Improve security through Mobile Device Management with Max Palzewicz

  • Home
  • Podcast
  • Improve security through Mobile Device Management with Max Palzewicz
Improve security through Mobile Device Management with Max Palzewicz

Improve security through Mobile Device Management with Max Palzewicz

Jeremy Cherny Podcast

Host Jeremy Cherny interviews Max Palzewicz, Director of Operations at Rocketman Tech

“I started out my career in public accounting, primarily working and advising small business owners. I got my CPA and I was able to join my dad and uncle’s business coaching firm, Action Coach of Southeastern Wisconsin, where I worked for a few years. I carved out a niche for myself focusing on the financials for business owners, teaching business owners, how to be financially literate, how to read and analyze their financial statements, also how to process good numbers so they could make sound decisions with them. After that chapter, I realized I wanted to actually do it myself and I wanted to go out and prove that I could build a business on my own. A friend tossed out the idea to me in late 2018, that I should learn how to implement a software called Jamf Pro. What they do is they have a mobile device management software that specializes in Apple devices, so macOS, and iOS. So that’s what we started doing and I got certified to implement the software. But something happened in early 2019, where Jamf Pro stopped requiring the onboarding engagement for clients to use the software. So our whole business model of doing these one-off software implementations had been turned on its head. What we did instead was we turned his  Rolodex of 200 or so companies and we turned it into a CRM, and we started email marketing. From that, I realized that not only was his skill set highly sought after, but these system administrators that are macOS specific also make upwards of six figures or more in a lot of businesses that they work in. So it’s a sought after skill and position, but it’s also highly transferable where people are frequently job-hopping in this space and they tend to leave in that wake of procedures that were poorly documented because it was in their job security, it was in their best interest to do everything themselves in the macOS management space and not really document well. We realized there was a great need for a service IT company to specialize in this. A lot of IT companies try to be all things to all people so they’ll do an entire vertical of services for their clients. We decided to just focus on this one thing, and that was managing Apple devices for enterprise companies.”

I don’t know if all our listeners know exactly what mobile device management is nor where it fits in with security. Can you say a bit more about that?

MDM (Mobile Device Management) is kind of one of those pillars that you look for when you do a SOC 2 to a compliance test or any of those security benchmarks or standards, whether you’re getting a SOC 2 to audit, or an ISO 27001 audit, or if you’re just trying to follow the CIS benchmarks. Generally, you need mobile device management software to meet that compliance framework. So where MDM comes in, and Jamf Pro specifically is it’s a software that’s designed to interact with the management framework on iOS and macOS devices. So it allows IT to remotely interact and provision these devices so you can push down things like configuration profiles, where you might interact with System Preferences. You can also push out policies where you’re deploying software or deploying different objects to the computers. But the whole idea is to allow IT to remotely interact at scale, with hundreds of thousands of devices so they don’t have to do the old sneakernet of going around and troubleshooting each device individually.

What about mobile device management has improved security for people? Security is always evolving, how does Rockinman Tech stay on top of those security threats? 

What we’ve noticed is the modern standard for enterprise, especially in this remote work environment, is to move towards something called zero-touch deployment with a cloud identity provider through your MDM. So what most of these enterprise companies are doing and I mean, the market share tends to lean heavily towards Microsoft Azure AD for Cloud Identity. There are probably five or six other major players in there, Google has one, Ping has one, OKTA is a great one for startups and smaller companies. But Azure AD seems to be the gold standard for the fortune 500. Conversely, for Apple device management, Jamf Pro seems to be the best in class for managing macOS. So all these companies are striving towards this goal that’s just barely out of reach, called zero-touch deployment. The reason it’s out of reach is that they have security teams that were initially developed to manage a primarily Windows environment. But what we’ve seen over the last couple of decades, with executives, marketing teams, design teams, and then different developers, you start to have an influx of macOS, computers in the enterprise space, and you still need to have those computers be in compliance and be secure when they’re connecting to the local area network or VPN, or just using sensitive information. But what we’ve seen is as we onboard those first few hundred computers that are macs and not Windows PCs, it creates kind of a wild west environment. So the security team that was used to managing the Windows environment is trying to extrapolate or apply those windows requirements for the Apple devices or macOS computers. We find that in some cases that isn’t quite appropriate, and it can cause some snags and that goal of getting to zero-touch.

