Pennylane kicked-off an employee choice program for their devices: employees could choose between PCs, Chromebooks and Macs. Since 2022, the number of employees has risen sharply, prompting the need to centralize device management, but also to reinforce security policies. As a result, the company chose to equip itself almost exclusively with Apple products.
"We chose Apple because we have confidence in the robustness of the company and their devices," explains Thomas Piault, IT Manager at Pennylane. "The cost/performance/durability trifecta is also better with Apple. What's more, the new Silicon processors bring greater durability and autonomy to Macs."
Pennylane has a fleet of 350 Macs, or one per employee.
Managing the rise of a fast-growing startup
After strong growth in recent years, the company's needs have evolved. With a larger IT estate, security issues are now the order of the day. "The number of employees has exploded, and they don't all work in the Paris office. It has therefore become essential to reinforce our security policies and raise team awareness. What's more, the nature of our business makes security a critical issue."
The company has also reviewed its device management strategy. Prior to 2022, devices were not managed. "We chose Jamf because it's a mature solution, a leader and an expert in Mac management. We know that Jamf is capable of supporting our growth projections because it's a viable solution, offering features that may be of interest to us as we grow."
We also had to review the onboarding process for new employees. "The zero-touch deployment has simplified the onboarding of new employees: the IT team has just 3 actions to do, whereas before they had to configure the devices one by one. Today we spend ten minutes per machine: it's a great time-saver", explains Thomas Piault, IT Manager at Pennylane.
Security in the spotlight in 2023
Pennylane is a company that manages its customers' accounting data, so security issues are particularly important.
Like many companies in the market, Pennylane is constantly seeking to improve its security procedures. This is their priority for 2023. Pennylane is planning to obtain ISO certification. To achieve this, numerous initiatives have been implemented internally: password rules, password history, Touch ID, Filevault activated across the entire fleet and remote blocking of Macs in the event of loss or theft, thanks to Jamf.
Jamf Protect is an endpoint security solution specially designed to prevent threats. Capable of blocking attacks targeting Macs and mobile devices, it offers clear visibility on device compliance.
Pennylane relies on Jamf Protect in particular to protect devices against malware and software that could threaten data security. "Jamf also helps us, thanks to shadow IT, to check that downloaded applications do not thwart the security rules in place, such as preventing the computer from being put to sleep. Jamf Protect enables us to check a lot of boxes on the IT side to obtain our ISO certification", says Thomas.
Ensuring data security at Pennylane also involves employee training. Numerous mandatory in-house training courses and phishing awareness tools are available to raise employee awareness.
The Google Workspace ecosystem managed by Jamf
Pennylane has used Google Workspace since its inception, for email, user and document management. "Google is a safe bet for a fast-growing company, as it allows scalability without major changes for the IT team," agrees Thomas Piault. Pennylane relies on Jamf Pro for Apple device management, and provides a great Google Workspace experience for those users.
Essential work applications such as Google Chrome and Google Drive are available directly by Jamf’s ‘Self Service’ solution. This is a catalogue of secure applications approved by the organization and which are available to employees. Employees can select the applications they need without having to contact the IT department. Once the applications have been installed, Jamf Pro’s patch management functionality allows users to monitor whether Chrome is up to date on Macs. Additionally, Jamf Pro integration with Chrome Browser Cloud Management makes customizing the browser experience possible with just a few clicks.
Google Workspace is perfectly suited to our business. As well as bringing together all the tools in the suite, its main strength is SSO authentication, which is available almost everywhere. It simplifies life for our users, who only need to know about one account. From a security point of view, it gives us greater control, we can see which applications are being used and thus combat shadow IT, and in the event of a departure, deactivating the account means we can cut off access to all the applications that were using Google SSO.
Jamf, the right choice
Jamf Connect simplifies the way organizations provision and authenticate users and devices.
"Password management is essential for all businesses. At Pennylane, we are particularly demanding in this area. Jamf Connect is the key to helping us manage passwords. This solution simplifies the process of logging in with Google, our identity provider.", says Thomas. Pennylane is in an extended test phase with the Jamf Connect solution for a few more months.
Jamf Protect enables CIS 1 rules to be tracked on machines, security alerts to be received in real time, and offers a security dashboard for tracking events. "To take security needs a step further, we can easily block USB ports, push alerts on Macs with out-of-date OS, or force device reboots."
Jamf Pro, is a state-of-the-art device management solution that delivers the best and most secure user experience for Apple devices.
Jamf Pro enables quick and easy centralized deployment of enterprise applications. The dashboard provides real-time visibility of project progress, such as application and profile deployment. "Thanks to Jamf Pro, I can monitor old Mac configurations and fix those that were misconfigured - that didn't have Filevault enabled, for example. Jamf Pro also allows me to take regular inventory of the fleet."
Jamf Pro and Jamf Connect’s Zero-Touch deployment functionality now allows Pennylane to facilitate a smooth onboarding experience for new employees, but more importantly a much quicker and simpler new device enrolment experience for the IT team, which saves valuable time in the long run. On the day of onboarding, users enter their Google ID, select a few preferences and configure Touch ID in a matter of minutes. The Mac then needs 5 to 10 minutes to download the basic applications and complete the configuration. Then the Mac is ready!
"All the Jamf tools combined give us a global view of our fleet, so we can better manage and secure it," concludes Thomas.
A successful centralized management and security project
A project of this kind requires a great deal of investment, and not just financial. "The key to success is education. You have to explain as far upstream as possible what you're going to put in place as you go along. You have to listen to people who are worried and reassure them. Communication is essential for employee participation. Jamf Protect allows us to send out an alert message to inform employees of upcoming changes.”
Just as Pennylane chose Google as its identity provider, they chose Jamf because it is a mature solution that manages over 30 million devices worldwide. What's more, Jamf's close relationship with Apple gave the decision-makers confidence. "In a context where Pennylane is growing rapidly, we needed a solution capable of accompanying this growth."