Product Security Guide
At PDQ we realize how important the security of our products is. That is why every decision we've made with SimpleMDM revolves around ensuring the product is safe to use for managing your devices. From multifactor authentication for admin, security policies for passcodes and other critical device settings, and more — SimpleMDM is built to securely manage your devices pretty damn quick.
Architecture overview
Introduction to SimpleMDM
SimpleMDM is a web-based Apple device management tool. IT professionals use SimpleMDM to remotely manage devices in their organization and perform actions like scanning endpoints for device information, organizing devices into Device Groups, installing and updating software, or running scripts — all remotely through the internet.
SimpleMDM uses the Apple MDM protocol to manage devices. Before devices are enrolled into a SimpleMDM account, a certificate exchange allows SimpleMDM to contact your devices over the Apple Push Notification service (APNs). This enables the administrator to perform device management activities like retrieving inventory information; installing applications; pushing configuration profiles; and taking actions such as forcing a restart, locking, or wiping a device. All inventory information, commands, and configurations are managed via the SimpleMDM admin interface.
Product architecture
SimpleMDM’s production environment is segregated from the development environment and corporate networks and environments. There are no cross connections, and access is limited to SimpleMDM employees with a business justification for access.
All access is controlled via a secure VPN choke point. Access to additional services, once on the production network, is restricted by a combination of certificate-based authentication and TOTP. Access to network and computer resources and services is logged.
SimpleMDM admin interface
Administrators use the SimpleMDM admin interface to configure and manage Apple devices. The admin interface is hosted and provided by SimpleMDM as part of a paid subscription.
When interacting with SimpleMDM through the admin interface in a browser, all communications to and from SimpleMDM are encrypted with industry-standard HTTPS connections using valid certificates.
In the admin interface, administrators can see information about the devices they manage, apply settings and configurations, deploy applications, and take actions against devices. When configurations and applications are deployed to devices, Apple’s secure Push Notification service (APNs) initiates check-in requests from the devices. All communication between SimpleMDM and the devices use HTTPS.
Optional SimpleMDM Agent
SimpleMDM allows device management using Apple’s mobile device management (MDM) protocol. This protocol does not require a third-party agent on customer devices in order to operate.
In addition to the complete range of services offered by SimpleMDM using Apple’s MDM protocol, SimpleMDM also offers a macOS Managed Software Center that leverages an open-source tool called Munki. If a customer decides to opt into using SimpleMDM’s Munki feature, an additional SimpleMDM Agent will be installed on macOS devices using the feature. This agent communicates with SimpleMDM’s servers over HTTPS to authenticate and download software packages.
Data security
Encryption
At rest:
SimpleMDM's servers securely encrypt your information and information about your end users and devices. That includes all device scan information, deployment logs, statistics information, custom packages uploaded using the admin interface, and any other data stored in SimpleMDM's database. All of this data is encrypted at rest.
Google server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt SimpleMDM data.
SimpleMDM engineers are required to ensure that Google resources are correctly configured to use Google server-side encryption securely following Google recommendations.
In transit:
SimpleMDM uses Google Cloud Platform (GCP) resources to store and encrypt sensitive data. To keep data encrypted, SimpleMDM ensures that all new and existing resources use GCP server-side encryption. By default, Google encryption uses Google-owned or Google-managed keys stored in Google Cloud Key Management Service (KMS). Specific services can also be configured to use customer-managed encryption keys using KMS or customer-supplied encryption keys.
Data isolation
All data within the SimpleMDM databases and services is logically separated and isolated using unique company identities. When data is requested from a service or database, it is isolated to only data that the unique company ID is allowed to access. This means customers only see their own data and never data from other SimpleMDM customers.
Data retention
Unless otherwise required by law, SimpleMDM retains sensitive and confidential data only for as long as necessary to fulfill the purposes for which it is collected and processed and/or to meet legal and client contractual obligations. To support compliance with these obligations, SimpleMDM annually reviews its existing retention practices regarding sensitive and confidential data.
Data backups
Our production environment utilizes the Google Cloud Platform and Cloudflare for infrastructure. We aim to implement robust high availability (HA) and disaster recovery (DR) strategies for our production environment.
All data in our production environment is backed up nightly, at a minimum. All application code is stored in an encrypted, secured Git repository.
In the event of a disaster, SimpleMDM has the ability to restore service by utilizing additional GCP regions.
Identity and authentication
Identity and authentication overview
Each SimpleMDM user is required to create an account password that meets complexity requirements. Additionally, the user must verify their email address within a certain timeframe to continue to use the SimpleMDM platform. Users may optionally configure additional security mechanisms to further secure their accounts.
Single sign-on (SSO)
Organizations can optionally use SAML for single sign-on (SSO) to authenticate and access their SimpleMDM accounts. By utilizing this method, users leverage their existing accounts to access SimpleMDM. Existing SSO options that support SAML include Google, Microsoft Live, and Microsoft Azure AD.