What’s an example of something that gets in the way of that, which would be a Windows thing that doesn’t apply to the world of mac?

I think that’s a good segue into what are the differences between macOS and Windows when you talk about security because a lot of antivirus and malware and firewall stuff has been created for the Windows environment. Whereas macOS has a number of built-in security features that are unique to them which are built-in, meaning they don’t need third party software to operate effectively. So for firewalls, Windows will use McAfee, you’ll use the web proxy and the agent. But macOS has a built-in network firewall. On the windows side, you might use something called a KasperSky to scan applications you download from the internet. macOS has something called gatekeeper that checks for a developer certificate and then checks now for a notarisation from Apple too. You might have malware removal and protection. So something like Symantec for Windows, Apple has XProtect that’s already built into the framework and that will detect and download files and scan for malware as it comes in. BitDefender is a market leader on the Windows side too for interacting with the management framework of Windows. Apple has system integrity protection so that third-party software can’t really modify or overwrite any system files. That’s where we saw kernel extensions with High Sierra 10.13 and system extensions now with Catalina.

What are you seeing as the future of information security?

That’s a great question that can go in a number of directions. At least for the Apple side, I see that Apple devices will continue to gain market share, and prevalence in enterprise environments because generally, our workforce is growing for the millennial cohort and that cohort tends to lean more heavily to wanting to use a mac versus a PC. That’s basically what we’ve done for a lot of these enterprise companies is we’ve created that proof of concept for the first 50 to 200, or 300 macs to say, “Hey, these can work in your environment, and they can work securely, and they’re going to improve productivity in the long run, because you’re going to have fewer helpdesk tickets, and your users are going to be more satisfied.” So number one, I see that trend is going to Apple is going to continue to gain market share in the enterprise space, because they’ve probably tapped out the consumer in terms of what they can sell to them. I’m sure they’ve got a few more tricks up their sleeve, but I think this is really the next frontier for them. That’s also what we see in the MDM landscape because Jamf Pro seized that monopolistic market share at first. But now we see these other companies like Addigy and Kandji, starting to get funding and create MDMs that are similar, if not better than Jamf Pro and start to chip away at that market share. So those are a couple of trends I see continuing, more globally. This might be a hot take, based on what we’ve seen with the congressional hearings and big tech, but I can see AWS and Azure, potentially being split off from Amazon and Microsoft respectively, being separate companies. The same Telecom and Internet. Those companies have been trying to merge for years because they want to gain those efficiencies. I think it’s very possible that Telecom, Internet, 5g and cloud hosting all that storage becomes more closely resembled a public utility. Because it might just be in the public’s best interest to allow those to operate as monopolies. But they would have to more closely resemble public utility then.

Do you have any other side projects or fun activities besides Rocketman Tech you would like to share? 

I’ve always been kind of enamored with creating something that can work without you. For the most part, I’ve done that with my role at Rockman by handing over the business development and sales to someone else, recruiting and onboarding another engineer to help with the project management, and the execution of projects. So for about the last 10 months, I’ve been kind of acting as a scrum master on a startup that has been making a mobile app for the music industry. It’s an app that functions similar to Google Calendar, but it allows users to be on the same calendar domain so different users can see each other’s availability, and then create events and schedule with each other. I’m a musician on the side too, I play saxophone and keys. So I wanted to create something that would make our lives a lot easier for networking. So I’ve been acting as a scrum master, where I kind of lead the designer and developer and product owner to get the app, stable, free of bugs, develop new features, consider the user design, and the feedback there. Now we’re looking at releasing it on the App Store and Google Play probably in quarter 2 of 2021 right around when the weather starts turning again, and we see music happening outside again in the Midwest.