READY FOR WHATEVER COMES NEXT: Future-proofing endpoint management

Attain IT control, consistent user experiences, and reduced endpoint management complexity with the right unified solution.

New devices, platforms, applications, and technologies connecting to the network are overwhelming IT’s ability to manage devices and software across the enterprise environment. The crisis has come to a head with more employees working remotely, often full time. IT now must be able to manage both corporate-owned and personally owned devices used to access network resources, email, and applications.

Many organizations struggle with separate UEMendpoint and mobile device management systems that complicate their endpoint environments. While some employ consolidated management consoles, they often still rely on disparate processes to manage desktop and mobile devices. Increased use of cloud applications and the rapidly proliferating numbers of Internet of Things (IoT) devices often fall outside the visibility of IT.

Unified endpoint management (UEM) simplifies IT’s ability to administer, manage, and secure all devices from a single solution. This guide examines endpoint management issues and reviews best practices in UEM implementation. Racing to keep up with change Major updates or migrations can create headaches for IT and long timelines for the business. For example, when construction services company Fishbeck, Thompson, Carr and Huber upgraded from Windows XP to Windows 7, four IT staffers took more than seven months to accomplish the project. By the time they needed to upgrade to Windows 10, the company had implemented a UEM solution, which enabled one senior IT solutions analyst to migrate more than 400 machines within six weeks.

Yet, not only operating system upgrades cause endpoint challenges. Companies must manage all the employee smartphones and tablets that connect to servers, printers, and other network systems. In addition, enterprises are rapidly deploying conference-room sharing, intelligent assistants, and other smart, connected endpoints, with 67% of organizations planning deployments of these workspace IoT technologies, according to an IDC survey1
.
The proliferation of endpoints is accompanied by growing risks. In an early 2020 Ponemon Sullivan and Morphisec2 survey, 68% of security professionals said their companies experienced endpoint attacks “that successfully compromised data assets and/or IT infrastructure” in the previous 12 months. The average cost per breach was reported to be almost $9 million. Meanwhile, businesses are under increasing pressure and regulatory requirements to guard privacy and protect their reputations.

The number and types of cyberthreats continue to grow and evolve. The U.S. Cybersecurity and Infrastructure Security Agency offers an overview of key threat categories3:

• Bot-network operators that take over multiple systems to coordinate attacks and distribute phishing schemes, spam, and malware attacks.
• Hackers who download sophisticated and easy-to-use attack scripts and protocols to launch against victim sites.
• Phishing schemes that use spam, spyware, and malware to steal identities or information.
• Unsolicited spam email with hidden or false information used to conduct phishing schemes, distribute spyware/malware, or attack organizations.
• Terrorists who seek to destroy, incapacitate, or exploit critical infrastructures and may use phishing schemes or spyware/malware to generate funds or gather sensitive information.

Endpoints also represent a challenge to compliance and governance efforts. IT can easily become overwhelmed with tracking everything connected to the network while ensuring compliance with regulatory and licensing requirements. In addition, as research and advisory firm ESG4 points out, “New features seem to be introduced daily and network access abounds throughout employees’ daily lives, while endpoint device innovation challenges the traditional endpoint experience, IT management and security strategies, and legacy processes.”

Organizations also must contend with applying software patches for operating systems and applications to protect devices from more than 11,000 known vulnerabilities5.

According to a Ponemon Institute6 report, 60% of breaches were linked to vulnerabilities for which patches were available but not applied.
Simplifying device management and unifying processes The right UEM solution can help organizations reduce costs, boost security, improve enduser experiences, and simplify utilization of cloud resources. “UEM involves products that provide a centralized policy engine for managing and securing corporate laptops and mobile devices from a single console,” according to Computerworld7.

“Essentially, UEM platforms represent the next generation of device management; in many ways, it’s a culmination of mobile device management (MDM), enterprise mobility management (EMM), mobile application management (MAM), and client management philosophies.”

It’s important to recognize that not all UEM products are built the same. Some solutions simply bundle separate solutions for computers and mobile devices and consolidate them in a single console. IT still must manage different processes associated with separate domains, so device types must be managed differently in these situations.

“Many organizations are currently reliant on too many disparate tools, and that is resource-intensive,” said Ken Galvin, senior manager of product management at Quest. “Some UEMs are bundled products, and few provide an all-in-one solution.” He added that many UEM offerings do not encompasses printers, IoT devices, servers, and support for operating systems other than Windows. For example, Windows-based organizations might consider embracing Windows 10 in a cloud-managed environment, leveraging Microsoft’s device management tools and services. Yet, that is just a partial solution if the organization also uses Linux and Chromebook devices.

