Security Matters...For Everyone
"DNC urging Democrats to dump Android for iPhone"
Forbes
Cult of Mac
Reddit
I’ve been reading this morning (links above) that the Democratic National Committee has been urging its senators, house committee members, and employees to stop using Android phones and move to iPhone for security reasons. If this really is the case, this is what I recommend to the head of the DNC to keep its devices and data secure from prying eyes.
It all comes down to 3 little letters:
MDM
Mobile Device Management
So here’s the thing with iOS. On Apple’s iOS it will only allow you to install one management profile at a time. An iOS management profile is the only way that someone can maliciously “steal” info or “track” your device. So what the DNC needs to do is block out the attacker before they even have the opportunity to attack. I’ve been a big fan of JAMF for quite some time. JAMF is a company that prides itself on the management of all types of devices, a tool invaluable to IT Administrators. For a bit of context of the scale of what JAMF does for management, every single Apple product in every Apple Store in the world is managed via JAMF.
JAMF offers 2 types of management.
1.) JAMF Now - A lightweight but incredibly functional management solution that allows you to “Set up, manage and protect Apple devices in minutes.”
2.) JAMF Pro - Built for enterprise around management of devices that gives you deeper control of these iOS and macOS devices.
See blog directly from JAMF that will enable you to pick the solution of the two that is right for you:
https://www.jamf.com/blog/jamf-now-or-jamf-pro-which-is-right-for-you/
Regardless, even if the DNC did some lightweight management with JAMF Now, let’s say an attacker sends a phishing email with a malicious link to someone to try to take “control” or “management” of his/her device. Even if the end user fell for that email and was prompted for his/her iOS passcode lock to install this management profile, it would FAIL. iOS would report back that “Profile Installation Failed. Mobile Device Management is already installed.”
With A Management Profile Present. THIS WILL FAIL.
My recommendation to the DNC is have a smart, quick, and forward thinking IT Team. Enforce ALL devices that are being used for communication be enrolled with a management configuration profile which first and foremost enforces encryption. The beauty of using an iPhone and iOS is that it already ships from Apple out of the box encrypted. You MUST set a device passcode to enforce that encryption, and JAMF can do just that. Audit the app usage from members devices in your admin reporting console. Lastly, ensure there is an “Approved” list of apps and a way to conduct communication.
The choice is yours, my friends. Be safe out there. Ensure you are not caught at the crossroads of sacrificing your data in order to use your technology.
Be well.
Best,
