santiago silver - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

Cover all OS bases for endpoint management, security

It's not enough to have a traditional Windows game plan for security. Diverse devices require endpoint management policies and management buy-in.

What's the best way to address the growing diversity of my corporate desktops so that I know, at any given time, how secure all of the systems on my network really are?

Traditional enterprise networks that used to be 100% Windows are quickly evolving into more diverse sets of Windows (both old and new), Linux and Mac OS X. This is something that's affecting organizations both large and small, and this aspect of endpoint management is taking a lot IT and security managers by surprise.

In fact, I recently had a client ask how he should manage the deluge of non-Windows-based systems infiltrating his network ever since a new business unit manager was hired and has since encouraged his staff members to acquire the latest and greatest laptops from Apple.

What can happen is sensitive business information that used to be protected by Group Policy, full disk encryption, patch management systems and the like is now being stored and processed on systems that have zero security controls. Sure it's a seemingly insurmountable issue that's easy to turn a blind eye to, but that doesn't make the security risks go away or regulators look at the issue any differently.

This challenge is really an extension of bring your own device (BYOD) policies. People are going to use whatever endpoint devices they want to get their jobs done, especially if management ignores endpoint security policies and standards. How someone who is responsible for IT security prevent things from getting out of hand? Here are my suggestions:

  • Make sure that management is on board with determining the risks of these nontraditional systems and then doing whatever is reasonable to minimize those risks.
  • Develop proper standards and BYOD policies to ensure that all the big areas are being addressed, including passwords, full disk encryption, audit logging, patching (especially third-party patches) and vulnerability testing.
  • Implement the necessary technical controls to keep things in check, which could include technologies such as mobile device management, cloud-based file sharing, data loss prevention and managed third-party client extensions for Active Directory.

This is arguably one of the greatest risks in enterprise security today. Don't ignore endpoint management and hope the problem goes away. Being proactive is the only reasonable approach.

Next Steps

Conduct an information risk assessment before rolling out a desktop security policy

Good standards can force focus on Windows desktop security

Endpoint management tools realize the dream of unified device management

Point-of-sale security breaches offer endpoint management lessons

Desktop admins should be able to answer these malware detection questions

Protecting enterprise desktops gets easier with Microsoft Security Compliance Manager

This was last published in September 2014

Dig Deeper on Endpoint security management tools

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is your biggest security headache when dealing with multiple OSes and devices?
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close