This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


Are You Worse at Security Than the TSA? [Sponsored]

You know the drill: when you go through airport security there are two lines. In one, a TSA agent makes sure you’re the person in your passport photo. In the other, a machine scans your carry-on for explosives, weapons, or a normal-sized bottle of shampoo.

Enterprise security is much the same, but instead of passengers and luggage, we’re talking about end users and their devices. In the first line, user authentication verifies a user’s identity, and it’s gotten pretty sophisticated in the past few years, with SSO and MFA becoming more common.

But user devices don’t get nearly the same level of attention. The average device trust solution only looks at a handful of endpoint security factors, like OS updates and firewall. If this really were the TSA, that wouldn’t even be an x-ray machine, more like holding a bag to your ear and listening for a ticking sound.

And that’s assuming an organization looks at end user devices at all. Kolide’s Shadow IT report found that 47% of companies let unmanaged devices access their resources, and authenticate via credentials alone.

Unmanaged devices (those outside a company’s MDM) can be infected with malware, full of PII, or worse–they can belong to a bad actor using phished employee credentials.

And hey, there are valid reasons for a device not to be enrolled in MDM. Contractor devices, Linux machines, and employee phones all need to be able to access company resources. But there’s plenty of room for middle ground between “fully locked down and managed” and an open-door device policy.

Specifically, companies need device trust solutions that block devices from authenticating if they don’t meet minimum security requirements.

Even with phishing-resistant MFA, it’s frighteningly easy for bad actors to impersonate end users–in the case of the MGM hack, all it took was a call to the help desk. What could have prevented that attack (and so many others) was an unspoofable form of authentication for the device itself.

That’s what you get with Kolide’s device trust solution: a chance to verify that a device is both known and secure before it authenticates. Kolide’s agent looks at hundreds of device properties (remember, our competitors only look at a handful). What’s more, our user-first, privacy-respecting approach means you can put it on machines outside MDM: contractor devices, mobile phones, and even Linux machines.

Without a device trust solution, all the security in the world is just security theater. But Kolide can help close the gaps. (And we won’t even make you take off your shoes.)

To learn more, please watch our on-demand demo.

Our thanks to Kolide for sponsoring MacStories this week.

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.