Cloud Hosting

Apple @ Work is brought to you by Mosyle,the leader in modern mobile device management (MDM) and security for Apple enterprise and education customers. Over 22,000 organizations leverage Mosyle solutions to automate the management and security of millions of Apple devices daily.Request a FREE accounttodayand discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.

Apples design for enterprise security strategy has done a lot to quell the frustration with enterprise security. When Apple built the kextless security endpoint, it was saying that employee experience matters. One of the reasons people have always hated their work computers is because they were a pain to use. Truthfully, many Windows environments have so much bloatware added to protect the employee from installing things they shouldnt and verifying compliance that the employees have trouble doing their job. Apple took a different approach with how it implemented security and how it built its MDM protocol. Over the next three weeks, I will take an in-depth look at three of them.

About Apple @ Work:Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.

There are multiple innovations that Apple has implemented on macOS that have served enterprise customers well without compromising security or functionality. This week, I want to dive into three critical parts of Apples security strategy in the enterprise to see how some of their innovations have led to better acceptance from CISOs, CTOs, and CIOs. First, this week, I want to look into FileVault 2.

FileVault 2 has been a crucial part of enterprise customers, ensuring that data stored locally on computers cannot be accessed if the machine is lost. It uses XTS-AES128 encryption with a 256-bit key to ensuring data cannot be accessed without authorization.

FileVault made its first appearance in OS X Lion and is still being used today. Personal users can enable it under the Security & Privacy tab in System Preferences. Still, it can also be enabled through a mobile device management vendor to be force-enabled for all machines in your fleet. The recovery key can be stored securely in your MDM as well.

When people running Windows think about full disk encryption, they probably believe it will slow down their computer. With macOS, you barely know its running. Initial encryption happened in the background and only when your Mac is plugged into AC power.

When encryption is finished, youll restart your Mac, and your Mac password will unlock your disk and allow your Mac to finish unlocking itself. FileVault 2 requires that you log in every time your Mac starts up, so no account can log in automatically.

IT departments should enable FileVault 2 on all their computers because it will ensure that sensitive company data cannot be accessible even if physical access to a machine is gained. When verifying security for compliance reasons, FileVault 2 is a must-have.

There is almost no performance loss, but there is a lot gained in terms of security. End-users will likely never know theyre using FileVault 2.

All Macs with the T2 chip already have their hard drives encrypted even without FileVault 2. Its still recommended that FileVault 2 gets enabled, so automatic log-in cannot be enabled. The only time you dont want to use FileVault is for Macs in shared areas (school labs, etc.).

Almost all MDM vendors now will integrate with FileVault 2 and make the integration of enabling and reporting back the recovery a turn-key process. Because its accomplishing a vital security task of encrypting all data on the disk when the machine is locked without noticeable performance impact for the user, its highly recommended for all enterprise IT departments.

As we continue with this series, youll notice a key aspect of Apples enterprise security strategy: implementation without performance impact.

Apple @ Work is brought to you by Mosyle,the leader in modern mobile device management (MDM) and security for Apple enterprise and education customers. Over 22,000 organizations leverage Mosyle solutions to automate the management and security of millions of Apple devices daily.Request a FREE accounttodayand discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

See the original post:
Apple @ Work: FileVault 2 is so good, theres no reason for IT departments not to use it - 9to5Mac