Endpoint management

Endpoint management is the process of identifying, assessing, configuring and updating devices and systems so that users can reliably and securely use and access them to accomplish necessary tasks.

Your IT landscape has grown beyond desktop computers to encompass laptops, tablets, smartphones, peripherals and the Internet of Things. Endpoint use in your organization has changed from an inside-the-perimeter focus to work-from-home employees and remote workers. You’ve strived to keep pace in an effort to keep endpoint management on par with evolving maintenance practices, security patching and user behaviors.

This post explores the role of unified endpoint management in the enterprise, including its evolution, current state and what’s next, and dives into automation, endpoint diversity and security, traditional vs. modern endpoint management, and the role of the cloud.

The two main problems that arise in endpoint management

The need to manage endpoints (devices) has arisen from two main problems that face every enterprise.

The first is the Everything Problem, which takes three different forms:

  • Device types — As described above, your endpoints run the gamut from servers that sit in data centers to desktop PCs, laptops, mobile devices, printers and Internet of Things (IoT) devices. Your endpoints can run any one of a handful of operating systems including versions of Windows, macOS, Linux, Android and iOS. On top of that, conference room equipment and displays can run special operating systems.
  • Networks — Your endpoints are connecting to more than just your main, corporate network. Remote devices may connect to your main network through the virtual private network (VPN), but your work-from-home users have their own home networks, which you can’t secure. You contend with the public internet, which is anything but secure, and public clouds.
  • Identities — Single sign-on (SSO) enables you to federate identity for your company’s various applications, but you soon realize that yours is not the only identity your employees are using. They are logging onto internet sites with credentials of their own. That can give you nightmares for onboarding, offboarding and security.

The second issue is the Everywhere Problem. Some of your users stay inside your network perimeter in the office, some are there part-time, some are at home and some are always remote. Those users have the endpoints you’re charged with managing, but some of those endpoints rarely connect to your network directly. So how do you manage them?

Consider that wherever those devices go, access to your data goes. Your data is one of the biggest parts of the Everywhere Problem because it resides in your data centers and in your cloud apps like Microsoft 365. It can be in cloud-based storage systems like OneDrive or SharePoint or Google Drive, where it’s getting replicated. Your data is also being backed up to cloud backup systems, some of which you may not know about, especially from endpoints that aren’t under management.

The result of these problems is a highly fragmented, ever-evolving environment, and you turn to endpoint management to help you cope with it.

Merging endpoint management and endpoint security

Given that access to your data goes anywhere your devices go, the evolution of endpoint management is in how it blends with endpoint security. Consider how this evolution is playing out in three common industry verticals.

  • Healthcare — The state of medical office practice is that there is one endpoint or more in almost every room where care is administered. It may be a device on a cart or a kiosk-based patient check-in system that retrieves your account information and electronic medical records. Part of healthcare these days is all about the data, pushing the need for better endpoint management tools.
  • Education — Some schools are able to offer remote learning exclusively. And that’s not limited to adults; if you don’t want your children to have to attend a physical school, you can enroll them in a remote or hybrid learning school. Schools that provide laptops or tablets must manage those remote endpoints. And most school systems and universities also reimage their computers, usually during the summer months.
  • Enterprise — We all have work-from-home colleagues, many of whom predate the pandemic by years and years. IT has needed to adapt to that and figure out how to securely manage those endpoints.

Consider how the “corporate network,” as we’ve long known it, is shrinking. For one thing, most of your corporate data doesn’t even sit inside your corporate data center anymore. If you use Exchange Online or Microsoft 365, then most of your data is sitting in somebody else’s data center. You have to do more than just hope those providers are building security around your data and backing it up completely.

The other big factor is that the cloud elevates your management plane. With traditional tools, you have a line of sight between your corporate IT environment and the endpoints you’re managing. Now that your endpoints are remote, you need a way to reach them. For a long time, VPNs were your way of tethering remote devices to the network; you could manage the devices by effectively pretending that they were still inside the network. With cloud-based tools, you elevate your management plane above your network and move it into the cloud.

The transition from traditional to modern endpoint management

The corporate network used to be your primary defense perimeter, but the boundaries of your corporate IT environment are porous now. More of the devices that used to be considered “inside” your network are staying “outside” of it now, often beyond your control. The traditional security posture dictated that you would set up firewalls to keep intruders off of your corporate network. But too many breaches now occur because there really is no perimeter anymore, and that renders the traditional posture useless.

