regulatory Requirements
  • Definitions by agencies, laws or authority groups
  • Risk-based controls

Each of these plays a critical role in the protection of sensitive information, such as Corporate and User data.

Baselining device compliance

Wong goes on to speak of the inherent challenges presented, not just to enterprises that are looking to safeguard data but with respect to navigating the various regulations, standards and best practices required when establishing a device compliance baseline.

Due in no small part to the ever-changing security landscape, nuances introduced between varying approaches and different controls mean “compliance is not a check-box.

In addition to complexity, other concerns that may limit or enhance an organization’s ability to effectively implement and manage a device compliance baseline are:

  • Ongoing enforcement and maintenance of compliance measures
  • Third-party dependencies may introduce added challenges in maintaining compliance throughout the supply chain
  • Frameworks, like CIS Benchmarks, address compliance on a broader spectrum or those that target specific regulated industries, such as HIPAA compliance in Healthcare

Maintaining compliance workflow with Jamf

During the session, Wong provides a high-level workflow, explaining how integrating Jamf Pro (management) and Jamf Connect (identity), paired with Jamf Security Cloud (security) keeps data protected from risk vectors on managed endpoints.

When users log in to their device with Jamf Connect, their identity is verified while the endpoint’s health status is compared against the established baseline to identify potential risks. In the workflow, Wong states that endpoints have their OS levels verified by Zero Trust Network Access (ZTNA) during this phase. If a device is found to be out of compliance, access to protected resources is restricted by conditional access policies.

At this time, users on affected devices are directed automatically to policies executed by Jamf Pro to mitigate the risk. Per Wong’s workflow, users are alerted to the issue and prompted to run the appropriate mitigative measure from Self Service, which will update the OS to the current version.

With the risk mitigated, the device will once again run through a series of checks to verify the device’s health status. Once verified, users are granted access to ZTNA-protected resources.

Visit the Jamf blog for JNUC updates, session recaps and more!