Hot on the heels of Apple’s MacBook Pro launch, the world’s biggest (virtual) gathering of Apple admins is beginning with a raft of announcements from Jamf, including solutions to secure remote working, accelerate deployments and more.
The big event for Apple IT
The 2021 Jamf Nation User Conference, a virtual event, will host over 10,000 Apple administrators from across the enterprise, healthcare, and education. The company now has over 57,000 customers, and its software is used to manage more than 25 million Apple devices, the company said.
“I think ten years ago Windows led in market share,” Jamf CEO Dean Hager told me. “Now, if you look at the U.S., Windows is around 32%.”
According to Statcounter, Windows had about a 75% share of the US market at the end of 2011 and has 31% today. Apple’s iOS and macOS together account for over 40% share in the US. And IDC recently claimed a 23% macOS share in US enterprise IT.
Part of the reason for this change is the expansion of employee choice hardware provisioning schemes across businesses.
“In this day and age, employees have a choice,” Hager told me. “If they don’t like the work computer, they’re going to do their work on their own machine. And as a result, you’re going to be less secure as an organisation.”
Hager wants that same feeling of choice and emancipation in enterprise security and is working to reduce the friction of those protections.
“Our focus is, ‘Can we provide enterprise security that is consumer simple and protects personal privacy?’” he said. That strategy, balancing enterprise security with consumer simplicity and user privacy, pervades all the company’s announcements at its show.
Onboarding in the hybrid workplace
Jamf has spent time considering the needs of the new workforce, and this extends to placing a division between enterprise and personal information. It has also made it possible to enroll personal devices to the enterprise systems.
When a user enrolls a personal device, they get access to all the apps and services the company provides, but data is separated, which means personal data is kept private and secure. If an employee quits, all the enterprise information can be remotely deleted, but the company will have no insight or control of any personal data.
Combined with Bring Your Own Device (BYOD) User Enrollment, this literally means a user can walk into an Apple shop, purchase equipment with the company credit card, log in with their Managed Apple ID, and all the apps, services, passwords, and everything else can be set up on that device. All they need is an email address and ID password.
App lifecycle management now extends to app installation, including installation of iOS apps to M-powered Macs, which should serve any enterprise that makes use of proprietary internal apps.
Think about the kind of enterprise-focused solutions provided by SAP. Those can now be auto-installed on setup.
Securing the enterprise
Jamf has announced numerous new services to protect the rapidly expanding fleet of Apple devices in use in the enterprise.
Jamf Private Access: A zero trust network access solution that replaces conditional access and VPN. Like iCloud+ Private Relay, this 100% cloud solution intelligently secures business communications. The idea is that when using a managed device, the device itself figures out how to secure your activity, meaning employees can get the best protection without being required to add extra friction into how they usually use their device. All an end user needs to do is sign in to make use of this. (This is a cross-platform solution, by the way).
Jamf Data Policy: This lets enterprises enforce acceptable use of sites and apps to reduce risk and prevent use of shadow IT.
Jamf Threat Defence: This is a mobile threat detection and zero-day phishing prevention tool managed from a central dashboard to protect iPhones and iPads. Jamf monitors and blocks four million phishing campaigns daily, the company said.
When protection fails
The truism is that it’s not if you have a security incident but what you will do when you are impacted. The challenge is that most enterprise leaders aren’t security experts and may not be certain of the best way forward in the event an incident takes place.
With this in mind, Jamf announced a managed security partnership with Red Canary. Under this arrangement, the latter firm will analyse security-related data, make sense of that information, and help your business build an appropriate security response.
The event also saw Jamf introduce a new integration with Google Cloud’s BeyondCorp Enterprise to bring device compliance to admins using Jamf Pro and Google. It also introduced a new beta feature that prevents sensitive business information from being written to unencrypted USB media devices and gives IT better control of security alerts sent from their console.
Many Jamf customers are in the education sector, with colleges and universities using the software to manage student devices. The company announced Jamf Safe Internet, which will combine threat defense and content filtering to protect students. The company has also developed a platform for teachers it calls Jamf Educator.
Beyond the App Store
“Historically, Mac has been the dot app platform — you know, all the apps run on iOS or run on Windows, right? And that’s been improving over time,” Hager said.
The challenge is that many enterprises use applications that exist outside of those stables, as they are third-party applications sold online. That’s a problem, as it represents perhaps hundreds of software items that need to be monitored for updates and flagged for security challenges.
The response? Jamf is launching an app catalog, basically a collection of 800+ third-party software titles that the company will monitor on your behalf.
“We are committing to monitor over 800 software titles out there in the world,” said Hager. “We are able to notify within a day of a new software title being available. And we’re implementing a new technology within Jamf Pro that will allow users to apply those new software patches to their Macs.”
The JNUC enterprise-focused event takes place all week. Access is free and you can join the event here.