IT security and compliance as a business function
Securing employee computers is a critical function of IT security, especially in these times of remote work. Compliance and auditing standards exist to ensure that a baseline of security best practices are in place to guard against the myriad of cybersecurity risks that have the potential to cause damaged reputations and financial losses.
Organizations, especially those in highly regulated industries, must not only contend with ambitious digital initiatives to grow the bottom line, but also navigate and implement a plethora of compliance and audit controls designed to protect the creation and retention of sensitive information. Couple this with the consumerization of IT and rate of change in technology driving company spending and it becomes clear why security is a top issue for corporate boards. Consequently, regulatory responsibilities around information security is not only an IT function, but a business function that ultimately protects the confidentiality, integrity and availability of data.
Access to the right data is key
The ability to collect, analyze and audit the proper data is fundamental to meeting auditing and compliance requirements. Traditionally, collecting this data has not been straightforward on macOS. A thorough solution requires a mixture of data sourced from complex, Unix-based auditing frameworks, macOS Unified Logging, local configuration files, mobile device management (MDM) profiles and Apple’s new macOS Endpoint Security Framework (ESF). Beyond collecting data, these unique streams must be mapped to desired controls and audit logs.
Today, Jamf Protect audits local and MDM-enforced settings to provide an executive dashboard of Center for Internet Security (CIS) compliance across the macOS fleet. For those without Jamf Protect or familiar with macOS scripting, Jamf Pro offers a series of capabilities by which you can enforce, audit and remediate these benchmarks. But CIS is only a single standard and highly regulated industries often require more.
Jamf acquires cmdReporter to help simplify compliance
Today, Jamf announced its acquisition of cmdReporter, an auditing and compliance solution that integrates with Jamf Pro and existing security data repositories. cmdReporter automates macOS security benchmarking across a multitude of frameworks and audits critical network, process, system and user actions as they occur on a device, giving executives the visibility needed to validate system integrity.
Along with cmdReporter, Jamf welcomed co-founders Eric Metzger and Dan Griggs to the Jamf family. Both Metzger and Griggs bring a wealth of Apple-specific IT security experience to Jamf, with Griggs contributing to the U.S. government’s Security Technical Implementation Guide (STIG) for macOS — before launching cmdReporter. As the standard in Apple Enterprise Management, Jamf is excited to share our mutual vision for Apple-only security and we look forward to bringing the value of this acquisition to our security focused and highly regulated customers.
Stay tuned for more information about our exciting future products and integrations as more information is made available in the coming months.
Not already a Jamf customer?
Try our solutions for free.