The Past, Present and Future of Endpoint Management Solutions
Endpoint management is a simple concept that’s become more complex over time. Initially, it was about provisioning and managing the computers and devices that people use in your organization in the bring your own device (BYOD) and mobile computing era. Then the Internet of Things (IoT) made things far more complex. And now perimeter security is being replaced by zero trust. The evolution of endpoint management is one of tackling increasing complexity.
In today’s complex world, you need a great unified endpoint management (UEM) solution.
Under the UEM umbrella, mobile device management (MDM) and enterprise mobility management (EMM) enable UEM for mobile and IoT devices, which is really the core of UEM in a remote and hybrid world.
This didn’t use to be the case. In the past, UEM, MDM and EMM were all separate worlds of tools, practices and policies. But in recent years they’re merging into a single area in the UEM category.
Of course, zero trust is a methodology, architecture and even a mindset — not a technology or specific set of tools. But UEM is strongly associated with zero trust because that approach calls for managing many aspects of all devices in the organization at a massive scale.
It’s a cliche to suggest that zero trust replaces perimeter security, but this is somewhat misleading on two counts. First, it’s not really about trust, per se. You may ‘trust’ any specific employee, or their device, but they still don’t get access without proper authentication. A perimeter still exists, and that perimeter is every endpoint. In other words, for attackers, every endpoint is a door. The zero trust approach makes sure every door stays locked. The person knocking on that door has to prove they are an authorized user using authorized software on an approved device. The security dimension of UEM is, in essence, the process of watching those doors at scale.
That idea is conceptually simple. But watching the door really means making sure the lock is up to date and configured correctly, that the activity around that door looks normal, that any abnormal activity is investigated and that any threats are removed.
Because most successful breaches happen through endpoints, security has to be a major focus of UEM.
Good UEM calls for good privileged access management (PAM) tools, practices and policies. Administrative accounts and privileged users hold the keys attackers would love to get their hands on, so that has to be managed with special care.
The right unified endpoint management tools will give you visibility into and control of all the endpoints in your organization.
High-quality UEM is essential in today’s context because zero trust security architectures call for management (evaluating, assigning, monitoring and revoking) of the access rights of endpoints throughout the organization.
The most advanced UEM solutions apply machine learning (ML) and artificial intelligence (AI) to the job, which works around the clock looking for usual and potentially malicious activity. Advanced automation tools can also enable pre-programmed profiles, approved software, VPN access and privileges, which speeds up day-to-day work, and also unusual events, like decommissioning.
Look for a comprehensive UEM solution that enables cross-functional teams to deploy security tools, updates and patches, enforce policies remotely and enables authenticated devices (and blocks devices that are not authenticated) via a centralized dashboard, or Endpoint Management Console (EMC). You also want the ability to perform specific remote tasks, such as resetting passwords and wiping all data (in the case of loss or theft, for example).
One huge benefit of UEM is speed. You can detect and respond to threats, vulnerabilities and breaches faster. Another is the lowering of the cost of ownership over time because you’re able to manage endpoints at scale more efficiently.
UEM also boosts your compliance efforts, just as we enter a new phase in which regulatory transgressions around cybersecurity compliance are hit with serious penalties.
HIPAA, GDPR, SOC2, PCI DSS and others demand secure policies, restrictions and encryption, which UEM can push to endpoint devices throughout your organization. It can help you prevent users from opening risky documents or clicking on arbitrary links. And you can document everything that was locked down.
UEM enables you to routinely and automatically check on the location of endpoint devices, locking and wiping those that have been taken to unauthorized locations. Likewise, UEM logs on user IDs and enables quick revoking of access to employees who have left the company or changed their roles.
Really, zero trust security and cybersecurity compliance go hand-in-hand in our complex, hybrid environments — you want the security, and you want to document those security measures, which UEM enables you to do at scale.
You’ve noticed a significant expansion in recent years in the use of mobile, wireless point-of-sale devices. The secure, practical application of this capability has been enabled by advanced UEM systems, which keep the data flowing but protect the organization and its business data from attack.
These changes in the retail space are only just beginning. Point-of-sale (POS) systems are undergoing a massive transformation, with cash registers being replaced by mobile POS systems.
The next big frontier in UEM will be virtual reality (VR) and augmented reality (AR) devices, which are expected to proliferate in enterprises across the world over the next five years. Many of these devices will require UEM solutions, but also enable them. Tomorrow’s enterprise VR and AR devices will likely use biometric security to authorize the user, and built-in AI will help tomorrow’s UEM solutions to authenticate devices and apps and determine how those devices are used.
The trend is clear: UEM and zero trust are here to stay, and they’ll both serve as the foundation of powerful complex business environments, as well as security and compliance.
I write a popular weekly column for Computerworld, contribute news analysis pieces for Fast Company, and also write special features, columns and think piece...
4 min read - This is a time of major changes for businesses and agencies. That includes the move to the cloud and the shift to being digital-first. So, cybersecurity has moved to a front-and-center position in many companies and industries. When talking about…
3 min read - Corporate clients and cloud service providers (CSPs) are both responsible for cloud security. Clients remain accountable for governance and compliance. However, their other duties will vary depending upon the type of cloud deployment. What can cloud-native security controls do for…
8 min read - This post was written with contributions from IBM Security X-Force’s Anne Jobmann, Claire Zaboeva and Richard Emerson. February 25, 2022 Update On February 24 2022, Symantec Enterprise reported a ransomware dubbed as PartyTicket was deployed alongside the HermeticWiper malware. IBM…
Endpoint management is a simple concept that’s become more complex over time. Initially, it was about provisioning and managing the computers and devices that people use in your organization in the bring your own device (BYOD) and mobile computing era. Then the Internet of Things (IoT) made things far more complex. And now perimeter security is being replaced by zero…
The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced…
Goldman Sachs leadership didn’t get the response they expected from their return to the office (RTO) order. In fact, Fortune reported that only about half of the company’s employees showed up. With today’s tight labor market and many employers allowing remote work, employees have firm ground to stand on. How do you secure a workforce that won’t always comply with…
How can your organization improve its Systems Applications and Products (SAP) risk posture? Aligning with the key principles of zero trust through tangible and specific measures is one way. To begin, let's define the principles of zero trust. We’ve all seen the types and breadth of zero trust out there. Which are most relevant to SAP? Three Principles of Zero…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.