Case Study: Apple IT Security & NIST Compliance
The client is a communications design firm who works with global giants. They are required to pass 3rd party IT audits in order to work with these clients.
Size: 25 - 50 staff
Azure Active Directory
Apple Business Manager
Data Classification & Loss Prevention
Our client faced a new type of vendor security screening in order to retain Client X, their largest client and a global leader.
In the past, Client X only required self assessed IT security questionnaires from everyone they do business with.
Due to rising cyber threats across the globe, Client X now requires all channel partners to pass a formal IT security audit.
Our client has an all Apple Mac environment.
Macs are lacking in centralized administrative control capabilities required to implement IT security best practices.
Most IT security solutions are built for PC’s, since they dominate the business landscape. They lack advanced functionality for Macs.
This means Mac networks are left with security gaps and challenges when protecting devices, authenticating users, blocking suspicious activity, securing data, preventing loss, and meeting compliance requirements in a cloud-first world.
To help our client create a secure environment and to meet NIST best practices, we used Azure Active Directory as the framework for connecting users, computers and cloud applications.
We paired it with Apple Business Manager to control device provisioning, and extensive data loss prevention policies with Microsoft Enterprise mobility and Security E5.
The result is a secure network and stringent company wide policies that can meet and exceed any compliance audit they may face from existing and new data security conscious clients.
Azure Active Directory (AAD) is Microsoft’s multi-tenant, cloud-based directory and identity management service.
Azure AD combines core directory services, advanced identity governance, and application access management.
Apple Business Manager connected to Azure AD and Microsoft InTune is used to bind Mac devices, applications, and managed Apple ID’s, allowing us to grant or deny access to company data hosted in the cloud. In addition, advanced compliance controls are necessary for this audit. These include:
Mandatory encryption on computers and mobile devices.
- Data Labelling Policies
Enforcement of data labelling policies to classify files that may contain sensitive information and apply security controls to those file (i.e. tag a file as "confidential" or "Client X", which will encrypt it, water mark it, prevent it from being shared, forwarded, printed etc).
- Data Retention Policies
Retention labels to maintain specific time frames for automated deletion of Client X’s files.
- Data Logging Policies
Data logging for any activity against any service, on any device, that may access Client X’s data.
- SIEM - Security Incident & Event Moniotring
Azure Sentinel is the SIEM - a repository for all log files generated from all devices and connected cloud services. Log files are kept for a specific length of time to investigate potential data breaches.
- Cloud App Security
Microsoft Cloud App Security (CASB) is used for anomalous activity detection for connected computers and cloud services. These log files are also stored in Azure Sentinel. CASB generates security alerts and notifications with severity levels, which are actioned by TUCU.
- NIST compliant
- Data Security
The Data Security and Digital Loss Prevention strategies in place give their clients confidence.
- IT & Cloud Security
With Endpoint and Identity Management, users are verified, and access is restricted. With CASBE, all cloud apps are monitored as well.
- Reduced Risk
Their resilience to ransomware and cyber threats has increased significantly with IT security best practices.
- vCIO for IT Screenings & Audits
With TUCU's vCIO services and IT documentation, all IT Screenings and audits are a breeze. The client can focus on expansion.
- Fully Managed IT Systems
With TUCU's Managed IT Services, everything is taken care of.
Now it's your turn.
Let's plan your IT security transformation.
Reach out. I will schedule a Discovery Call to learn about your IT needs and how we might help you.