For organizations that authenticate with usernames and passwords, passwords must be a minimum of eight characters and contain uppercase letters, lowercase letters, at least one number, and at least one symbol. Passwords do not expire but can be reset as needed. While usernames and passwords are an option, we recommend using SSO when creating a SimpleMDM user.
Multifactor authentication (MFA)
Organizations using SimpleMDM have the option to enforce multifactor authentication for all account users. Multifactor authentication is not required to access SimpleMDM, but it is strongly recommended.
User sessions
Users can remain logged in for one day before being automatically logged out. User accounts are locked after a number of failed log-in attempts and remain locked for a period of time or until unlocked with the help of our support team.
Product access
Organizations control and manage who has access to the SimpleMDM admin interface. Administrators can create users, edit user permissions, or remove users from their organization from the Users section of the SimpleMDM admin interface. SimpleMDM does not manage users or access on behalf of customers.
Password reset
For organizations that use usernames and passwords with SimpleMDM, users can reset their passwords via a password reset link. When the user requests a password reset link, they receive instructions in their email inbox. To reset a password, the user must have access to the email inbox associated with their user account. SimpleMDM does not reset passwords on behalf of customers.
Operational security
System access
PDQ enforces a role-based access control (RBAC) policy over defined subjects and objects. PDQ controls access based upon defined roles and users authorized to assume such roles. By doing so, PDQ ensures that user access to in-scope system components is based on job role and function.
PDQ ensures that, at a minimum, the RBAC policy establishes and enforces RBAC on the following elements:
Core business suite
Software development system
Cloud service providers (CSP)
Other business-critical systems
Vulnerability prevention
PDQ has established a Vulnerability Monitoring and Scanning Program designed to identify, quantify, and prioritize internal and external vulnerabilities in systems and hosted applications at least weekly (or more randomly). PDQ also identifies and implements code analysis tools in the organization’s development pipeline to regularly scan both static and dynamic codebases for vulnerabilities. Processes ensure that the scope of any vulnerability is defined and documented before initiating a vulnerability assessment.
PDQ also ensures that all findings from vulnerability scans are analyzed and documented weekly and remediated in accordance with the organization's risk tolerance. PDQ shares information obtained from the vulnerability monitoring process and control assessments with key stakeholders to help eliminate similar vulnerabilities in other systems.
Other security topics
Third-party vendors
SimpleMDM utilizes a handful of services required for product functionality. These third-party vendors process data for PDQ:
Provider | Service | Notes |
|---|---|---|
Auth0 | Authentication | Used for managing user authentication and passwords. |
Mixpanel | Usage tracking | Used for tracking feature usage in SimpleMDM. |
Stripe | Payments | Used for managing subscriptions and storing payment information. |
Cloudflare | Cloud infrastructure | Used for enabling or disabling certain product features. |
Google Analytics | Analytics | Used for tracking mouse locations and feature usage. |
Google Cloud | Cloud infrastructure | Used for identity and account management. |
Sentry | Logging | Used for identifying and logging bugs or other product issues. |
New Relic | Service performance monitoring | Used for monitoring SimpleMDM service performance. |
Twilio | Cloud infrastructure | Used for sending enrollment links via SMS. |
HubSpot | Marketing automation | Used for forms and sending emails. |
UserVoice | Feedback | Used for capturing user suggestions and feature requests. |
ZenDesk | Customer support | Used for customer support tickets. |
Security audits
PDQ performs annual human-based and weekly automated penetration tests to identify vulnerabilities that could be exploited to gain access to its production environment. PDQ ensures that in-scope assets are documented before initiating any penetration test. PDQ’s internal SimpleMDM team has committed to an internal SLA to remediate issues found by these tests.
Additionally, PDQ has engaged a third-party bug bounty program that pays out for non-publicly disclosed vulnerabilities.
Certifications
PDQ takes security seriously and realizes the value of independently audited security certifications. We are SOC 2 compliant and will continue to undergo routine audits for updated reports.
Shared Apps
SimpleMDM offers an optional feature called Shared Apps. This feature allows organizations to pull packages for popular applications from SimpleMDM — without having to manage the packages themselves. For example, SimpleMDM keeps the latest version of Google Chrome available in the Shared Apps directory, making it easy for organizations to deploy the latest browser version to target devices.
This is an optional feature included with SimpleMDM. Organizations can choose not to use this feature and instead manually create packages.
Package creation process
To create a software package, SimpleMDM periodically uses a system to scan software providers for new updates, then uploads them to the SimpleMDM Shared App directory.
Shared Apps are manually tested on virtual machines before being approved for general use.
Custom packages
Customers can optionally create their own packages and upload their own software to SimpleMDM. SimpleMDM does not share or in any way make available custom packages created by one customer with other SimpleMDM customers. The customer is responsible for ensuring the packages they create are safe.