Case Study: Apple IT Security & NIST Compliance

The Client

The client is a communications design firm who works with global giants. They are required to pass 3rd party IT audits in order to work with these clients.

Industry: Communications

Size: 25 - 50 staff

Solutions:
Azure Active Directory
Apple Business Manager
NIST practices
Data Classification & Loss Prevention
IT Management

Apple Business Manager for NIST solutions- Case Study -Cover Page

The Prompt

Our client faced a new type of vendor security screening in order to retain Client X, their largest client and a global leader.

In the past, Client X only required self assessed IT security questionnaires from everyone they do business with.

Due to rising cyber threats across the globe, Client X now requires all channel partners to pass a formal IT security audit.

Primary Issues

The primary issues our client had that would result in a failed IT audit included:

  • Freelancers using personal devices
  • Apple computers with no centralized security tools
  • No device management tools
  • No central cloud security tools
  • No data security tools

Challenges

Our client has an all Apple Mac environment.

Macs are lacking in centralized administrative control capabilities required to implement IT security best practices.

Most IT security solutions are built for PC’s, since they dominate the business landscape. They lack advanced functionality for Macs.

This means Mac networks are left with security gaps and challenges when protecting devices, authenticating users, blocking suspicious activity, securing data, preventing loss, and meeting compliance requirements in a cloud-first world.

Solutions

To help our client create a secure environment and to meet NIST best practices, we used Azure Active Directory as the framework for connecting users, computers and cloud applications.

We paired it with Apple Business Manager to control device provisioning, and extensive data loss prevention policies with Microsoft Enterprise mobility and Security E5.

The result is a secure network and stringent company wide policies that can meet and exceed any compliance audit they may face from existing and new data security conscious clients.

IT Transformation

Azure Active Directory (AAD) is Microsoft’s multi-tenant, cloud-based directory and identity management service.

Azure AD combines core directory services, advanced identity governance, and application access management.

Apple Business Manager connected to Azure AD and Microsoft InTune is used to bind Mac devices, applications, and managed Apple ID’s, allowing us to grant or deny access to company data hosted in the cloud. In addition, advanced compliance controls are necessary for this audit. These include:

  • Encryption

    Mandatory encryption on computers and mobile devices.

  • Data Labelling Policies

    Enforcement of data labelling policies to classify files that may contain sensitive information and apply security controls to those file (i.e. tag a file as "confidential" or "Client X", which will encrypt it, water mark it, prevent it from being shared, forwarded, printed etc).

  • Data Retention Policies

    Retention labels to maintain specific time frames for automated deletion of Client X’s files.

  • Data Logging Policies

    Data logging for any activity against any service, on any device, that may access Client X’s data.

  • SIEM - Security Incident & Event Moniotring

    Azure Sentinel is the SIEM - a repository for all log files generated from all devices and connected cloud services. Log files are kept for a specific length of time to investigate potential data breaches.

  • Cloud App Security

    Microsoft Cloud App Security (CASB) is used for anomalous activity detection for connected computers and cloud services. These log files are also stored in Azure Sentinel. CASB generates security alerts and notifications with severity levels, which are actioned by TUCU.

Outcomes

  • NIST compliant
  • Data Security

    The Data Security and Digital Loss Prevention strategies in place give their clients confidence. 

  • IT & Cloud Security

    With Endpoint and Identity Management, users are verified, and access is restricted.  With CASBE, all cloud apps are monitored as well.

  • Reduced Risk

    Their resilience to ransomware and cyber threats has increased significantly with IT security best practices.

  • vCIO for IT Screenings & Audits

    With TUCU's vCIO services and IT documentation, all IT Screenings and audits are a breeze. The client can focus on expansion.

  • Fully Managed IT Systems

    With TUCU's Managed IT Services, everything is taken care of.

Client Testimonials

Toronto MSP review by Craig 2b
Toronto IT compliance services review by K2b
Toronto IT management services review by Jack K 2b

Now it's your turn.

Let's plan your IT security transformation.

Reach out. I will schedule a Discovery Call to learn about your IT needs and how we might help you.

Zoe T. Vice President of TUCU
Zoe Tsoraklidis, Vice President