Skip to main content
banner image
venafi logo

Do You Have the Identity Protection Needed for Your Apple Devices? [Interview with Jamf]

Do You Have the Identity Protection Needed for Your Apple Devices? [Interview with Jamf]

young man on a laptop while looking at his smartphone, in a modern environment
February 27, 2020 | Bridget Hildebrand


Apple devices on enterprise networks need secure access to corporate resources to keep employees connected and productive. In order to protect the communication between enterprise networks and the increasing number of mobile endpoints, organizations must ensure all devices have secure machine identities that support authentication, encryption and decryption.
 

However, the machine identities for these mobile devices can become prime targets for cyber criminals if they are issued outside of enterprise policy, are not tracked or are left unrevoked after use. Bad actors can compromise machine identities from unprotected mobile devices and use them to access critical enterprise systems and data. These issues can be especially problematic with employee-owned devices.
 

Visibility, intelligence and automation make up the same recipe for protecting widely used endpoint devices like iPads as they do for an organization’s load balancers and Next Gen Firewalls.  And now two experts in the field have joined to close the loop on machine identity protection for Apple devices:  Jamf and Venafi.
 

Jamf recently entered the league of leading developers sponsored by the Machine Identity Protection Development Fund.  I had the opportunity to meet with Jamf, who are the standard for Apple in the enterprise, and learn about their plans for integrating the Venafi Platform and Jamf Pro.  Here I am speaking with Josh Jagdfeld, Director of Marketing at Jamf, about their involvement in the Development Fund.




 

Bridget: Josh, tell us about Jamf.

Josh: Jamf helps organizations succeed with Apple. More than 35,000 organizations use our software to connect, manage and protect their Apple products, apps and corporate resources in the cloud without ever having to touch the devices. With Jamf, Apple devices can be deployed to employees brand new in the shrink-wrapped box, set up automatically and personalized at first power-on and administered continuously throughout the life of the device. Our software solutions preserve and extend the native Apple experience, allowing employees to use their Apple devices as they do in their personal lives, while retaining their privacy and fulfilling IT’s enterprise requirements around deployment, access and security.
 

Bridget: How critical is machine identity protection for the Apple devices you manage?

Josh: Critical, but without the right tools, extremely difficult. Automating the life cycle of machine identities across all enterprise Apple devices and certificate authorities (CAs) can be a complex challenge for device management and security teams. Device management teams are often not PKI experts and need simple, easy access to machine identities. Security teams may not be directly responsible for maintaining mobility access for the business and need to ensure that policies are enforced, including consistent use of machine identities from approved sources. Security teams may also require the ability to remove machine identities—in other words: “a kill switch.” 
 

All this adds up to two teams with different strengths and levels of expertise striving for the same security objective.
 

Bridget: What is Jamf’s plan for bringing device management and security teams together?

Josh: Today EMM/MDM systems use SCEP or one-off integrations with CAs to best provide machine identities for all enterprise mobile devices. However, this fails to empower the security team with the intelligence and policy control they require. EMM/MDM teams also seek the easiest source of certificates possible and may setup their own CAs or acquire certificates from unauthorized sources outside the control of the security team. All of this leads to unnecessary friction, limits deployment potential and holds back the possibilities of enterprise mobility. As part of the Development Fund, Jamf is looking to bring these two worlds together with the power of Jamf Pro and Venafi Platform.


Bridget: How will the integration between Jamf Pro and the Venafi Platform work?

Josh: Jamf Pro will make pull requests to the Venafi Platform for machine identity life cycle operations, including certificate issuance, renewal and revocation. This workflow ensures enterprise devices are provisioned and managed anywhere in the world and across any network. To connect within an enterprise, Jamf’s Infrastructure Manager adds the capability to call the Venafi Platform for machine identity life cycle operations. The integration also uses the Venafi REST API to connect with the Venafi Platform. Machine Identity Protection with Venafi Platform support for Jamf Pro will be included in Jamf subscriptions, so it will be very easy for our joint customers to deploy across their enterprise.   
 

The Jamf Pro integration is targeted to be complete in Q2 2020. Visit Jamf on the Venafi Marketplace for more information. And stay tuned for future interviews with Machine Identity Protection Development Fund recipients.

 

 


Related posts

Like this blog? We think you will love this.
New Development Fund partners
Featured Blog

Venafi Ecosystem Expands—Meet Our New and Returning Developers

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Bridget Hildebrand
Bridget Hildebrand

Bridget is Sr. Product Marketing Manager for Ecosystem at Venafi. She has over 20 years of experience managing strategic alliances and global channel programs for a broad range of technology organizations.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat