Jamf Blog
June 23, 2020 by Dave Hornby

NCSC Cyber Essentials and Security with Jamf

Advice and tips on securing and protecting your organization's devices amid the shift to remote working are plentiful. But where should you start? If you are UK based, see how attaining and leveraging the National Cyber Security Centre's certification in Cyber Essentials equips you to thwart cyberattacks, support your IT teams and end-users' experience, and leverage Apple devices to their fullest potential.

As we have seen this year due to the global pandemic, there is immense pressure on companies to adopt and implement flexible remote work policies. There are plenty of talking points when considering pros and cons of remote working, but that is not what this blog sets out to do. No, this is about leveraging your ability as an organisation to ensure that all steps have been taken to secure your services and endpoints so you can remain compliant and protected from cyber threats in this remote work landscape.

There are many policies and processes that need to be taken into consideration for any business looking to maintain a productive and creative working environment while implementing thorough security measures. There is a fine balancing act needed in order to accommodate both user productivity and corporate security policy measures.

There may also be questions as to where to start. “Whats my baseline?” “What do other companies do?” “What does ‘secure’ mean to us?” One useful set of guidelines, if you are based in the UK, is to follow the National Cyber Security Centre (NCSC) backed, Cyber Essentials certification. The Cyber Essentials strategy was put in place to thwart cyberattacks like hacking, phishing attacks and simple password guessing. I have certainly seen more and more bug bounty programs opening up for casual hackers to attempt to discover vulnerabilities in well known company operated websites.

Achieving the NCSC Cyber Essentials certification is actually quite straight forward, and can be achieved by ways of a self service questionnaire, typically completed by the head of an organisation’s IT security team. It’s important to note that the Cyber Essentials certification applies policy to all of your endpoint devices as well as network appliances and servers.

When it comes to cybersecurity, maintaining compliance of the device can often come at the expense of usability. By implementing the NCSC Cyber Essentials, there may be some tough decisions made when it comes to which third-party solutions you should deploy to achieve certain standards. How will that affect usability? From a personal point of view, there is simply nothing more frustrating than trying to do your job and hitting obstacles at every turn because of your organisation’s security policies. In a time where users are having to work from home and rely on home internet connections, are they really going to log a support ticket with IT? Or, are they going to find workarounds and sacrifice productivity? Well, what if there was another way? What if there is a way to gain your certification, while not having to increase efficiency? A way to monitor for device threats silently… sounds good to me. We do exactly this.

Jamf helps you satisfy security requirements, maintain compliance and support user productivity.

Apple has a long history of continually adjusting and improving their platform — whether it be in the latest machines using T2 Chip technology or introducing application notarization with Catalina —without sacrificing the Apple experience users know and love. Alongside the security measures, their operating systems have typically been intuitive and easy to use and are more and more compatible with third-party enterprise applications like Microsoft Office. Jamf leverages the likability and suitability of Apple across our portfolio of solutions and is equipped to address the various facets of the NCSC Cyber Essentials certification.

For example, Jamf Connect allows for simple configuration of a cloud identity to be used as authentication into the local device itself. When using this identity, it is a straightforward process to enable local password syncing with a cloud identity platform like Microsoft Azure. Once synced with this identity, a recommended password policy can be easily enforced. Jamf Connect used in conjunction with Filevault also puts a nice tick in the box for device encryption requirements as laid out within the NCSC guidelines.

Moving away from User Access Controls and Password management, we can now take a look at the requirements around “Malware Protection”. Apple delivers great application security measures straight into the OS — notably XProtect (Yara definitions), Gatekeeper (checks for code signing on launch) and the Malware Removal Tool (Endpoint protection). Looking at these services, you could argue there is little need to deploy a third-party security tool; however, it’s common that at least one additional security tool is deployed to macOS from IT/security teams. The problem is that, more often than not, these tools do not necessarily protect your mac fleet in the same way it protects your Windows fleet. Typically speaking, third-party security tools on macOS use the now deprecated Kernel Extensions (KEXT), which can lead to system instability. Step forward to Jamf Protect — the first purpose-built macOS security tool designed to deliver unprecedented visibility into the built-in Apple security tools, as well as delivering on device detection of malicious activities.

Finally, we can take a look at some of the ongoing management tasks like for example ensuring applications are patched and up to date, which are required to obtain NCSC Cyber Essentials certification. With Jamf Pro — our flagship Apple management solution — both operating system patching and third-party patching can be reported on and enforced. However, to ensure that updates are done at a time suitable for the user, they can choose to defer these updates until deemed appropriate. Jamf also supports the Apple MDM framework that is used to deliver other over-the-air configurations, like ensuring the Firewall is enabled, ensuring Gatekeeper is turned on and even safelist/blocklist applications.

If your organisation has Apple devices and is looking to better secure your devices, networks and protect users today and into the future, look no further. Jamf’s portfolio not only helps you achieve a security baseline but also supports your workers’ productivity and experience.

Read more in our NCSC Cyber Essentials white paper, to learn how Jamf configures your macOS devices and supports your success.

Want to see it in action?

Dave Hornby
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.