Endpoint management is a simple concept that’s become more complex over time. Initially, it was about provisioning and managing the computers and devices that people use in your organization in the bring your own device (BYOD) and mobile computing era. Then the Internet of Things (IoT) made things far more complex. And now perimeter security is being replaced by zero trust. The evolution of endpoint management is one of tackling increasing complexity.
In today’s complex world, you need a great unified endpoint management (UEM) solution.
Under the UEM umbrella, mobile device management (MDM) and enterprise mobility management (EMM) enable UEM for mobile and IoT devices, which is really the core of UEM in a remote and hybrid world.
This didn’t use to be the case. In the past, UEM, MDM and EMM were all separate worlds of tools, practices and policies. But in recent years they’re merging into a single area in the UEM category.
Of course, zero trust is a methodology, architecture and even a mindset — not a technology or specific set of tools. But UEM is strongly associated with zero trust because that approach calls for managing many aspects of all devices in the organization at a massive scale.
Read the interactive white paper
Here Comes the Zero Trust Imperative
It’s a cliche to suggest that zero trust replaces perimeter security, but this is somewhat misleading on two counts. First, it’s not really about trust, per se. You may ‘trust’ any specific employee, or their device, but they still don’t get access without proper authentication. A perimeter still exists, and that perimeter is every endpoint. In other words, for attackers, every endpoint is a door. The zero trust approach makes sure every door stays locked. The person knocking on that door has to prove they are an authorized user using authorized software on an approved device. The security dimension of UEM is, in essence, the process of watching those doors at scale.
That idea is conceptually simple. But watching the door really means making sure the lock is up to date and configured correctly, that the activity around that door looks normal, that any abnormal activity is investigated and that any threats are removed.
Because most successful breaches happen through endpoints, security has to be a major focus of UEM.
Good UEM calls for good privileged access management (PAM) tools, practices and policies. Administrative accounts and privileged users hold the keys attackers would love to get their hands on, so that has to be managed with special care.
The right unified endpoint management tools will give you visibility into and control of all the endpoints in your organization.
High-quality UEM is essential in today’s context because zero trust security architectures call for management (evaluating, assigning, monitoring and revoking) of the access rights of endpoints throughout the organization.
The most advanced UEM solutions apply machine learning (ML) and artificial intelligence (AI) to the job, which works around the clock looking for usual and potentially malicious activity. Advanced automation tools can also enable pre-programmed profiles, approved software, VPN access and privileges, which speeds up day-to-day work, and also unusual events, like decommissioning.
Look for a comprehensive UEM solution that enables cross-functional teams to deploy security tools, updates and patches, enforce policies remotely and enables authenticated devices (and blocks devices that are not authenticated) via a centralized dashboard, or Endpoint Management Console (EMC). You also want the ability to perform specific remote tasks, such as resetting passwords and wiping all data (in the case of loss or theft, for example).
Why You Need UEM
One huge benefit of UEM is speed. You can detect and respond to threats, vulnerabilities and breaches faster. Another is the lowering of the cost of ownership over time because you’re able to manage endpoints at scale more efficiently.
UEM also boosts your compliance efforts, just as we enter a new phase in which regulatory transgressions around cybersecurity compliance are hit with serious penalties.
HIPAA, GDPR, SOC2, PCI DSS and others demand secure policies, restrictions and encryption, which UEM can push to endpoint devices throughout your organization. It can help you prevent users from opening risky documents or clicking on arbitrary links. And you can document everything that was locked down.
UEM enables you to routinely and automatically check on the location of endpoint devices, locking and wiping those that have been taken to unauthorized locations. Likewise, UEM logs on user IDs and enables quick revoking of access to employees who have left the company or changed their roles.
Really, zero trust security and cybersecurity compliance go hand-in-hand in our complex, hybrid environments — you want the security, and you want to document those security measures, which UEM enables you to do at scale.
Schedule a free consultation
The Future of UEM
You’ve noticed a significant expansion in recent years in the use of mobile, wireless point-of-sale devices. The secure, practical application of this capability has been enabled by advanced UEM systems, which keep the data flowing but protect the organization and its business data from attack.
These changes in the retail space are only just beginning. Point-of-sale (POS) systems are undergoing a massive transformation, with cash registers being replaced by mobile POS systems.
The next big frontier in UEM will be virtual reality (VR) and augmented reality (AR) devices, which are expected to proliferate in enterprises across the world over the next five years. Many of these devices will require UEM solutions, but also enable them. Tomorrow’s enterprise VR and AR devices will likely use biometric security to authorize the user, and built-in AI will help tomorrow’s UEM solutions to authenticate devices and apps and determine how those devices are used.
The trend is clear: UEM and zero trust are here to stay, and they’ll both serve as the foundation of powerful complex business environments, as well as security and compliance.
Register for Omdia report
I write a popular weekly column for Computerworld, contribute news analysis pieces for Fast Company, and also write special features, columns and think piece...