In other words, the more remote endpoints your organization has, the less traditional endpoint management will meet your needs. Hence the emergence of zero trust and modern endpoint management, which treats all devices and users as remote and untrusted.

How does traditional endpoint management work?

One of the advantages of traditional management is that it is a capable, mature discipline. Its task-oriented tools are well suited to bulk management scenarios and they have evolved over decades. They have grown up with the IT industry and so they help administrators manage growing populations of endpoints.

But the traditional endpoint management tool relies on the ability to see or communicate with the device you want to manage. If it’s an agent-based tool, the agent has to establish and maintain the ability to connect to the tool. Then, if it cannot connect when required, the traditional tool has to be able to reestablish that connection automatically.

How does modern endpoint management work?

As mentioned above, it’s a basic design principle that modern systems appliances treat every device like a remote one. Even for devices located in your secure corporate data center, you don’t blindly trust anything just because it wants access.

Vendors like Apple, Microsoft and Google automatically enroll and establish regular connections to the endpoint. Modern endpoint management is continuously at work for you with policies that are always being evaluated and revised. Every time an inventory runs on a device, the system evaluates the state of that device and brings it into compliance with your policies. The perpetual enforcement of device configurations is an important difference between traditional and modern endpoint management.

What’s next in endpoint management

So, what’s the next step in endpoint management, and what do we suppose the future of endpoint management will look like?

An important factor in the evolution of modern endpoint management is the move to cloud computing. Consider the increasing adoption of Azure Active Directory, with Microsoft 365 quickly becoming the hub of the enterprise, especially in organizations that run on Windows. The data center is moving into the cloud, which means that you’ll have more endpoints managed from the cloud, including laptops, servers, non-computers, mobile devices and IoT. They all contain data. They all have security needs you need to manage.

Here are three trends in cloud adoption that will affect the future of endpoint management:

Applications

Applications were the first thing that went to the cloud, supplementing many traditional desktop applications. That enabled your coworkers to start doing more of their job on a mobile device, through the cloud. But it also created a problem for IT administrators because onboarding and offboarding entailed more than just cleaning up local data environments and deprovisioning identities. Now they entail logging into the cloud apps as administrators and creating or deleting user accounts, then transferring any associated tools to new users.

Identities

Out of necessity, then, the next thing to go to the cloud was identities, with protocols that enable federation of identity. Admins can disable an account in Azure Active Directory or their local Active Directory with high confidence that federated applications will be disabled for that account.

Domains

As mentioned above, the data center is also moving to the cloud. Hyperscalers have long touted the cloud as the ideal site for business-critical workloads that need more stability. If you anticipate a spike in traffic and need to quickly scale up to process it, the cloud is meant to be the best place to do that. Companies were quick to move very focused workloads there. Now, though, the data center is moving to the cloud in much grander fashion with everyday workloads like Microsoft 365, Exchange Online and SharePoint.

Automate patch management and endpoint management

Patch, secure, and manage every endpoint

Automate patch and endpoint management – including third-party applications from the cloud.

From a financial perspective, moving the data center to the cloud is appealing. Companies have gotten accustomed to not having to staff up to manage infrastructure and upgrade servers every few years, as they used to.

Conclusion

The need for endpoint management has become more acute as enterprises realize that they face both an Everything Problem and an Everywhere Problem. More devices are going in more directions with more data on them, and IT is tasked with managing them. As time goes on, endpoint security will become a bigger part of endpoint management because corporate data no longer stays inside your corporate data center.

Traditional endpoint management is giving way to modern endpoint management, in which all devices are treated as though they were remote. Modern endpoint management systems maintain enrolled devices and keep them compliant with security policies. The main factor is flexibility. Consider an integrated solution that gives you the versatility to manage groups of devices with different use cases with the best management method now and in the future.

Robust approaches have evolved for applications, identities and domains in the cloud. They represent areas where endpoint management can help companies keep up with user behavior and business realities both outside and inside the traditional perimeter.

Redefining endpoint management in the modern IT landscape

Cyber security expert Nick Cavalancia discusses the latest security risks and compliance vulnerabilities endpoint devices are creating and how best to overcome them.

Watch Now

About the Author

Ken Galvin

Ken Galvin is the Director of Marketing for the KACE Unified Endpoint Management and Data Protection solutions of Quest Software’s Information Systems Management business. He has been with KACE for eight of his sixteen years at Quest where he previously managed Product Management for other products related to datacenter and endpoint management. Ken lives with his wife in Virginia 1.5 hours west of Washington, DC where they raised their four adult children.

Related Articles