Ever wonder about what happens to that employee’s Macbook® laptop after you let them go? What confidential and proprietary data are they walking out the door with?
If that doesn’t scare you as an IT admin, it should! Bring Your Own Device (BYOD) has been a true innovation in the IT landscape, lowering expenses and increasing efficiency. But it is not without its drawbacks. BYOD means employees are doing work on a plethora of different types of devices and operating systems. The problem comes in managing all these devices securely, especially when it comes to Mac users.
BYOD Security: Macs®
Think of Mac® user security as controlling what access rights users have and what data they can access. As organizations start to scale, controlling user access to IT resources becomes a critical IT function.
It’s not only good security hygiene, it’s also practical efficiency for the IT team. Users need to be connected to devices, applications, and networks. Creating these connections one-off works for a short period of time, but as the number of users grows and the IT resources expand, the connection map gets out of control. At that point, IT admins search for a system to control user access.
Directory services have been the answer, but historically there have been very few options for Macs.
Conventional Directory Services
The goal of directory services is to control user access to devices, applications, and networks. Embedded in directory services is the concept of security. A well-structured and controlled directory structure can be a huge security advantage.
Traditionally, those directory services were provided by Microsoft® Active Directory® and the open source platform, OpenLDAP™. Both of these platforms, however, struggle with Macs.
As IT admins know, Macs are a unique breed. They are not quite Linux®, but have many of the end user features of a commercial operating system such as Windows®. Because they sort of fit in between Linux and Windows in a way, they don’t fit with AD or OpenLDAP really well. Which means that IT admins struggle with controlling the systems and locking them down.
Cloud-Based Directory Solutions for Macs
A new breed of directory services is emerging. This cloud-based user management solution is called Directory-as-a-Service®. The benefit of DaaS is that it treats Windows, Macs, and Linux devices all as first class citizens. All three platforms have full user management controls and device management capabilities.
An agent that is native to each platform is installed on the device. This enables the central web-based console to add, delete, and change user accounts and permissions. Tasks and policies can be executed on each platform via the commands execution functionality of Directory-as-a-Service.
IT admins finally have the ability to manage Mac users remotely and tightly. As a result, Macs can have the user security that they need and that IT admins are expecting. All of these capabilities are possible without the overhead of running on-premises directory services including the hardware, software, and maintenance that it requires.
Get Your Macs Locked-Down
To learn more about BYOD security for Mac users and how you can control Macs, drop us a note. We’d be happy to answer your questions and talk about the best ways to control your Mac user and device population.