If you’re managing security across a large Mac estate in your organisation and finding it both intimidating and confusing, we’re here to tell you that it doesn’t have to be this way. With a little help from Apple’s built-in security features, as well as a few recommendations from Apple device management experts, your IT team can tackle common security issues with ease.
Security can be a tough nut to crack. The reality is, when you’re responsible for your business’ Mac estate, you want to ensure that you’re getting the job done properly, and that the devices can be used safely and securely. Of course, you need your Mac security to comply with existing network security measures, too.
How can macOS help?
If you’ve made the jump to macOS Sierra (which we recommend), there’s a plethora of ways it can help your Mac estate stay secure.
Regular software updates from Apple ensure that your machines always have access to the latest and safest version of macOS, while Gatekeeper protects you from any malicious apps. The safest place to download apps from is the Mac App Store, but if you’re downloading from the internet, developers can receive a Developer ID from Apple that helps Gatekeeper identify unscrupulous software and block installation from unapproved developers.
FileVault 2 keeps your data safe and secure by encrypting the entire drive on your Mac – and it’s fast and unobtrusive to boot. Users can even encrypt removable drives, which makes it ideal for securing Time Machine backups or external devices. And if you want a clean start or to give your Mac to someone else, you have access to instant wipe functionality that removes encryption keys, rendering data inaccessible, then performs a complete wipe of every last scrap of data on the disk. Best of all, it’s relatively easy to set up and initial encryption won’t take long so you can get right back to work once it’s done.
The upcoming Apple File System (APFS) looks set to revolutionise everything, including imaging, backup, OS upgrades and security. Fortunately, this is a good thing as APFS is optimised for Flash/SSD storage and features strong encryption, copy-on-write metadata, space sharing, cloning for files and directories, snapshots, fast directory sizing, atomic safe-save primitives, and improved file system fundamentals.
What do the experts recommend?
The Center for Internet Security (CIS) is an organisation specialising in cyber security. As internationally recognised specialists, they set the standard for macOS security. Making their security recommendations a part of your day-to-day practices will ensure you’ve got all bases covered.
Click here to check out a few of their benchmark recommendations for macOS security – they even provide terminal level suggestions for enabling and disabling certain features.
How can you meet security benchmarks like this for large scale Mac estates?
MDM (mobile device management) solutions like Jamf Pro allow users to control the settings, security, permissions and applications on any mobile device in your organisation, whether that be tablets, smartphones, laptops and even things like POS kiosks or mobile printers. It provides a single, centralised overview of your organisations mobile estate, no matter how many locations or platforms it covers. Such solutions also bolster device security and offer superior protection for your company data.
MDM tools should provide FileVault 2 controls so IT administrators can administer encryption and recovery keys, and can also help your organisation manage system preferences for your devices. This includes enabling FileVault 2 across your company to ensure data security, as well as iCloud preferences relating to file backup. Similarly, passwords and keys can be escrowed in Jamf Pro’s Server Inventory so you can rest easy knowing they’re stored securely in a central location.
Similarly, device management platforms are also great for handling system access, authentication and authorisation processes. This includes things like certificate distribution, with any good management tool utilising computer-level certificates to protect a company’s assets in a variety of ways. Typically, this includes certificate authentication for machines being integrated into an organisation’s network. Likewise, most management solutions should permit admins to configure a server that will act as a certificate authority, which will then be used to manage certificate services across an organisation’s computer network.
MDM tools can even help with log management, which is ideal for ensuring system and network security, and regulatory compliance. Logs are created on almost all devices, and if you’re running a large Mac estate you’re likely having to handle a large volume of them. They’re essential for analysing and solving bug issues, and testing new features during early development stages. So having a device management solution that can organise logs will save you time and money in the long run, and help you tackle future problems before they arise.
MDM solutions also support patch management, which allows admins to monitor the latest software updates for devices and applications, ensuring they’re up to date and secure – take a look at our mini guide to patch management.
Want to know more about getting started with Mac security, and how MDM solutions such as Jamf Pro can help your business keep on top of everyday IT tasks and meet security benchmarks? Give us a call on 03332 409 366, email enterprisesupport@Jigsaw24.com, or head to Jigsaw24.com/enterprise-support. For all the latest news and reviews, follow us on Twitter @WeAreJigsaw24 and ‘like’ us on Facebook.