Endpoint Management and Security – More Effective as Partners than Adversaries

Sep 2, 2016 10:59:52 AM

The primary function of enterprise IT management is to empower end users with access to technology resources that will boost their productivity and job performance. However, this focus is at odds with the core precepts of IT security which are adopted to minimize the exposure of enterprise systems, applications, and data. I recall that in a number of IT operations management adventures throughout my career, I often joked with colleagues that the most effective way to create a secure environment is to simply shut down all computers in the data center. Naturally, management executives dependent on the IT infrastructure to generate revenue were not amused by my flippancy…and even less happy that their workers had to “jump through hoops” to gain access to IT resources.

Traditionally, maintaining the practices necessary for achieving both security and accessibility requirements have been tantamount to an arm-wrestling contest—with each respective IT manager struggling to dominate the other to ensure their particular set of requirements are achieved. The broad expansion of accessibility requirements that has arisen over the last few years to support workforce mobility has only exacerbated the problem. Business professionals are now demanding unprecedented access to enterprise applications, data, and services from any device at any location at any time. While many organizations may be sorely tempted to simply lower security restrictions to satisfy user requests, the damaging effects of breach events increasingly reported by media outlets along with a need to achieve regulatory compliance objectives forcefully apply counter pressure on IT operations to maintain strict security policies.

Security, however, does not need to be an adversary to IT management. Practices satisfying both sets of requirements can be complementary, rather than contradictory. For instance, patching and updating, which are essential processes for both IT disciplines, traditionally employ common procedures for monitoring, distribution, and installation. The key to establishing similar synergies to meet today’s evolving enterprise IT requirements is to ensure security in a way that is invisible to end users and not impactful to their productivity. Here are just a few methods for accomplishing this:

  • Employ multifactor authentication that has minimal impact on user productivity. For instance, the use of a single sign-on platform minimizes the number of passwords users must input. Also, device authentication and biometrics can be employed to authorize access to business services without requiring any user interaction.
  • Encryption should be employed on all enterprise data when stored on the hosting environment, in transit over a network to a remote device, or in active use. This ensures data is only accessible by authorized personnel while allowing it to be used and distributed in ways that best enhance user productivity.
  • Provide secure methods for data sharing that are easy to use. A secure, business-dedicated email package, networked data storage location, or other simple method for distributing files and software will enhance user collaboration while keeping sensitive information under the control of the enterprise.

Whatever actual methods are employed for security assurance, processes are always more effective and efficient when managed through the same console used for endpoint management. Nowhere is this value more evident than with the employment of a common set of user profiles. Profiles define access rights, software configurations, application license availability, and a host of other attributes that determine how users and devices will be serviced by the enterprise. By employing a common set of profiles, conditional access can be granted based on user states. For instance, compromised devices (e.g., rooted, jailbroken, lost, stolen, or terminated employee devices) can be rapidly identified and automatically blocked from accessing business resources. Access can also be limited based on a user’s physical location, network access, or device configuration. These kinds of dynamic security enforcement practices are only possible with a unified approach to security and endpoint management.

With limited budgets and resources, IT organization must make strategic decisions on which IT operations disciplines will deliver the best value to their business. Solutions that are solely security-focused or management-focused will not effectively meet requirements in both essential categories, and purchasing two independent platforms is neither cost-effective nor efficient due to the lack of integrated processes. To be successful in meeting expanding requirements for ensuring endpoint performance, resource availability, and user productivity without compromising on security, organizations should adopt management solutions that unify endpoint support for all managed devices from a single console interface.


Steve Brasen

Written by Steve Brasen

Steve Brasen is a Research Director leading EMA’s practices covering endpoint management, identity management, and access management. Steve’s career at EMA follows 20 years of “in-the-trenches” enterprise experience in IT management, operational support, and engineering for high-technology, telecommunications, and financial institutions, including: MCI Worldcom, Bell Communications Research, UNIX International, Salomon Smith Barney, and Agilent Technologies.

  • There are no suggestions because the search field is empty.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts