santiago silver - Fotolia

Manage Learn to apply best practices and optimize your operations.

Cover all OS bases for endpoint management, security

It's not enough to have a traditional Windows game plan for security. Diverse devices require endpoint management policies and management buy-in.

What's the best way to address the growing diversity of my corporate desktops so that I know, at any given time, how secure all of the systems on my network really are?

Traditional enterprise networks that used to be 100% Windows are quickly evolving into more diverse sets of Windows (both old and new), Linux and Mac OS X. This is something that's affecting organizations both large and small, and this aspect of endpoint management is taking a lot IT and security managers by surprise.

In fact, I recently had a client ask how he should manage the deluge of non-Windows-based systems infiltrating his network ever since a new business unit manager was hired and has since encouraged his staff members to acquire the latest and greatest laptops from Apple.

What can happen is sensitive business information that used to be protected by Group Policy, full disk encryption, patch management systems and the like is now being stored and processed on systems that have zero security controls. Sure it's a seemingly insurmountable issue that's easy to turn a blind eye to, but that doesn't make the security risks go away or regulators look at the issue any differently.

This challenge is really an extension of bring your own device (BYOD) policies. People are going to use whatever endpoint devices they want to get their jobs done, especially if management ignores endpoint security policies and standards. How someone who is responsible for IT security prevent things from getting out of hand? Here are my suggestions:

  • Make sure that management is on board with determining the risks of these nontraditional systems and then doing whatever is reasonable to minimize those risks.
  • Develop proper standards and BYOD policies to ensure that all the big areas are being addressed, including passwords, full disk encryption, audit logging, patching (especially third-party patches) and vulnerability testing.
  • Implement the necessary technical controls to keep things in check, which could include technologies such as mobile device management, cloud-based file sharing, data loss prevention and managed third-party client extensions for Active Directory.

This is arguably one of the greatest risks in enterprise security today. Don't ignore endpoint management and hope the problem goes away. Being proactive is the only reasonable approach.

Next Steps

Conduct an information risk assessment before rolling out a desktop security policy

Good standards can force focus on Windows desktop security

Endpoint management tools realize the dream of unified device management

Point-of-sale security breaches offer endpoint management lessons

Desktop admins should be able to answer these malware detection questions

Protecting enterprise desktops gets easier with Microsoft Security Compliance Manager

Dig Deeper on Endpoint security management tools

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What is your biggest security headache when dealing with multiple OSes and devices?