In a recent webinar, I chatted with Matt Woodruff, Worldwide Industry Lead for Security and Compliance at Jamf. Today, I'm going to share some extracts from our conversation.
What we discussed:
Key challenges IT teams face around security and access policies
How Tines workflows can improve efficiency and reduce manual workload
Best practices for securing Apple ecosystem devices with Tines and Jamf
Integrating Tines’ orchestration and automation platform with Jamf�’s comprehensive device management ensures proactive security and compliance, optimizing endpoint protection and operational efficiency across the organization.
Read on to learn more about how IT teams use Jamf and Tines, including insights and predictions on improving operational resilience, particularly for remote-first organizations
Endpoint security in the post-pandemic era
Sif Baksh: Is remote work still the number one issue everyone’s trying to solve?
Matt Woodruff: When the pandemic started, a drastic accelerator happened — everyone was forced into understanding how to support the remote workforce. There came a point where bring-your-own-device (BYOD) also came in, which included a lot of Apple devices.
Once you’ve gotten a handle on remote working, how do you secure it? That's where Zero Trust Network Access (ZTNA) practices started happening. Organizations started coming to Jamf and Tines to try to understand the orchestration, management, and security needed to implement ZTNA.
To ensure ZTNA policies are successful, you must validate that the user is an employee, active, and that the risk posture is low. Then you set up a device risk posture validating there's no malware or phishing attempts on the device. Also, what are the corporate resources that the user on this device should be granted access to? From there, you can set up a ZTNA policy. But all of it needs to work together for the success of the organization and to keep the risk low.
Sif: Regarding the pandemic, let’s talk more about budgeting. How has IT budgeting changed from that perspective?
Matt: Budgets have increased, but in a different paradigm than most people thought would happen four years after the pandemic.
BYOD became a pretty drastic implementation policy, as the budgets were not able to keep up with a full remote workforce. It became very hard to ship out corporately owned, operated, and purchased devices to the global employee base.
So BYOD came into perspective as a possibility. But how do you handle that while still maintaining the high level of management and security necessary? That's when budgets started changing pretty dramatically in favor of infosec.
There’s also the matter of budgeting for AI tools. Do we have enough budget to try various LLMs or ChatGTP variants? Or is there new AI tech that we need to explore and monitor? So that's where you'll see some infosec and IT budgets start to open up in 2025.
Matt Woodruff, Worldwide Industry Lead for Security and Compliance, Jamf
Adopting AI securely
Sif: Everybody is talking about AI. From a business security standpoint, what can Jamf offer to secure the infrastructure for someone like me, who loves playing with AI?
Matt: Unfortunately, there's been some security ramifications in 2024 with a very large security vendor that tend to own everyone's security, from EDR to cloud to IOT. Putting all your eggs in that one basket is hard when something happens to that single organization.
In 2025, it’s important to find out which tools are best to implement in various scenarios. Most of all, how can they all work together? Are there proper Integrations between them?
"Can we automate all the tools so they’re not a burden to IT staff, especially while supporting a remote or hybrid workforce? That's one of the things that’s top of mind for a lot of my customers."
Matt Woodruff, Worldwide Industry Lead for Security and Compliance, Jamf
Sif Baksh: How can Jamf and Tines give our customers better tooling to stay ahead of this AI curve together?
Matt: One of the key things that has helped our partnership along has been our enriched API, which grants organizations multiple ways to integrate with our solutions.
We're very happy about just how well this API has worked out for Tines, and our joint customers, to set up different integration points.
Jamf helps ensure you’re meeting compliance standards and daily security audit requirements. Then you can layer on Tines to help automate and support those endeavors further.
Exploring Tines and Jamf integrations and customizations
Matt: A question from one of our webinar attendees - what level of customization is available for workflows to address unique compliance or access management policies?
Sif: The beauty of Tines’ workflows is that you can customize them to suit your unique business processes.
Tines can actually pull in information around every Jamf policy that's out there, look at it, and make it make sense to you. We have some AI capabilities to read the policy, assess what it's doing, and give you security and access options from there.
Sif Baksh, Senior Solutions Engineer, Tines
Sif: Where do workflows fit into device security and access? What are some iterative updates of Apple Intelligence that someone should be looking at from an automation standpoint?
Matt: With each OS update, Apple Intelligence is coming out with a new feature — Math Notes, assistive dictation, etc. If you want to be at the forefront of that technology, you can use Jamf Pro to force out the update to the latest version. But if your organization wants to reserve some time to understand the configuration profiles and network barriers you need to deploy, you can use Jamf Pro to determine when that software update goes live.
Sif: From an orchestration standpoint, what recommendations would you have to customers that want to automate these type of updates?
Matt: It really depends on where the organization is in their beta testing phase with Apple. Cisco is a Jamf customer, and they have tens of thousands of Macs deployed. They have a proper beta release testing cycle, and they usually roll out any OS updates as quickly as possible.
In other regulated industries — like financial, healthcare, retail, and government — you might find a little bit of a slower release. They may be required to do not only beta release testing from Apple, but also a validation of testing after the update is released to the general public.
There’s also user preference — does the user want to update at that point? And how can we set up an orchestration pattern? When the user is prompted, what is the response? Do other tools get notified that a particular device wants to update, but according to the Jamf Pro inventory, Tines is showing us that it’s not able to support this particular OS? There's a lot of orchestration components that will come into play based on whatever workflow you choose.
Sif: Another question from the audience - given that Jamf has a number of automations built in, what areas does Jamf see Tines benefiting customers with their orchestration stack?
Matt: One of the things that Jamf has done over time is respond to our customer requests and needs to have some built-in automations. And we have integrations galore in the Jamf Marketplace.
What we have not done a good job of — and the reason for our partnership with Tines — is orchestrating it all. You might want multiple different products to be working in concert with each other.
Where Tines comes in and really shines for our customers is making sure that every tool every department has purchased is working together.
Matt Woodruff, Worldwide Industry Lead for Security and Compliance, Jamf
Jamf’s automations might be great, but there’s no centralized tool to orchestrate multiple integrations together with other products. That's what we're excited about at Jamf, and it’s the reason for our relationship with Tines.
Resolving ecosystem challenges with Jamf and Tines
Sif: Another audience question - what are the most common challenges IT teams face when managing the Apple ecosystem, and how does the integration address them?
Matt: Globally, organizations have done an exceptional job of acquiring talent that knows Windows and Android ecosystems really well. This sudden influx of Apple devices has caused concern — they don't know what it is, they don’t understand why it’s different.
So a common challenge is understanding that a Windows admin will not be sufficient in managing an Apple ecosystem. Getting them trained on Apple first, or finding a new set of people who know the Apple ecosystem really well, makes it more successful within your production environment.
This integration would also help when you’re trying to bridge that gap. Let's say you’re used to a specific workflow that works extremely well on the Windows side of things. You just kind of know what should happen, but you don't know exactly how to do it in Jamf.
With Tines, you'd be able to pull together these different workflows, understand which API endpoint you need to be communicating to, and then build out a workflow that can run in parallel to what your common knowledge is.
Sif: Tines uses that same integration with Jamf within our own company. When I was onboarded about six months ago, we used that workflow to get me into Jamf. Everything was automated, including my email and all my access. It just worked.
When I got on board, I was like, “Wow, that was the best onboarding I ever had, and with Jamf.” And this is why we're having the conversation — because I was just so blown away how easy it was to integrate with Jamf.”
Learn more about Tines and Jamf, and explore our library of pre-built workflows and templates.