The need for unification

The right UEM solution automatically enrolls devices and manages them along with all associated processes, workflows, and devices, regardless of device platform or form factor. For example, smartphones and tablets are typically enrolled using apps, unlike networkattached endpoints such as PCs that are enrolled through agents. If a device is provided by the organization, IT personnel can install the app before giving it to the user.
If the user is relying on their own device, however, they must install the app from an app store or internal portal. Uniform enrollment, on the other hand, ensures that users have no excuse for not installing the app and that IT need not intervene for each installation. The value of a comprehensive UEM has been driven home as a result of the rapid expansion of the hybrid workforce, with many workers never coming into the office. IT administrators must be able to effectively manage and secure a partial or fully remote workforce while keeping it connected and productive anytime, anywhere.

UEM should offer the ability to configure devices when they connect to the network remotely or in the office, including installing certificates that grant access to corporate resources. Configuration and policy management provide the software asset management capabilities needed to ensure license compliance and optimization. For example, AGC Chemicals Europe Ltd. had built an in-house application and database for tracking assets, but it wasn’t useful for central reporting. It also didn’t allow IT to control and check whether users were installing unauthorized software.

Software licenses were managed from a filing cabinet and manually tied to devices. The company implemented a UEM solution, so software licenses are now automatically loaded for all new computers that the company purchases. Not only does IT have control over software license management, but it also knows when employees are not using licenses that the company has paid for.

When integrated with an organization’s service desk, the UEM solution can automate repetitive tasks and consolidate IT asset management, endpoint security, and end user support. This reduces the human and financial resources required for complete lifecycle management of connected systems and devices.

Birmingham, Alabama-based Samford University, for example, uses a UEM solution to eliminate the physical contact around service desk issues. With an enhanced imaging process, “All I have to do is net boot, and it just does everything else,” said Brandon Ayon, the university’s computer tech and lab manager.


Unification starts at the top
Today, your environment includes computers, mobile devices, and IoT devices. Tomorrow, it might expand to wearables and customer-facing screens on kiosks and in automobiles, or other types of endpoints. As your business strategy evolves toward increasingly digital business models, your UEM solution must be comprehensive, inclusive, and secure.

Managing and securing endpoints requires a top-down approach to ensure everyone meets the changes and challenges that can show up daily. UEM can deliver timely security patching, identify vulnerabilities to cybercrime, and prevent malware infection or data theft by ensuring that every employee has the correct endpoint port and administration access.

Many Windows-based organizations are adopting Microsoft’s modern management concept for ongoing, cloud-based updates for desktops and laptops, like many mobile apps and OSs are updated. Yet, that’s only a partial solution. “The right solution has to be flexible,” said Quest’s Galvin. “It you’re talking unified endpoint management, does it manage everything that can hit your network, not just laptops?

Modern management is not going to manage Linux, printers, and HVAC systems that touch your network. Organizations require a hybrid management solution that can manage PCs, mobiles, and everything else. It’s not really unified if it can’t manage everything.”

Cost, of course, is always part of the selection criteria, but it’s just as important that the UEM solution be easy to administer and enhance your security profile. Plus, enterprise scale is essential to support your organization’s future growth. Businesses are likely to rely on a workforce that is remote at least part of the time, perhaps in a hybrid mode with some days in the office and some at home. The UEM solution should support your distributed workforce anytime, anywhere, and on any device. In the work-fromanywhere environment, it’s critically important that organizations can adapt to changing compliance requirements no matter where their workers are located.

KACE eases transition to modern management
Quest’s KACE Unified Endpoint Manager unites traditional endpoint management with modern management in a shared intuitive interface that provides hybrid capabilities. This enables organizations to manage traditional network-attached endpoints and mobile devices. IT can manage and secure all endpoints from one console, including Windows and Mac laptops, and iOS and Android mobile devices.

Simplified device enrollment and easy deployment processes ensure that administrators and service desks have powerful device controls that can discover and inventory devices,manage software assets, and provide a consistent user experience. Automation of routine tasks increases control over IT costs and end-user satisfaction.

Quest creates software solutions that realize the benefits of new technology in an increasingly complex IT landscape. With comprehensive inventory and asset management, vulnerability scanning, automated patching, privilege management, and more, KACE by Quest helps you take control of your environment, whether your users are remote or in the office.

For more information email us: info(at)timequantum.co.za

 

THE TQ CULTURE

Information Technology, Simplified

We are a company of self-motivated individuals that share a common goal and purpose.

Each individual in the company has a high degree of autonomy and we are managed and remunerated based on outcomes.