Effectively Manage and Protect Your Endpoints using Unified Endpoint Management (UEM) Solution

How can you effectively manage your growing fleet of endpoints and devices while successfully avoiding attacks?

Effectively Manage and Protect Your Endpoints using Unified Endpoint Management (UEM) Solution
Effectively Manage and Protect Your Endpoints using Unified Endpoint Management (UEM) Solution

Limiting users isn’t the best answer. People expect to access the tools and resources they need, when they need them, and on the devices of their choice. But, as the number of endpoints increase, so do attacks.

You need intelligent technology that protects all devices in your ecosystem, adapts dynamically – and finds vulnerabilities before attackers do.

You don’t just need a Unified Endpoint Management (UEM) solution, you need a Unified Endpoint Management and Protection solution.

Table of contents

Why Organizations are Moving Towards Unified Endpoint Management and Protection
Unified Endpoint Management and Protection is the Natural Evolution from Where We’ve Been
Look for Unified Management and Protection Capabilities Consistent with the Principles of “Zero Trust”
Five Reasons to Take a Closer Look at Unified Endpoint Management and Protection
Summary and Key Takeaways: What to Look for in Unified Endpoint Management and Protection

Why Organizations are Moving Towards Unified Endpoint Management and Protection

As of 2019, mobile devices (i.e., smartphones, tablets) comprise about one-third (23% iOS, 10% Android) of enterprise endpoints for organizations in North America and Western Europe, with traditional endpoints (i.e., PCs, laptops) making up most of the rest (47% Windows, 17% MacOS).

Unified Endpoint Management (UEM) generally refers to an approach for managing this increasingly diverse mix of enterprise endpoints from a common, centralized platform — as opposed to current approaches, which typically involve an unwieldy hodge-podge of point solutions. In many ways, the marketing term “UEM” is already a misnomer, as leading solution providers are focused not only on modernizing endpoint management but also on improving endpoint protection.

In Aberdeen’s recent benchmark study, it comes as no surprise that the current deployments of UEM were directly correlated with the size of the organization, as shown in the following chart. The greater the diversity and scale of enterprise endpoints — and the more essential the role of endpoints in enabling the organization’s strategic business objectives — the greater the business value of unified endpoint management and protection.

The Greater the Diversity and Scale of Enterprise Endpoints, the Greater the Value of Unified Endpoint Management
The Greater the Diversity and Scale of Enterprise Endpoints, the Greater the Value of Unified Endpoint Management

Looking forward, we can expect leading solution providers to help organizations to apply integration, intelligence, and automation for the management and protection not only of traditional endpoints and mobile devices but also of a wide range of other connected devices (aka “Internet of Things”). Given the exponential growth in both scale and speed of how enterprise endpoints are deployed — as well as attacked — it’s clear that traditional reliance on humans alone (e.g., for pushing policies and updates, monitoring employee behaviours) can no longer keep up.

Unified Endpoint Management and Protection is the Natural Evolution from Where We’ve Been

Modern organizations are increasingly embracing the use of mobile devices to achieve their strategic goals for digital transformation, collaboration, productivity, and operational efficiency. At the same time, however, they must also address the associated risks related to security, privacy, and regulatory compliance from their use of mobile devices — as well as rapidly evolving user expectations.

In the early days of mobility, a common enterprise response to the pressure of supporting Bring Your Own Device (BYOD) was to just say no, followed quickly by the implementation of a variety of technical controls designed to bring all mobile devices “under management.” For example, Aberdeen’s research shows that mobile device management, mobile application management, mobile device encryption, and enterprise rights management are now widely deployed by more than 3 out of 5 respondents.

A Common Enterprise Response to BYOD was Implementation of a Variety of Technical Controls Designed to Bring Mobile Devices “Under Management”
A Common Enterprise Response to BYOD was Implementation of a Variety of Technical Controls Designed to Bring Mobile Devices “Under Management”

In fact, most organizations in Aberdeen’s study have already deployed a large and complex portfolio of security tools, products, and services related to mobile and endpoint security — across all respondents, the range is between 12 to 45 different solution categories, with a median of 29. Increasing the degree of integration and automation across an increasingly diverse mix of devices and applications is another key source of business value for deployments of UEM.

More recently, the massive user adoption of mobile devices for personal use has also changed our collective expectations regarding their dual-use in the enterprise. Today, access to enterprise resources — from any device, at any time, from any location, over any network — is widely considered to be table stakes for user productivity and convenience. At the same time, enterprise users are also more apt to expect that “my device, my data” also implies “my privacy and my control.” Said another way, enterprise users increasingly feel that their employer has every right to manage their own applications and data on their personal devices… but not theirs.

