TUCU Managed IT Services Logo
Schedule A Call

Case Study: Apple IT Security & NIST Compliance

Industry: Communications

Size: 25 – 50 staff

Problem Summary: Our client faced a new type of vendor security screening in order to retain Client X, their largest client and a global leader.

In the past, Client X only required self assessed IT security questionnaires from everyone they do business with.

Due to rising cyber threats across the globe, Client X now requires all channel partners to pass a formal IT security audit.

NIST Consultants - Toronto Case Study

Primary Issues

  • Freelancers using personal devices
  • Apple computers with no centralized security tools
  • No device management tools
  • No central cloud security tools
  • No data security tools
  • A need to prioritize Microsoft apps and file security to meet client requirements

The Solutions

  • Azure Active Directory
  • Apple Business Manager
  • NIST practices
  • Data Classification
  • Data Loss Prevention
  • IT Management

The Details

NIST Compliance

To help our client create a secure environment and to meet NIST best practices, we used Azure Active Directory as the framework for connecting users, computers and cloud applications. We paired it with Apple Business Manager to control device provisioning, and extensive data loss prevention policies with Microsoft tools.

The result is a secure network and stringent company wide policies that can meet and exceed any compliance audit they may face from existing and new data security conscious clients.

Apple Business Manager

Apple Business Manager connected to Entra ID and Microsoft InTune is used to bind Mac devices, applications, and managed Apple ID’s, allowing us to grant or deny access to company data hosted in the cloud. In addition, advanced compliance controls are necessary for this audit and this combination of tools allows our client to pass annual IT audits.

Entra ID & InTune

EntraID is Microsoft’s multi-tenant, cloud-based directory and identity management service. It combines core directory services, advanced identity governance, and application access management.

Data Labelling & Encryption

Enforcement of data labelling policies to classify files that may contain sensitive information and apply security controls to those file (i.e. tag a file as “confidential” or “Client X”, which will encrypt it, water mark it, prevent it from being shared, forwarded, printed etc).

Data Retention Policies

Retention labels to maintain specific time frames for automated deletion of Client X’s files.

Data Logs & Azure Sentinel SIEM

Data logging for any activity against any service, on any device, that may access Client X’s data. 

Azure Sentinel is the SIEM – a repository for all log files generated from all devices and connected cloud services. Log files are kept for a specific length of time to investigate potential data breaches.

Microsoft Cloud App Security (CASB)

Microsoft Cloud App Security (CASB) is used for anomalous activity detection for connected computers and cloud services. These log files are also stored in Azure Sentinel. CASB generates security alerts and notifications with severity levels, which are actioned by TUCU.

What Clients Say

Rated 5 out of 5

a very high level of security

"TUCU has helped us implement software and security authentication processes to exceed our stringent requirements. Our IT and Cloud are safeguarded using state-of-the-art cybersecurity to a very high level of security which puts our minds at ease as business owners."
e yellow
Erin
Telecom Industry
Rated 5 out of 5

set us up to win more clients

"TUCU came recommended to us. We liked their direct approach to technology planning and problem solving. Adam Thorn, TUCU’s President, walked us through the vendor information security requirements list, identified what we would need, and gave us options without a hard sales pitch. TUCU created a network design to meet vendor requirements and set us up to win more new clients and projects. As our ongoing Managed IT provider..."
Chris - Managed Security Services Client
Chris
Managing Partner
Person using tablet in modern workspace.

Trusted Since 2003

We are a group of diversified IT security professionals providing solutions for small business & NPO teams.

Ready for a great IT partner?

Your business is unique. While best practices are consistent across many industries, you have your own needs, challenges, workflows, budget and wish list. TUCU is here to help.
  • Review your needs.
  • Explore options.
  • Get clear pricing.
  • Create your IT plan.

Let's talk.

Schedule a consultation to discuss your IT needs. We'll create a plan that fits your business.
Schedule A Call

Book A Discovery Call

Tell us about your IT challenges. Let’s discuss how TUCU might help.