This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
1. - Getting started with an endpoint and mobile security strategy: Read more in this section
- Enterprises need a mobile security strategy, not a tactical response
- What IT admins need to know about endpoint management
- A good mobile security strategy starts with the enterprise desktop
Explore other sections in this guide:
- 2. - Tools for mobile devices proliferate as vendor shakeups continue
- 3. - Don't get left behind as mobile security management evolves past the desktop
The days of easy central management of enterprise data and applications in the data center are over. Enterprise IT is facing an explosion in the variety of endpoint devices -- and the headaches associated with them. New technologies, such as mobile devices, virtualization and cloud computing, have joined old concerns about endpoint security, costs and control. This endpoint management FAQ answers some of the most troubling questions.
Are your endpoints secure?
Before wading into the sea of endpoint security options, IT needs to determine where sensitive data resides. One result of the consumerization trend is that data is often accessed by devices that IT doesn't control. For example, the iPad and other Apple devices have made inroads into traditionally Windows shops.
After looking at how data is accessed, administrators can decide what form of endpoint security management makes the most sense -- applications on desktops and mobile devices or dedicated hardware appliances. Admins should review security and desktop backup policies that applied to just corporate laptops or home offices.
What are the best ways to secure endpoints?
Layered endpoint security can include existing firewalls, antivirus and patch management controls, which should be integrated and monitored. Even "dumb devices" such as IP phones and printers pose risks.
Some analysts contend that endpoint security agents are a management burden instead of the best way to strengthen endpoint and network defenses. They say that enterprise resources are better spent on network edge protection or network access control and on accounting for human error.
Organizations can also plan for Windows desktop security using products such as Microsoft's Forefront Endpoint Protection and System Center Configuration Manager. Vendors are chasing the market with new offerings and standards. Enterprise IT must not only be prepared to set network security policies; it must also enforce endpoint security policies.
Why should IT manage mobile devices?
Many IT admins who are used to managing enterprise desktops are finding that they need to manage mobile endpoints such as smartphones and tablets, which are often employee-owned. Since users expect the same level of access to corporate data and apps that they have on desktops in the office, IT is under pressure to develop consistent and thorough policies for mobile endpoint security.
What's the role of VDI in endpoint management?
As with virtual desktops and servers, endpoint virtualization enables IT to centrally manage devices. As long as you keep in mind server requirements for virtual machines, virtual desktop infrastructure can allow for both user flexibility and centralized management. Volatile end-user virtual machines can be created on the fly as needed, as long as the basic operating system, application virtualization and user-state virtualization are up to date.
How can cloud computing help with endpoint management?
If endpoints are widely dispersed geographically, cloud-based apps might be better than traditional desktop management systems. Used properly with an agent on the endpoint device, a cloud-based endpoint security app could take advantage of economies of scale. Hosted security software could also allow admins to focus on using and monitoring software rather than constantly updating it.
What does IT need to juggle to keep control of endpoints?
Windows 8, which Microsoft says will run on tablets and netbooks in addition to PCs, demonstrates the need for IT departments to keep up with diversifying endpoint usage. As part of monitoring physical devices, virtual machines and server capacity, organizations will want to balance workload and desktop management. A bring your own device policy informs users of their responsibilities and what service to expect.
Can endpoint management cut costs?
Simpler control is likely a bigger selling point than cost savings for endpoint management efforts, but there are ways to quantify some savings. For example, Windows Intune includes some desktop management capabilities, but it won't help larger enterprises with mobile devices. Standardized power settings can also help IT manage the power consumption of endpoints as well as networks.
New tools are emerging to help admins grapple with endpoint security management and ways to control and integrate new technologies. There's no single answer, but these questions can help enterprises get started.