Endpoint administration has changed significantly over the years.
In the days when organizations robotically handed out computers to new employees for use in the office, the primary role of the desktop administrator was to install and manage images on Windows PCs. Today, the IT industry has shifted its focus to providing secure access to corporate resources from a variety of endpoints. As a result, the desktop administrator title is rare.
Modern roles that focus on the endpoint require familiarity with enterprise mobility management software, end-user computing infrastructure and new types of applications, in addition to traditional Windows deployment and management tools. A day in the life of any endpoint administrator, whatever his or her specific title may be, is never the same.
The endpoint device: Then and now
An advantage of allowing only Windows-based, corporate-owned devices is that administrators can control them through Group Policy Objects in Active Directory. From a central console, IT can disable USB devices or force applications to update when the device starts up or when the user logs in, for example. This approach provides a high level of control but does not always make users happy.
As devices such as smartphones, tablets and Apple Mac computers gained consumer acceptance, the lines blurred between personal and business usage. Most organizations realized that allowing all users to access email and other applications anytime, anywhere was advantageous for productivity. Why should executives be the only ones who could respond to email at all hours of the day and night via corporate-issued BlackBerry devices? Hence, many organizations accepted the bring your own device (BYOD) trend, however grudgingly.
Even today, BYOD forces IT departments into unknown territory. Allowing personal devices onto the corporate network, alongside corporate devices and new types of applications, raises many questions.
How does IT best control devices?
Many organizations started BYOD programs with strict guidelines for the types of devices that users could bring into the workplace. But it was too hard for IT to keep up with the plethora of new computers, smartphones and tablets.
Today, the focus is on controlling business applications and data rather than the device. But don't disregard device management. If a device is jailbroken or isn't password-protected, business applications and data could be compromised.
As such, mobile device management (MDM) is an important piece of the security puzzle. MDM allows IT to enforce policies regarding encryption, password use and complexity, app installs and more. It is quite a different approach from how a desktop administrator traditionally protects PCs, but that is changing. Windows 10 supports unified endpoint management, which lets admins use MDM software to control and secure PCs.
How can users access business applications and data?
Some organizations that support remote users and BYOD have implemented desktop virtualization to provide access to corporate Windows applications. By delivering these resources with security distinctions based on device type, location and other criteria, administrators can make it easy for users to get their work done wherever they are.
On the front end, virtual desktop users receive a similar interface regardless of device type, which they are generally okay with. But Windows applications, which are built for a keyboard-and-mouse interface, don't always appear and function exactly the same when accessed from non-Windows, touchscreen devices. This can be extremely challenging for users.
Additionally, not all corporate resources rely on Windows these days, so desktop virtualization has limited utility in these cases. Users can typically access software as a service and web applications, as well as cloud-based file-sharing services, natively from any device. Enterprise cloud services typically invoke stringent security, but some workers may use consumer-grade products, and modern desktop admins must be aware of the security and compliance ramifications.
How should IT maximize security?
There is no such thing as 100% security, but IT organizations must constantly strive to achieve that goal. Endpoint security has typically been synonymous with antivirus, but that is just the tip of the iceberg today. Phishing and web-based attack prevention, a virtualized infrastructure and MDM all play crucial roles, and it's up to desktop admins to determine how to put these and other technologies to use. There is no one right answer; organizations vary greatly in how they approach endpoint management and security.
The desktop administrator world has certainly changed. The endpoint constantly challenges IT departments and will continue to do so as technology and user requirements evolve.
A guide to mobile OSes for desktop admins
How BYOD affects desktop admins
Mobility responsibilities fall to desktop administrators