santiago silver - Fotolia


Modern endpoint management comes with new rules

Desktop administrators need to know that the rules of endpoint management have changed: It's not all about PCs anymore.

Over the last several years, endpoint devices in the enterprise have undergone dramatic changes.

Although desktop PCs are still a staple, they compete with smartphones, tablets, hybrid laptops and more. This endpoint explosion allows end users to do their jobs in new and creative ways. But it also presents significant challenges for administrators who must cope with issues such as security, software licensing, application deployment and device management. In many cases, the legacy endpoint management techniques that worked in the past are no longer effective. Administrators must adopt new endpoint management techniques.

Consistency is the underlying reason legacy endpoint management tools are no longer adequate. PCs were once the dominant endpoint devices in enterprise environments, but now workers use a variety of devices that are all very different. Although PCs differ in small ways from one to the next -- such as manufacturer, hardware and age -- most enterprise PCs run Windows. And different versions of Windows still have shared features. For example, admins can usually domain join Windows PCs and secure them through group policies, plus Windows PCs are often configured similarly.

Today, it is unrealistic for admins to expect such uniformity among endpoints because PCs are no longer the dominant device on enterprise networks. A user can easily connect a Mac or an Android tablet to the corporate network. It's the variety of devices and lack of consistency that presents such a challenge for IT administrators. Endpoint devices today run operating systems that are very different from one another. There are differences between Windows 8.1 and Windows 10, but there are also many similarities. In contrast, there are almost no similarities between Windows 10 and Apple iOS. The two operating systems run on different hardware, they use different applications and are equipped with different security mechanisms.

When users own the devices

But hardware and operating system inconsistencies are not the only things that make an administrator's job challenging. IT must also cope with the issue of device ownership.

In the days of PC-only networks, organizations generally owned all the PCs and IT could configure them as they saw fit. Companies could also enforce use policies. Today, users commonly work from their own personal devices, so administrators must find ways to secure corporate data and resources without infringing upon workers' ability to use their devices. That move to empower employees to use their own devices for work comes with a shift in the way IT must think about those devices.

What Needs Solving

The proliferation of endpoint devices presents a number of significant challenges. Workers use many different kinds of devices with various operating systems, and IT can't treat the fleet as one anymore. Some issues organizations absolutely must address as part of modern endpoint management include determining how to:

  • Make user-owned devices trustworthy;
  • Apply device-level security policies;
  • Deliver the applications users need;
  • Manage software licenses on employee-owned devices; and
  • Minimize the amount of time it takes for IT to provision devices.

Consider how wireless changed the way IT viewed networks: Before the widespread adoption of Wi-Fi, most corporate networks used copper or fiber cables. Because the cables were under the IT department's direct control, they were considered secure. If someone wanted to connect a rogue device to the corporate LAN, they had to enter the building and physically attach a network cable to the device -- this is an over simplification. When Wi-Fi came along, it forced IT professionals to completely rethink network security. For the first time, someone could attach a device to the corporate LAN without physically plugging into it. Since then, IT has been forced to treat wireless networks as untrusted mediums, and a device can no longer be considered trustworthy simply because it's on the corporate network.

This same shift in the perception of trustworthiness is happening today with the way admins must approach endpoint devices. Many devices cannot be secured the way IT traditionally handled PCs, so admins must consider those unsecured devices untrustworthy. This does not mean that such devices should not be used in the enterprise, but IT administrators must establish new trust boundaries. This is one of the core tenets of modern endpoint management.

Next Steps

Mobile security management evolution foils unified endpoint management

Frequently asked endpoint management questions

Manage deeper than the desktop

Dig Deeper on Endpoint security management tools