As both workflows and work habits continue to evolve, so must the approach to managing and protecting the large and diverse mix of enterprise endpoints that make it all possible. Organizations want their security to adapt to their users, not the other way around.

Look for Unified Management and Protection Capabilities Consistent with the Principles of “Zero Trust”

To address these current trends, enterprise endpoints — regardless of whether they are owned directly by the enterprise itself, or by the users — are increasingly being assessed for threats and vulnerabilities before being granted access to enterprise infrastructure and data, and continuously monitored for posture/health and normal user behaviours while connected.

This approach reflects the principles of zero-trust security, in which access to enterprise resources is always conditional on establishing a level of assurance for devices, users, and normal behaviours and locations, both before and after the initial connection. In Aberdeen’s research, solution capabilities consistent with the principles of zero-trust security are among the highest for planned deployment over the next 12 months, including:

Mobile threat defence (23%), which is designed to detect and defend mobile devices in real-time against threats and vulnerabilities at the network, device, OS, and application level.

Adaptive access controls (18%), which are designed to provide the vast majority of users with friction-free access to enterprise resources, by using dozens of under-the-covers technical indicators to make a real-time evaluation of the current risk — and to require a higher level of assurance for user identity, as needed.

Directionally, Enterprises are Looking for Endpoint Management/Endpoint Security Capabilities that are Consistent with the Principles of “Zero Trust”
Directionally, Enterprises are Looking for Endpoint Management/Endpoint Security Capabilities that are Consistent with the Principles of “Zero Trust”

Five Reasons to Take a Closer Look at Unified Endpoint Management and Protection

  • The likelihood of mobile phishing attacks is high, in terms of both encounter rates (a median of 22%-27% of all mobile devices) and user click rates (a median of 8-15% of all mobile users)
  • The window of vulnerabilities for mobile devices is wide, in terms of time to patch with the latest updates (a median of 6-7 weeks)
  • The likelihood of a data breach is high, with about 4 out of 5 (80%) organizations experiencing at least one data breach in the last 12 months; 75% of data breaches are relatively small (less than 10K records), but there’s still a non-trivial likelihood of a mega-breach (more than 1M records) as the headlines regularly attest
  • The operating cost of current approaches is high, with organizations spending a median of 48% of their annual IT Operating Expense (IT OpEx) on managing and protecting their endpoints
  • The likelihood of compliance-related issues is high, with about 6 out of 7 (86%) organizations experiencing at least one material issue of non-compliance in the last 12 months

Summary and Key Takeaways: What to Look for in Unified Endpoint Management and Protection

To keep pace with the growing diversity and scale of enterprise endpoints, organizations are increasingly looking to leading providers of unified endpoint management and protection solutions to help them simultaneously keep their users connected and protected, by:

  • Streamlining and fast-tracking the “good,” i.e., enabling the positive, sought-after, upside impact of collaboration, productivity, convenience, and higher scale at a lower cost related to enterprise mobility initiatives
  • Reducing the risk of the “bad,” i.e., protecting against the negative, unwanted, downside impact of threats, vulnerabilities, and exploits related to security, privacy, and regulatory compliance and the use of enterprise endpoints, regardless of the question of “ownership”

For organizations who are considering unified endpoint management and protection deployments, a high-level checklist for key solution selection criteria include:

  • A common platform for managing users, devices, applications, and access policies — with separate workspaces or containers for enterprise data and personal use
  • Protection, detection, and remediation from the large and growing landscape of endpoint threats, vulnerabilities, and exploits — for the devices themselves and for the data (whether on the device or in transit)
  • Visibility and control over enterprise resources, while also respecting user privacy and control over their own personal devices, apps, and data — even when devices are lost or stolen
  • Adaptive policies and controls, based on an intelligent, real-time assessment of risk factors such as device identity and current posture/health; user identity and behaviours; application identities and behaviours; and current context (e.g., network, geolocation, time of day) — to keep pace with evolving work habits and workflows
  • Conditional access, consistent with the principles of zero-trust security — regardless of whether endpoints are owned directly by the enterprise itself, or by the users
  • Flexible deployment options, to support organization-specific requirements for control, cost, and scale

Source: BlackBerry

Published by Tommy Droste

, Windows Insider MVP, MCP, MCITP EA and SA, has almost six years technical writing experience. He is now the author of Pupuweb Blog. Before working as a writer, He was a technical support helping people to solve their computer problems. He enjoys providing solutions to computer problems and loves exploring new technologies.