Skip to content

Add an entry to the Jamf FAQ about risk acceptance

Nick Thomas requested to merge jamf-interaction-with-personal-stuff into master

Why is this change being made?

@bryanwise and I had a call on Monday about endpoint management. It was a very useful call, but neither of us could really convince the other of our points of view. I've spent a bit of time thinking through what we talked about, and why that might be, and I've tried to distill my conclusions into the form of a FAQ entry on the endpoint management page.

Do you mind taking a look at it with a view to merge, @bryanwise ? Apologies in advance if I've misinterpreted, misunderstood, or misrepresented anything we talked about here. I'm happy to rework it if necessary, or if you think there's a better way of answering the question - it's inevitable that some of my own biases and concerns will have spread into the phrasing,

cc @whaber @pkaldis , as I know you've been involved in triaging this policy too.

My own concerns about laptop management are on two levels - there is "this makes the company less safe", which I can be somewhat philosophical about, especially given Jamf is Mac-only. If we don't agree on the risks posed by using SaaS vs self-managed, or the likelihood of a malicious actor gaining access to Jamf, it's not the end of the world here, and the power to make the decision on behalf of us all clearly rests with the DRI.

However, there is also "this makes me, and my household, less safe", and there, it's a completely different kettle of fish. If we're unable to come to to a version of an endpoint management system that doesn't make me think this, then compartmentalisation is really all I can think of doing to mitigate it, and that's what drives the suggestions in this MR. I don't like it as a solution, but I also can't think of any other way of resolving it, and can - just about - lump it.

Author Checklist

  • Provided a concise title for the MR
  • Added a description to this MR explaining the reasons for the proposed change, per say-why-not-just-what
  • Assign this change to the correct DRI
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to your manager.
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
    • If the changes relate to any part of the project other than updates to content and/or data files please make sure to ping @gl-static-site-editor in a comment for a review and merge. For example changes to .gitlab-ci.yml, JavaScript/CSS/Ruby code or the layout files.

For help with failing pipelines reach out in #mr-buddies in Slack

Edited by Nick Thomas

Merge request reports