AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Jamf pro ldap11/6/2022 ![]() ![]() Overall, Fleetsmith is just much more "turnkey" when it comes to checking the boxes for SOC 2 than competing MDM solutions. We automatically surface the status of these things in the product, instead of requiring people to input boolean logic and generate custom reports. Last but not least, there's the matter of generating evidence for auditors to prove you're doing the things you claim to do. On the server side, I believe we're the only vendor to automatically encrypt sensitive fields (such as FileVault keys) before the hit the database, with per-customer AES keys (key generation and key management handled by Hashicorp Vault's transit backend). Those stages are covered in great detail in the previously linked BlackHat whitepaper. On the security side, I believe we're the only vendor that does CA pinning across the entire management lifecycle. On the reliability side-not every solution out there is equally reliable when it comes to ensuring that the recovery keys actually make it into the MDM. Doing that while also reliability and securely escrowing its recovery key is a much different story. This becomes extremely time intensive if you have hundreds or thousands of devices.Īs for FDE-enforcing it is easy. Tab back over to the MDM solution, select the employee from the dropdown menu. Command-F and pray your IT helpdesk recorded which employee the device belongs toĤ. (3) LDAP attribute mapping in the MDM solution, and then (4) manually assigning each device to a user one a time - a process that usually involves repeating the following procedure for each device:ģ. Doing that in competing solutions to Fleetsmith requires at least: (1) having an LDAP server (2) configuring server details, including TLS etc. Showing a list of devices is very different than accurate user device attribution. ![]()
0 Comments
Read More
Leave a Reply. |