Barratt Homes: building a comprehensive security stack for mobile

Building a comprehensive security stack for mobile

Barratt Developments is the leading housebuilder in the UK. Barratt is investing heavily in a tech stack from Microsoft, including Microsoft Dynamics, Office 365, and Intune.

Barratt employees have corporate-owned iPhones and iPads and use applications that are both third-party and in-house developed. They are hosted on-premises and in the private cloud. These apps allow mobile workers to feed information into the company’s systems. One of these applications allows the company to build data entry forms for on-site health and safety reporting that can feed that information to an on-prem server. Like many companies today, Barratt Developments is carrying out a technical modernization program incorporating a ‘cloud preferred’ strategy.

With a growing number of workers outside the corporate perimeter, the Barratt team began looking into mobile security solutions that address the broad spectrum of mobile risk and that also play well with Microsoft tools. They had particular concerns about application vulnerabilities and phishing attacks reaching mobile users, including via SMS, email and social media. Especially since the company has a large number of employees currently working from mobile devices during the coronavirus pandemic.

“We have McAfee on every desktop computer but then we hand people an iPhone that has access to corporate information, so it is important we provide a secure wrapper around it.”

The company has established a Security Operations Centre which includes a SIEM and Cisco ISE for Identity and Access Management, to secure corporate equipment and ports.

“In terms of mobility, we reviewed Mobile Threat Defence (MTD) and came to the conclusion that Jamf is a good choice for Barratt Developments based on previous usage of their MobileIron platform.”

The company uses Jamf's Threat Event Stream which integrates with its SIEM solution. In recent reporting, Jamf had flagged 1,700 phishing attacks, including PayPal and Apple-branded phishing attacks that users had clicked on, but Jamf was blocking any requests to these malicious sites.

The company conducts phishing training and tests via their SOC and has mandatory cyber security training for all colleagues to further improve the company’s overall security posture.

“Our head of security and compliance looks at the Jamf reporting and provides the business with statistics and insight on how many threats Jamf has blocked. When we get notifications for the latest threat we look for any relevant stats in RADAR and highlight to the business that the tools we have are protecting us from security incidents people might be seeing in the news.”

The company uses an industry-leading VPN solution for their laptops but they don’t have a need for VPN on mobile as they use MobileIron to manage devices.

The Office 365 rollout includes Intune with MAM (Mobile Application Management) policies. Jamf's MAM-WE (‘without enrollment’) capabilities mean policies based on Jamf risk assessments can be set up and enforced at the app level on unmanaged devices to provide uniform policy across all devices platforms and ownership models.

“Jamf's core functionality works well for us.”