Organizations are often comfortable managing Windows devices, but Apple device management in the enterprise is relatively uncharted territory.
Fleetsmith Inc. offers a cloud-based platform for macOS management, which includes zero-touch provisioning and deployment.
In August, the San Francisco-based company announced its venture into mobile device management (MDM), offering device management for iOS and tvOS via Fleetsmith Managed. The product helps IT admins with tasks such as setting up devices, updating OSes, and enforcing security and compliance demands.
In this Q&A, CEO and co-founder Zack Blum and chief product officer, CSO and co-founder Jesse Endahl discuss trends in Apple device management, including the importance of a strong security strategy.
What options do IT admins currently have for Apple device management?
Zack Blum: There are a few different options. One is the open source model, like what some of the leading tech companies like Dropbox and Google do. That's actually a great solution if you have the expertise and the team to be able to do that. It gives you a lot of power and customizability.
On the suite side, you have -- at least on the surface level -- that coveted single pane of glass. Typically, MDM suites can manage a lot of different platforms, but they have a lot of breadth and not a lot of depth in terms of capabilities.
We want to do something that no one has done before, which is to make a product with a combination of multiple platforms and the depth of best in breed.
Why did Fleetsmith move into Apple device management for iOS and tvOS?
Blum: With the use case of managing [iOS and tvOS devices] for conference rooms, it's just more and more critical.
On the Apple TV side, I think a number one use case there is screen mirroring. When we were showing off iOS capabilities that we were building internally, our engineers and product teams could come into a meeting and literally mirror the iOS screens right onto our conference room TVs.
At my old company, we had an iPad outside of every conference room which showed whether it was available or not, as well as the upcoming schedule.
How does Fleetsmith's perspective on MDM differ from other vendors?
Blum: We see Fleetsmith as a product, not a tool.
Imagine you want to build a new house and a supplier just comes and drops off a bunch of lumber and tools and tells you to have at it. That's the tool approach. The product approach is that the builders actually build you the house. You have to take your keys, come in through the front door and put your pictures on the wall, but that's about it.
Zack BlumCEO and co-founder, Fleetsmith
Jesse Endahl: If you're the admin, you should be able to come in and say, 'Here's my goal: I want all my devices to be running macOS Mojave by November 1.' If there's a device that's lagging behind, we'll just keep sending that upgrade command until it's upgraded. That approach of you telling us of the desired state and us doing everything in our power to make that true, that's a very different approach. It's more of a DevOps approach.
Historically, the onus is on the IT admin to keep sending, manually, these commands until they've achieved their goal. The product should make that happen.
What security risks can admins encounter when they don't effectively secure their devices?
Endahl: There are two buckets of [MDM] attacks: ones that require local, physical access to a device, and the other remote attacks. In the first bucket, you've got someone leaving their laptop at the park or something and someone picks it up.
A second example, like malware or phishing attacks, happens when someone clicks on an attachment of an email. If you're not running the latest OS with all of the latest security patches baked into it, that malware might be successful on your device. When Apple releases iOS 12 to the public ... You want to get ahead of that and make sure your employees are running the latest version.
It's important to enforce that users set a passcode on iOS. This is not just to protect logging into the device, but also because a low-level security feature of iOS called Data Protection only becomes automatically enabled when a passcode has been set.