Jamf CEO weighs in on Apple deployments and enterprise security

“Apple will become the number one device ecosystem in the enterprise by the end of this decade,” Jamf CEO Dean Hager told me while introducing an in-depth enterprise security trends report that enterprises should look at.

Apple continues to see incredible growth

The nature of enterprise IT is rapidly becoming multiplatform. Jamf recently shared some details concerning the rapid growth in Apple device deployments it is seeing in business. For example, it now has 60,000 active customers, up from 36,000 two years before that – and believes new services such as Apple Business Essentials will help maintain this growth.

“Apple continues to see incredible growth in the enterprise,” said Hager. “I believe that due to Apple’s broad range of devices, combined with the consumerization of IT and the changing demographics of today’s workforce and their strong preference for Apple, that Apple will become the No. 1 device ecosystem in the enterprise by the end of this decade.”

The rapid deployment of Apple’s solutions in business has also increased the number of security threats thrown at the company’s platforms. But part of that growth during the last two years reflects efforts to equip employees to work from home as companies sought to survive the pandemic.

With that growth came consequences.

Loosened security

Some firms relaxed existing security policies to make way for enablement — allowing users to access corporate resources from whatever personal devices they had at home, or providing them with new devices the organization wasn’t already supporting.

“The more variety you have in your device fleet, the more OS versions you have to manage,” said Hager. “As a result, [there are] more OS vulnerabilities you need to be monitoring…. IT teams have gone from managing a more uniform fleet of Windows desktop computers, to supporting Windows, Mac, Android, iOS, iPadOS, and more.”

The Jamf report confirms the risks of this rapid transformation: in 2021, 39% of organizations allowed devices with known OS vulnerabilities to operate in a production environment with no restrictions to privileges or data access, up from 28% in 2020, it said.

Cybercriminals are also migrating to Mac.

Phishers of Mac

Phishing and spear-phishing attempts became much more frequent as the world locked down; 29% of organizations had at least one user fall for a phishing attack last year, the Jamf report explains — though this was across every platform, not just Apple’s.  

The data also shows that an astonishing one in 10 users fell victim to phishing attacks on remote devices.

I asked Hager what kind of growth his company sees in terms of Mac malware attempts and how targeted phishing attacks are becoming around Apple platforms.

“Over the course of 2021, our team discovered malware authors are spending significant amounts of effort to attack Macs by finding new zero-day vulnerabilities and exploiting those within their malware. Malware implementing zero-day bypasses show us that attackers are getting more capable and knowledgeable about macOS and that they find value in taking the time to build these exploits into their tooling.”

[Also read: 17 ways the iPhone transformed enterprise tech]

He confirmed the prevalence of Apple-themed attacks, in which attackers use fake Apple-branded emails in attempts to capture information from Apple users as they seek to subvert the locked-down security of Macs, iPhones, and iPads. Traditional anti-phishing protections use blocks based on static lists of known phishing domains, but this is of limited protection because such attacks proliferate fast.

“Phishing is dynamic and new domains are being launched constantly, so it’s very hard to keep these phishing lists up to date,” said Hager.

His company now offers zero-day phishing detection that uses machine-learning algorithms to detect phishing domains within seconds of them being launched.

Blaming people doesn’t make you more secure

All the same, online, the best protection is educating employers. Jamf trains its own to be able to spot attacks and encourages employees to share any experiences they may have of such attacks, rather than remaining silent.

“Phishing attacks just keep getting harder and harder to recognize,” and employees need to help each other, he said.

Hager stressed the need to support employees, rather than punish those who are attacked.

“Punishing employees for falling victim to an attack is not recommended and here’s why: often when social engineering takes place, there is a period of time between attack and compromise. If the incident is reported right away by the employee, there’s a chance your security team can mitigate the risk of any further damage,” he said.

“For example, if an employee has their work credentials stolen in a phishing attack, an informed security team can take steps to block access to accounts, update passwords, freeze bank accounts, etc. Without that knowledge, the attack can move quickly and result in a very damaging data breach.”

The problem with blame culture is that in the event of a problem, “employees will likely not feel empowered or safe enough to come forward with that important information,” he explained.

But even in a blame-free culture, enterprises must introduce increasingly intelligent protection around end-points. 

“You need in-network capability to block the connection being made to a malicious website, to prevent installation of malware, to prevent data exfiltration, to identify and block an unencrypted transfer of sensitive data, etc.,” Hager said. “To put it simply, in-network capabilities add more proactive protection for your end-points, so rather than detecting a threat once it is already present on the device, you can prevent the threat from reaching the device and impacting the user in the first place.”

Why ZTNA is the next security step

The extensive Jamf report confirms that attackers are compromising a growing number of devices, and targeting the online storage and collaboration services remote businesses rely on to get things done. To fend off these attempts, Jamf promotes Zero Trust Network Access (ZTNA) to protect distributed hybrid business.

This kind of smart security combines user identity with intelligent, contextual protections around location, application, and more. When a user is authenticated, they can only use apps they’re authorized to access, with contextual decisions around device risk.

So, if an authorized user seems to be using an app from an unexpected location or at a time that is not in tune with their customary habits, the system may flag a risk. If the system identifies unacceptable risk, it can terminate access automatically through the shift. The idea is that users don’t have to spend too much time managing these decisions.

The problems around such risk are serious. For example, 36% of organizations encountered malicious network traffic indicators on a remote device in 2021, Jamf said.

“We are seeing a shift more broadly towards user-centric security because users need to like a solution in order to achieve widespread adoption within an organization. That’s why we expect ZTNA to replace slow and clunky VPN technology over the coming years,” Hager said.

“Many small organizations see ZTNA as a huge investment that requires a lot of change, but the reality is it’s a journey and you can implement it in stages — so now’s the time to make thoughtful investments that will move you towards a ZTNA architecture.

“A good security policy should be built around an awareness that use cases can differ drastically within an organization and therefore the more flexible and customizable your security solution is, the better,” he said.

Apple’s enterprise growth will continue

Two years into the pandemic, can Apple’s rapid deployments continue? Will the transition continue when (or if) workers return to the office?

Hager thinks it will. “I think we will continue to see Apple’s rapid growth in the enterprise — the momentum isn’t stopping,” he told me. “The trends that are pushing Apple’s fast enterprise growth have been present long before the pandemic.

“I believe that due to Apple’s broad range of devices, combined with the consumerization of IT and the changing demographics of today’s workforce and their strong preference for Apple, [it] will become the No. 1 device ecosystem in the enterprise by the end of this decade.”

The Jamf Security 360 Annual Trends Report is available online.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.