Zero trust and why it matters to the Apple enterprise

Once upon a time, digital business sat inside the security perimeter. Devices were kept in offices, shared the same network, and were protected by antivirus software, firewalls, and software updates. This system wasn’t perfect and became increasingly specialized, with security teams, networking teams, and others all working in different sectors.

With mobility, this changed. Devices were unleashed from their locations, used their own networks, and stood outside of traditional corporate endpoint protection.

The pandemic accelerated these changes, fostering the evolution of innovative security protections outside of traditional perimeters, such as around zero-trust. The global zero trust security market is now expected to reach $99 billion by 2030, up from $23 billion in 2021.

What is zero trust?

Definitions differ, but verification is critical to how this security model works. That means that everyone — every location, every user, every device, even every app — is blocked from access to enterprise assets and services until they can prove they should have such access.

The philosophy is that breaches are inevitable and that threats can come from anywhere, including within the network. The National Institute of Standards and Technology (NIST), part of the US Department of Commerce, explains it this way: “Zero trust refers to an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” 

When used alongside device management services such as Jamf, Mosyle, Kandji, and others, additional factors, including location, device-specific data, and may also come into play to further secure the device and its communications. The idea is that even as the number of potential security vulnerabilities increases, the core protection on the device — the zero trust protection — brings a layer of authentication and oversight to protect interactions in the first place, and to speed up response when things go wrong.

That’s zero trust, or at least what it attempts to deliver. It’s also going to become mandatory across digital business in the years to come.

That’s a simplification of a compound of complementary technologies, of course, but the end game should be that no matter what devices your employees use, what apps they employ, and where they are accessing your networks from, you can be fairly certain access is legitimate. Your SaaS applications and company data remain secured no matter where or how your people access it.

Why it matters to Apple admins

Apple’s fast-growing position in the enterprise is a huge opportunity for Apple admins. They come to the space relatively less encumbered by the traditional silo-based approach to security and have the advantage that most key Apple device management systems already support the superior security magic that is zero trust.

Because they aren’t constrained by an old approach, Apple techs have the opportunity to define the new one — and because the user experience they can then provide is more integrated and more approachable to users, the experience of using zero trust on Apple devices is actually better than on Windows.

That’s something that seems to be happening, according to Jamf VP portfolio strategy, Michael Covington, who told me:

“Macs — and especially iPads and iPhones — they are now getting line-of-business application access. And you’re able to deliver not only those tools to end users on these devices, but to do it in a way that actually the experience is better than it is on a Windows device. That is a really compelling play for more workers, especially in choice organizations, to say, “Hey, I want a Mac,” or “I want an iPad,” or whatever it might be.”

In other words, Apple admins have a chance to make more work for themselves by giving employees across their organizations new reasons to upgrade to Macs, iPads, or iPhones.

The big opportunity

Covington also noted that switching to zero trust security models remains challenging to some businesses, even to larger entities that already have zero trust schemes in place.

One of the challenges is to get the data out of the traditional organizational silos (such as security, mobile, Mac, compliance) that have grown over time. That’s difficult for some organizations, but easier to accomplish with Apple because silos aren’t set and existing device management technologies already support zero trust, or at least trusted access models.

It means Apple IT can deliver more security wrapped inside positive user experiences, while also ensuring devices are complaint and meet security standards. That’s good for the company, of course, but also good for the admin, who can use the success of their deployments to argue for additional responsibility and oversight to help erode traditional silos to support future focused security protection.

Zero trust is complex. It’s not just a sequence of complementing security technologies; it also represents a changing approach to achieving digital business stability. But for Apple admins, the implementation of these models is a chance to deliver both highly secure computing environments and industry-leading ease of use, within budgets, at a lower TCO. No wonder Apple adoption is accelerating.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.