There’s no doubt about the importance of security in business environments. Often, this comes at the expense of privacy and user-friendliness. That’s why many people still have two phones. Jamf wants to put an end to this, in a way you would expect from a player specialized in managing Apple products. To hear more about this, we spoke to Jamf CEO Dean Hager some time ago at their Jamf Nation User Conference (JNUC21).
Jamf has had an excellent 2021. It continues to grow rapidly, both in our region and the other regions in which it operates. Jamf’s primary regions are the US and Canada, EMEIA and APAC. All of these regions grew by at least 25 percent last year. International growth (outside the US) was even higher: 50 percent.
Jamf CEO Dean Hager points out that the organization has a special connection to Europe and the Netherlands. Jamf chose Amsterdam to establish a European headquarters in 2013. When Hager joined Jamf in 2015, the organization only had about 25 employees in Europe, almost all of them in Amsterdam. Today, EMEIA has well over 500 employees. Additionally, the basis of Jamf School can be traced back to the Netherlands. ZuluDesk, a Dutch company, forms the foundation for this solution. As the name suggests, Jamf School focuses on education and the management of Apple devices in that environment.
Apple and Jamf strengthen eachother
Naturally, Jamf’s success and growth is partly dependent on Apple’s growth. If Apple’s doing well, then in principle, Jamf is doing well too. Yet, by saying that, we’re selling Jamf short, we gather from Hager’s words. “We are filling the space between that which Apple provides and that which enterprises need”, he summarizes. In other words, if an organization wants to be successful with Apple, a vendor like Jamf is indispensable. Large customers would simply never have been able to onboard and manage so many Apple devices without Jamf’s support.
Although Apple may not be doing much to bridge the gap between Apple devices and enterprise environments, it’s not staying out of it entirely. It’s important for Apple to fill the gap in a way that suits its organization. Thus, Apple takes the reins by building the frameworks on which companies like Jamf build their solutions.
Hager sees no ambitions on Apple’s part to build these solutions itself. He suspects that Apple didn’t buy a company like Fleetsmith to start building its own Apple Enterprise Management (AEM) solution. Instead, the acquisition was likely purposed to add lots of (Bay Area) developers to its workforce. These can immediately get to work on further developing the framework. Whatever the exact reasons for Fleetsmith’s acquisiton may be, Jamf encountered Fleetsmith very little in the first place — and even less so after the acquisition, Hager indicates. It didn’t harm Jamf either way.
Not just Apple, but Microsoft and Google too
When you say Jamf, you say Apple. It’s only natural: the company offers an AEM solution. However, during JNUC21, we noticed that Apple’s name wasn’t mentioned very often. In fact, we mostly heard Microsoft being mentioned. That was quite the surprise.
According to Hager, it’s no coincidence that Microsoft comes up regularly at Jamf. “Our two most important partners are Apple and Microsoft”, he indicates. On the one hand, this can be interpreted as a striking statement. On the other hand, it’s logical. If your organization offers freedom of choice in the field of (mobile) devices, you will automatically end up in Microsoft environments. If you also want to offer proper security and connectivity in such environments, integration between the two environments is needed. Think of integrations with Azure AD via Jamf Connect, but also conditional access for Mac devices in a Microsoft environment. For the latter, there’s an integration between Jamf Pro and Microsoft EMS (Enterprise Mobility + Security) via Intune.
However, Microsoft isn’t the only noteworthy organization when it comes to integrations with important players other than Apple. Google also received quite a bit of attention during JNUC21. Hager is especially excited about the announced integration between Jamf Pro and Google Cloud BeyondCorp Enterprise. With the integration, Jamf can offer conditional access to Google environments in addition to Microsoft environments. Along with Jamf Private Access (more on that below), the announcement completes Jamf’s current offering. Taking Jamf’s strong focus on education into account, collaborating with Google is always a good idea. After all, education is also an important market for Chromebooks. Thus, many customers likely have both Jamf and Google in their CRM.
Zero Trust according to Jamf
We briefly touched on it above: by collaborating with Microsoft and Google on conditional access, Jamf managed to stock its portfolio quite well. By allowing Jamf Pro to work with both Microsoft and Google environments, you undeniably have great coverage. In addition, Jamf has something up its sleeves for which it does not require integrations: Jamf Private Access. This new Zero-Trust Networking Access (ZTNA) solution is based on technology from Wandera, which was acquired by Jamf in 2021.
Through Private Access, Jamf primarily wants to compete with VPN technology, which is widely used to this day. Whereas a VPN is generally configured to pass all data from a device to pass through the VPN, Private Access works differently. Private Access ensures that only business data goes through the Jamf platform, while personal data goes directly to the Internet or through Apple’s new iCloud+Privacy Relay.
At the bottom line, Jamf Private Access should provide more privacy for users without sacrificing ease of use and security. Furthermore, VPNs are constantly on and consume lots of energy on mobile device. Private Access does not. Instead, it uses something that Hager calls Intelligent Split Tunneling. As an end user, you won’t be needing to look for power outlets as much. As an IT admin, you won’t be busy setting up VPN servers, configuring AP addresses or managing certificates.
In short, Jamf Private Access is a Zero Trust solution. Connecting securely to a company’s resources should not be a problem for end users — nor should it be their responsibility. Private Access is part of SASE (Secure Access Service Edge), a term we have come across frequently in recent years. In principle, organizations can also use the ZTNA solution of a SASE provider. However, by doing so, you miss out on the added value that Jamf can offer, Hager points out. This is because business users are defined within Jamf Pro. That immediately gives much more context on devices using the ZTNA solution. As a result, any problems can be picked up and dealt with more quickly.
Get rid of that second phone
The announcement of Jamf Private Access is a good indication of Jamf’s view on things. Whereas the security of many suppliers is more or less synonymous with giving up privacy, Jamf wants to do things differently. They want to provide both high-quality security and high-quality privacy. The company’s convinced that this is the only way to achieve the best user experience. Hager repeatedly described this as the Apple way during our conversation.
Normally, we don’t like it when IT vendors invoke an Apple experience, as it typically doesn’t make any sense. In the case of Jamf, which deals exclusively with Apple devices, it absolutely does make sense. After all, Jamf users are always Apple users. They have the experience that comes with those devices. When choosing Apple, you’re choosing the user experience that goes with it. You would expect the same from your AEM.
Ultimately, the optimal balance between security, privacy and user experience must ensure one of Jamf’s goals: reducing the necessity of a second phone. “We want to end the use of two phones”, Hager states. Whether that goal will ever be fully achieved is, of course, the question. Through solutions such as Private Access and its integrations with Microsoft and Google, Jamf is certainly coming closer.