What do employees that work remotely or from hybrid environments and those that utilize mobile devices to get work accomplished have in common? They all come to rely extensively – almost exclusively in some cases – on wireless communications to access apps and services. Another trait shared is that this group of employees perform their job functions outside the scope of the brick-and-mortar office.
Often, this group exists outside the security safeguards traditionally in-place, which means:
- Less protection against malicious websites
- Potentially more exposure to threat actors
- Providing IT admins less insight into device usage
- Detecting the presence of shadow IT
- Preventing excessive data usage
- Enforcing acceptable use policies
- Requiring different tools to manage multiple OS’
While mobile device adoption continues to grow, in no small part thanks to its ubiquity in providing users the ability to work from any device, anywhere, anytime, the flexibility comes in the form of compromises organizations must make, likely at the cost of endpoint protection.
But what if that doesn’t have to be the case? Say “hello” to Jamf Data Policy, the cloud-based tool that addresses all these pain points, allowing mobile endpoints to remain protected – regardless of the device or OS type being used – while still permitting IT to enforce policy-based management to:
- Configure usage caps for shared and standalone data pools
- Implement intelligent content filtering of malicious websites
- Reduce legal exposure from illicit/inappropriate use
- Leverage network-aware controls over cellular, roaming and Wi-Fi connections
- Obtain real-time alerts and granular device reporting
- Reduce data usage consumption through real-time compression
- Customize policies to apply to a variety of parameters, tailoring to organizational needs
- Accommodate all mobile device types and operating systems
- Seamlessly scale across multiple management models, like BYOD/CYOD/COPE
“My way…or the highway.”
Like Patrick Swayze’s iconic John Dalton character in 1989’s Road House, the bouncer extraordinaire ensure that patrons have a good time while keeping out the riff-raff. Jamf Data Policy shares in this spirit by leveraging policy-based management to ensure that your mobile device fleet’s security posture is maintained while making sure malicious threats are kept away from your endpoints through:
Use policy compliance: Ensuring that users utilize devices in accordance with organizational needs is determined by Acceptable Use policies. However, on the devices themselves, compliance with these guidelines is made possible by the policies feature that IT admins can customize to suit their unique needs, including tailoring the policies to different user needs and locations.
Shadow IT: We rely on mobile devices to get work done and users trust that IT will provide the proper tools to get that work accomplished. That said, a large part of usage is based on preference and sometimes IT will need to remediate issues that lead to the use of unauthorized software or services to prevent placing data confidentiality and integrity at risk.
Network-aware: Having multiple connectivity options is great when one connection type fails or is unavailable, however, it’s also potentially problematic when protections are applied to one network type but not another. Recent study findings on the risk to sensitive data that the use of untrusted networks poses was reported on Security Magazine. They found that "39% of workers use personal devices to access corporate data."
Furthermore, they noted that these "smartphones, tablets and laptops may be less secure than corporate equivalents..." By implementing policy-based management, all networks are equally protected - regardless of the connection type - to uphold endpoint security regardless of the communication standard.
Policing your mobile endpoints is only a subsection of the capabilities of Jamf Data Policy. To be clear, it is not endpoint protection software as Jamf Threat Defense is, to clarify the latter prevents malware and protects your fleet against zero-day phishing threats. The former however does utilize security practices that, when implemented, provide more of a defense-in-depth approach to keeping devices safeguarded from a variety of different malicious threats, such as:
Content filtering: Malicious websites, phishing URLs and known compromised sites are just some of the web-based threats that lie around every corner of the Internet. Despite this, “the show must go on” as they say in show business and that carries over to business continuity. By implementing in-network endpoint protection, attacks that rely on compromised hosts or risky websites are identified and prevented from being accessed to keep devices, data and users safeguarded.
Compliance: Regulatory compliance is a governance process that affects many different industry types, putting requirements on how data is collected, stored, used, transmitted and so forth. Taking a page out of the policy handbook, IT can develop policies that maintain compliance with specific requirements, including alerting functionality of devices that are out of scope and remediation workflows to bring them back into the fold.
Real-time usage: Touched upon above, device monitoring and logging occur in real-time. Alerts are delivered in real-time, as well, providing IT and Security teams with insight into device health, compliance and usage to maintain the security posture of your mobile fleet, including implementing remediation processes to perform corrective actions, when necessary.
One Love, One Heart
Many organizations have developed mobile device ownership policies, used to manage their fleet of corporate-owned, personally owned mobile endpoints, or a mix of both. A Jamf survey on The Impact of Device Choice on the Employee Experience found that "of organizations with a mobile device choice program, 75% of respondents indicated they choose to use iPhone or iPad, while only 25% choose Android." Despite the overwhelming number of users choosing Apple, there are those that work more comfortably with another OS.
That's the beauty of Jamf Data Policy, which supports multiple device and OS types, providing IT enhanced manageability over the endpoints that connect to organizational resources, while flexibly allowing users to be more productive from their preferred device.
Mobile devices: Does your organization support a variety of device types? Including smartphones, tablets and laptops from multiple vendors? So do we! And thanks to the cloud-based infrastructure, Jamf Data Policy works across your entire fleet, from anywhere, at any time and over any connection to keep endpoints managed in the background, allowing users to remain productive.
Multiple OS types: Whether it’s iOS-based, Android, macOS (and yes, Windows is included in this group too) – Jamf has your mobile fleet covered. All can benefit equally from the cloud-based solution’s policy-based management framework, while still adhering to the security and privacy frameworks of each developer’s OS, so there are “no compromises” between security and privacy protection.
Ownership models: Regardless of whether endpoints are corporate-owned, part of a personally owned/BYOD model and/or made available for personal and professional use through employee choice programs, the flexible policy-based management structure provides unyielding support for all your usage needs and helps organizations of any size to meet their compliance goals on all devices and ownership models.
Knowing the health of your devices and what the apps are really doing on them is only half the battle!
Jamf Data Policy provides insight to identify risk in real-time, but also includes the features necessary to remedy it, mitigating security threats while brining devices into compliance with machine learning and automated policies.