We live in interesting times. With everyone being so well-connected, it’s hard to believe they’re not actually attached at the hip to their smartphones to stay up to date in their personal and work lives. With so many different possible mechanisms to keep in touch, modern workers expect immediate, intuitive access to all applications, content and websites — both internal and external — without being encumbered by some heavy-handed management facility. On the flip side, enterprises still need to protect their intellectual property and the proprietary information that’s used to move their business forward.

Watch the on-demand mobile strategy webinar with Forrester analyst Chris Sherman

For businesses to deliver their future business transformation goals with endpoint and mobile, the support model needs to be simple and responsive — not only for the IT management staff, but also for the end user. As an additional requirement, it must be cost effective and scalable. And, by the way, you need a way to account for all devices, whether they are smartphones, tablets, laptops, desktops, wearables or Internet of Things (IoT) products via what is known as unified endpoint management (UEM).

A New Era of Mobile Device Management

Since the dawn of the mobile enterprise, organizations have aspired to gain visibility and actionable intelligence into all devices from single pane of glass. When smartphones and tablets — such as the iPhone, iPad and cutting-edge Androids — hit the market, consumers became accustomed to a new user experience (UX), driving enterprises to provide ubiquitous enterprise resource access to their employees. This was initially looked as a productivity boost, but the management approach was varied and disparate.

Apple and Google provided a set of application program interfaces (APIs) for management that somewhat simplified IT, but what about the PCs and laptops? These devices also needed to be managed, but that was accomplished with a completely different system (e.g., a client management tool) — one which was mostly delivered on-premises.

Enterprises accepted and embraced the mobile device management (MDM) API policy management functions and were confident in their protection capabilities. They also embraced the idea that the management system did not have to be on-premises: Enterprises could become more cost effective by managing the devices in the cloud via software-as-a-service (SaaS).

However, laptops and PCs were still the outlier when it came to API management. Yes, there was an API available for Macs, but these constituted a small percentage of overall devices in the enterprise.

There was a singular event that allowed UEM to turn the corner: Microsoft provided an API function resembling MDM for lightweight management of Windows 10 devices in July 2015. This opened the door for consistent management abilities across all device form factors, including smartphones, PCs, wearables and IoT.

The convergence that began in July 2015 was the crux for what is today considered UEM: One window, method and system that is cost effective and scalable for all devices that modern workers need to be productive in their daily work and personal lives. This management approach is the way of the future. According to “Mobile Vision 2020,” a commissioned study conducted by Forrester Consulting on behalf of IBM, “54 percent [of organizations] will have deployed UEM solutions by 2020.”

To accommodate this convergence, UEM solutions have emulated the functions that end users became accustomed to on their smartphones and tablets, giving rise to a new modern UX that is universally applicable and device agnostic. As UEM continues to cast a wider net, supporting more advanced device form factors, a device will remain a device. Visibility and actionable intelligence will remain key to security, and accommodating the modern UX will remain a priority of device management.

Apps and Content: All for One Approach, and One Approach for All

This device-agnostic approach to UEM is already making its way to the enterprise. Unified application catalogs, for example, give company administrators the ability to create a corporate library of apps for all devices and payload types. From the end user’s perspective, they can essentially control their own destiny; no matter what type of device they’re using, they have a way to install whatever application they need to address any use case at any time. As for the applications they cannot do without, administrators can silently push and install required apps so employees have all necessary programs.

Beyond application delivery, content must be easy to create, edit, save, access and share just as easily on a smartphone as on a hybrid laptop. Data must also remain protected, using everything from containerization to ensuring that the latest patches are applied across the most commonly used platforms, such as Windows 7, Windows 10 and macOS.

Device-agnostic management approaches such as these will only become more common in organizations over time. “Forty-two percent predict they will be moving to a device agnostic approach — up from 26 percent today,” Forrester stated.

People, Identity and the Five W’s of UEM

We’ve just established that UEM gives enterprise IT a unified approach for pushing apps and content to any device, all while ensuring the associated data remains secure. What else should it be able to accomplish?

A UEM needs to secure access to enterprise apps, locking down access to confidential content to the right party or parties. But that doesn’t mean the process should be impossible: Users of all device types should be able to authenticate, gain authorization and receive single sign-on (SSO) access to eliminate the need to enter credentials multiple times in one span of activity.

Because all devices form factors are enrolled, managed and secured from a single platform, UEM affords the user-based context that is typically absent but needed for businesses to ensure employees are accessing the right information at the right time.

Using that valuable context, here are the five W’s of UEM that will be critical for enterprises looking to strike a balance between productivity and security across endpoints. Each W builds on the next:

  1. Who: defining the identity of the person behind the device;
  2. What: determining the type of device are they using;
  3. When: deciding the policy that should be put in place;
  4. Where: finding the location of this person and device; and
  1. Which: confirming the apps and level of enterprise access they should have.

If you’re one of the brave few who will try to accomplish the final, most integral step of using multiple tools, you’ll quickly see why UEM is the futuristic way for businesses looking to get the most from their endpoints, end users and everything in between. If not for efficiency’s sake, you can also reduce your total cost of ownership (TCO) by consolidating your endpoint management to one solution. By 2020, “81 percent of organizations will be making reducing TCO a high or top priority,” Forrester claimed.

What’s Next for Business Transformation?

For organizations looking to achieve digital business transformation, UEM is just the first step. The growing number of endpoints and their associated data requires a newer, smarter approach to empower your organization be more efficient, enable your employees to be more productive and keep your corporate data secure.

In Part II of this series, we will venture into further into the evermore relevant grounds of IoT, outlining the management approaches your organization should consider today and what to expect for the future. Part III will delve into the final component of the UEM hierarchy of needs, which will be critical in achieving your business transformation.

In the meantime, watch the on-demand webinar, “Forrester Forecasts 2020: Is Your Mobile Strategy Aligned?” in which Wes Gyure, IBM MaaS360 portfolio offering manager, joins guest Chris Sherman, senior analyst at Forrester, for an in-depth overview of the “Mobile Vision 2020” thought leadership paper. Wes and Chris outline key findings from the study and provide strategy and investment recommendations for those planning their digital transformation over the next decade.

Watch the on-demand mobile strategy webinar

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read