Three Tips for Secure Mac Deployments

Mac® computers have always enjoyed a vague reputation of being more secure against typical threats than Windows clients. This may be true for run-of-the-mill viruses and malware, but Mac users still encounter substantial risks caused by Trojans, phishing, and physical access to corporate devices. Read on for a couple of fundamental security measures that admins should apply to corporate Mac clients:

Safe encryption for everything: FileVault 2

FileVault® is the Apple on-board encryption tool that every admin should know about. FileVault 2 is the latest implementation of this encryption mechanism. It secures the system volume (known as Start Volume in Apple jargon) using AES-XTS encryption with 128-bit blocks and a key of 256 bits. Once FileVault 2 is enabled, the user is forced to log on using their user password after every device startup. Only then will the device’s hard disk be decrypted and the user logged on.

Admins are advised to enable FileVault immediately when rolling out new systems. Parallels® Mac Management for Microsoft SCCM allows admins to do just this—and it cannot be done with SCCM alone. This ensures that no device will be let loose in the organization in an unencrypted state. This way, loss and theft of MacBook® laptops ceases to be a hazard for sensitive company data.

Configure a VPN

IT should determine permanent VPN settings—and not only for mobile employees and trusted contractors who work from home. Admins can configure the profiles of Mac devices within the organization to connect via the corporate VPN automatically (“always on”). Moreover, admins can configure this VPN connection in a way that all traffic will flow via this encrypted path (“send all traffic”). This will allow mobile employees to be connected securely in public WiFi networks or when using their private access points.

Automatic update distribution

Admins are advised to implement orderly patch management for corporate Mac computers, as well as keep all clients up to date and as free as possible from known vulnerabilities at all times. To enable this, SCCM offers maintenance windows. Admins can activate these under Device Collections > Properties > Maintenance Windows. Choose the appropriate device group and a suitable time interval and activate for “software updates.”

Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!