The concept of unified endpoint management (UEM) typically implies the convergence of mobile device and PC endpoint management under a single team and management platform. But as the types of devices employees use daily expands, wearables, augmented reality (AR) and virtual reality (VR) gear, smart connected assistants, and other connected, nontraditional endpoints that fall into the internet of things (IoT) are all now part of employees’ extended digital “workspaces.” Getting control over a diverse set of devices is a challenge well-suited for UEM platforms.

An Explosion of Smart, Connected IoT Devices

The proliferation of nontraditional, connected endpoints in enterprises is exploding. According to IDC’s 2019 Enterprise Mobility and Workspace Survey, more than two-thirds (67 percent) of enterprises plan to deploy “workspace IoT” technologies, such as conference room sharing, intelligent assistants and other smart, connected endpoints, over the next 12 to 18 months. Many of these initiatives are IT-approved and corporate-backed.

However, shadow IT is persistent, and there is a trend of BYOT or bring your own “things” when it comes to smart, connected devices as well. This could include the use of a consumer smart hub plugged in on a desk for streaming music, to internet-connected consumer appliances like coffee machines and smart lighting in break rooms and offices.

New types of end user IoT devices — wearables, in particular, such as smart watches and AR glasses and headsets — are also pushing boundaries in terms of management and security. The boon in products such as the Apple Watch and others like it — IDC saw shipments grow 31 percent from 2018 to 2019 — is causing teams responsible for mobile and device management to expand their thinking and realize the broadening attack surface across the workforce.

How UEM Can Help

From the position of IT, many organizations see UEM as a key technology for controlling and managing this new wave of workspace IoT gear. Among enterprises with UEM or enterprise mobility management (EMM) technology deployed, 65 percent said they are already using, or plan to use, these platforms to manage workspace IoT equipment, according to IDC’s workspace study.

UEM technology is especially adept at managing workspace IoT devices, as many of the connected devices coming into the workplace are based on mobile-oriented operating systems. Open-source Android variants power many workspace IoT devices as well as standard operating systems, such as Windows and Linux, which many UEM platforms can handle. These management platforms can implement policies around what types of applications and data the devices can access as well as geofencing — alerting if a managed “thing” leaves a specific physical space or area.

Over-the-air software updates and configuration management is another key role for UEM in workspace IoT. Automation in this area will be critical as the growth in endpoint types goes beyond what’s manageable for an enterprise IT department. UEM platforms can also provision secure Wi-Fi and virtual private network (VPN) connections to such devices to keep them isolated from other network endpoints and ensure sensitive data accessed by the devices is secure.

The urgency to manage and secure workspace IoT devices is driven by the sensitive data these devices can access or generate. From the perspective of smart glasses, use cases in medical, manufacturing and engineering fields involve the wearer accessing data and applications regulated by compliance mandates such as HIPAA or internal controls over highly valuable intellectual property. The headsets themselves are high-value — commercial Microsoft HoloLens gear starts at $5,000 per unit, for example — and require detailed location and usage monitoring.

Ruggedized mobile devices and handheld equipment is another category of devices that require strong management and security capabilities. Rugged device management is also well-suited for UEM; endpoints such as barcode scanners, point of sale (PoS) terminals, inventory tracking devices and other field-deployed handheld devices have been based on proprietary or nonstandard device operating systems in the past. These are rapidly being replaced by standard mobile operating systems, such as Android. IDC forecasts 25 percent growth from 2018 to 2023 for such devices worldwide.

Endpoint Management Should Evolve Alongside the Growth of Nontraditional Devices

One global pharmaceutical company witnessed an explosion of new connected device types in a short period. The firm, which had used IBM Security MaaS360 UEM to manage its traditional end user computing devices, began seeing business units (not IT) roll out technologies such as Microsoft SmartHubs in conference rooms, and wearables such as Google Glass in its warehousing facilities to help workers find products more quickly. The company’s large logistics operation also operates a fleet of Zebra barcode scanning devices for supply chain tracking and inventorying. All of the data moving across these endpoints is highly sensitive — from information about new drugs shared in conference room platforms to sensitive drug supply and location data across the company’s supply chain.

The firm says it saw as many as 2,000 new devices come onto the network in a single month. The flexibility of MaaS360 — a cloud-based UEM platform — allowed the company to quickly scale up management, security and monitoring of these new device types, right alongside the traditional iOS, Android and Windows devices typically managed by the platform.

Unified endpoint management platforms should be considered the management, security and provisioning hub for all types of end user computing technologies, beyond just smartphones, tablets and PCs. Having management functions and visibility across wearables, ruggedized endpoints, specialty devices and other connected IoT equipment can give a business greater operational visibility and situational awareness when it comes to security.

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…