With such a wide variety of devices and operating systems in the enterprise, the world of management is like herding...
Admins probably have some of the operating systems, namely Windows, under reasonable control, but the others -- Linux, Google Android, Apple iOS and macOS -- are often standalone systems that don't get the security attention they deserve.
In recent years, mobile device management, enterprise mobility management and similar technologies have made worthy attempts to bring some semblance of control to enterprise endpoints. These technologies are useful, but none of them offer the holistic endpoint management and security approach admins responsible for both maintaining system availability and protecting sensitive data need to truly help.
Unified endpoint management (UEM) promises to address these issues in a holistic way. After all, why should admins control and secure workstations and mobile devices separately when they can combine the tasks with unified endpoint management?
What are the benefits and drawbacks of UEM?
Unified endpoint management products address some of the shortcomings of traditional approaches to managing diverse endpoints, including improved automation and control around the following:
- hardening and configuration management;
- software patching;
- application management and containerization;
- granular policy enforcement with device platforms, roles and locations;
- integration with existing enterprise management systems; and
It all sounds great on paper, but getting unified endpoint management to deliver is quite an undertaking. UEM products may not give admins the ability to fully manage traditional desktops or laptops and applications in the ways they're accustomed to. Much depends on the specific vendor and, perhaps, its role in the traditional endpoint management market.
What to consider before adopting it
Before adopting unified endpoint management, admins must think about their organization's specific needs and risk profile. For example, what are their endpoint configuration standards, what specific policies do they want or have to follow, what information are they responsible for protecting and what's the overall culture of their user base? Simply jumping on board with UEM without thinking about the bigger picture of how a specific vendor's product is going to fit in with the company's needs is a recipe for mediocrity or worse: It could create more complexity, which most admins cannot afford.
Aside from the general benefits, admins also must think about more technical areas, such as how UEM affects technologies admins already have in place -- data loss prevention and cloud access security brokers, for example. Admins also must consider whether or not they can integrate existing malware, network access controls, and security information and event management controls into the overall UEM system.
They should understand how unified endpoint management supports or does not support third-party software updates from Adobe, Java and a litany of mobile app vendors. They should find out if UEM works with full-disk encryption as well as single sign-on and other identity management tools. Admins should look at how UEM affects user email and web browsing experiences as well as the types of threat intelligence and mitigation features it includes. And, perhaps most importantly, admins must consider how they can use unified endpoint management to proactively resolve threats, notify proper personnel of security issues and minimize specific risks when endpoint security events occur.
When protecting enterprise endpoints, good security is not only about management support and user acceptance. It's also about visibility and control, so admins should make sure unified endpoint management delivers in that regard.
Who needs it?
Any network admins and security managers having trouble managing and properly controlling all their endpoints should consider UEM. They might not think they're having problems in this area, but if they perform an in-depth endpoint security assessment to see where things truly stand, they'll almost certainly realize they are. There's no doubt admins have limited time and budgets, so when it comes to balancing the requirements of uptime and security, not using unified endpoint management is like having one arm tied behind their backs.
Regardless of the situation, the tangible administrative efficiencies, security benefits and overall network visibility improvements that unified endpoint management can bring may be well worth it. Admins must look at the bigger picture not only when they determine their needs and plan things out, but also when they implement the system and manage it on an ongoing basis. They need specific, tangible goals that they stick with to ensure that their product fixes their existing endpoint management challenges but also makes good business sense over the long haul.
Many network managers have yet to consider UEM, much less roll the technology out successfully. Given the attention it is getting, that should change as more admins look to solidify their endpoint security in the name of compliance.
XenMobile includes UEM
How to manage modern endpoints
Why EMM is so important