Skip to main content

Securing data outside an organizations’ walls

| By: Jake Mosey

Apple has continued to make adjustments to allow consumers to protect their privacy with every update of OS X over the past few years. As you can see, Apple is dedicated to the security of OS X and making it easy for consumers. They make it simple to ensure computers are running the latest software, only trusted software gets installed, and data is protected when a computer is lost or stolen.

As always, with everything Apple builds, the end user experience is the top priority, as they know if the experience is not fast and intuitive, adoption of their tools will suffer. For example, in Apple’s Yosemite release, there was a small but significant change made during the setup of a new Yosemite install. The option to turn on FileVault 2 is checked on by default. This will likely increase the amount of personal computers that are encrypted and keeping data at rest secure.

As consumers are becoming educated and taking steps to protect their data and privacy, enterprise IT departments are also realizing they can manage the security of their Apple environment by configuring, reporting, and managing many of these security features Apple has introduced as well.

A continued initiative for many IT departments and security teams is to make sure intellectual property and data is secure on devices that are often outside the walls of their organization. A common and effective way to ensure data-at-rest (data that is physically stored on the hard drive of a computer or mobile device) is secure, is to encrypt the contents of the OS.

Traditionally, managing encryption across a group of computers has been a significant challenge for IT.  But in recent years Microsoft and Apple have both built encryption technology directly into the OS to make it easier for consumers and organizations to manage the security of environments. This provides a major benefit of knowing that your data will remain encrypted and safe throughout OS upgrades.

Along with making it easier for consumers to configure the security of their computers, Apple has continued to update FileVault 2 and its ability to be managed by IT departments. Because of the API’s that are available, IT can completely control the experience and security of their Apple environment by turning on FileVault 2 with little interruption to the end user.

This guide shows how to manage the entire process with the Casper Suite. The Casper Suite provides the ability to configure FileVault, report on the encryption status of the environment and remediate any problems that may come up. IT can also help end users who have forgotten their password to decrypt their drive by providing a one-time use recovery key to unlock the drive and then re-issuing a new key.

Even though encryption is built into many of the major OS’s available today, some organizations are still using third-party tools to manage the encryption of their environment. This has presented problems as it’s often difficult for third-party vendors to keep up with rapid OS release cycles. This forces end users and IT departments to have to wait until encryption vendors update their software so they can use the latest OS.

If you are interested in learning more about how to manage the security and encryption of your environment, JAMF provides many resources to help. Here you can learn about compliance and security of your Apple environment. There is also a webinar located here that will walk you through the entire process of configuring your environment to be encrypted.  Lastly, you can learn about how Cisco secures and manages their fleet of 35,000 devices with The Casper Suite.