BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
In the children's game I'm Going on a Picnic, one player names an item they would bring on a picnic, then the second person calls out a new item and repeats what the first person said. The game continues with each player adding a new element and reciting everything those before them said.
It might be child's play, but this little game reflects the way endpoint management has changed. In the past IT had to manage a group of Windows PCs. Then some mobile devices entered the fray, and they had to manage things like Samsung phones running Google Android, in addition to those Windows PCs. Tablets popped up next, and administrators had to juggle, for instance, Apple iPads, the Samsung phones running Android and the Windows PCs. It added up fast.
As admins tack on more and more endpoint management tools, they need a single place to manage everything, which is where unified endpoint management (UEM) comes in.
Data and applications take center stage
Before unified endpoint management entered the spotlight, some fundamental changes occurred. Many IT departments shifted from a device-centric management model to a data and application-centric approach. Instead of locking down users' devices, which is often impossible if users own the devices, admins try to control users' apps and data. They don't completely ignore device security -- admins should still enforce encryption and password complexity, for example -- but the emphasis is different.
The question of device ownership is a huge reason for the change. As users bring more personal devices to work, IT must protect corporate data without infringing on users' freedom. If users feel limited in what they can do, they will not be happy. To keep users satisfied and meet security requirements, IT must determine what apps can access what data and what users can do with different data. They can also use technology such as containerization to separate corporate apps from the rest of the device.
Identity management is crucial
In the days when most users worked with Windows PCs, IT could control pretty much everything with Group Policy Objects in Active Directory. Now that PCs only make up a portion of the network and the focus is off the devices themselves, identity management has become paramount. Admins must make sure the people accessing corporate apps and data are who they say they are. To do so, they can use tools such as VMware Identity Manager.
Wrapping it all together
Instead of using one tool to manage mobile devices and another to manage PCs, admins can use a single location to manage everything. Enter unified endpoint management.
The first step to unified endpoint management is setting up company data policies that establish the rules for how users can work with corporate information on any device. Next, IT must understand how users work with their devices to determine what they need to manage and how. A great way to find out is to follow users throughout the day to see what tasks they accomplish on desktops versus what they do on their mobile devices.
Admins also must understand their needs. That means identifying where risk exists, what their endpoint performance standards are and which policies they have to follow.
What a UEM tool should look like
First, admins should look at compatibility with their existing technologies such as data loss prevention tools, antimalware software and cloud access security brokers. If they use single sign-on or full-disk encryption, it's also important to find out if a UEM product supports those technologies.
A good unified endpoint management tool also includes asset management so IT can take inventory of all the devices and what's running on them. If they don't know what they have, it's impossible to manage anything. Next, the tool needs software management so admins can manage all the apps and OSes the devices run. Software management should allow admins to deploy apps based on groups, apply service packs, update antivirus and more.
Unified endpoint management tools should allow admins to secure and configure devices with a policy-based approach where they can implement firewall configurations, among other considerations. It should also have auditing and reporting capabilities so admins can keep track of what users are doing, how everything is performing and where the security risks are. Finally, IT admins should look for a tool that is easy to use. If it's too complicated, it will only make their lives more challenging.
Is one size fits all possible with UEM?
UEM is a worthy investment
Explore endpoint management software