Device management has evolved as the conventional boundaries of corporate environments have gradually dissolved. With the rise of hybrid work policies and a workforce operating beyond the confines of the traditional office, organizations have begun to reassess their device management strategies.
Let’s set the stage. What is a device management strategy?
Device management ensures that controls are in place for organizational devices to be secure, up-to-date and in compliance with company policies. A device management strategy ensures that the tasks and responsibilities regarding provisioning, ongoing usage and off-boarding of enterprise devices are part of a standardized process, and acceptable bring-your-own-device (BYOD) use cases are established.
Without a device management strategy, your organization lacks the controls to manage the devices and automation that streamlines IT services to deploy endpoints. Your administrators are unable to run routine scripts, install apps and deploy patches and they have inadequate encryption for traditional and modern devices. You run the risk of having unprotected, sensitive data on company-or employee-owned-devices, which increases the likelihood of data and security breaches.
The main challenges of device management
Most of the things that keep IT administrators up at night have to do with the continuing evolution of work. When everybody went into an office and worked inside the firewall and the network perimeter, it was easier for admins to find and manage devices. Not every company operates that way now.
In the era of remote work and working from home, devices can be – and usually are – anywhere. They’re not necessarily in the corporate office. The erosion of the traditional, corporate perimeter has IT asking some very compelling questions:
- Do our devices have and enforce their own perimeters?
- As users work around town and around the globe, can we still ensure some level of control over their devices and manage them?
- Are the devices themselves secure, wherever they may go?
- Are our communications within those devices encrypted?
- Is data encrypted while at rest? Is it encrypted in transit?
- Where does a device management strategy go from here?
Data from Verizon shows that 45 percent – almost half – of surveyed companies reported a compromise related to mobile devices in the previous twelve months. The numbers were even higher for multinational companies. That indicates not only the importance of device management but also the increase in attack surface that comes from being global.
On top of that, mobile devices are frequently lost and stolen. To be pessimistic yet realistic, you should assume that the likelihood of recovery is low and that, from a data security perspective, any missing devices are now in the wild. You’ll want to equip yourself to wipe, lock or reset out-of-hand devices so that the data on them and the network access they represent don’t pose a threat.
Finally, IT is justifiably skeptical of installing a burdensome agent onto hundreds or thousands of devices, then having to troubleshoot user complaints. They want the control, but they don’t want to add bloat and overhead. If they do have to install a device management agent, they want it to be lightweight, consuming as few CPU cycles and as little RAM as possible.
The landscape of device management strategies
Traditional device management has been around for a long time. Mobile device management (MDM) has come along to deal with the changes in technology and the evolution of devices people use to get their work done. And now, modern device management strategies have emerged as the confluence of traditional and mobile device management.
Traditional device management
Traditional device management arose in the client-server era, when most people worked on PCs connected to a central server or data center. An agent installed on the client communicates with a management server on the same network, and the network determines which machines the server can manage.
Traditional management offers IT administrators a great deal of control over and insight into devices. That includes the classic device inventory: information about the hardware and software of each device and how they’re running. It offers configuration management and allows admins to create and run scripts to, say, install apps. Most importantly, traditional device management includes the ability to install updates and security patches, whether to the operating system itself or to the applications running on the devices.
Mobile device management
Mobile device architecture is different from traditional architecture, so it would make sense that device management is different as well. Mobile device management entails an enrollment process in which, instead of sending you out to control devices, makes the devices come to you. Enrollment installs a configuration profile on the device that sets policies and allows them to be implemented.
Architectural differences also mean different features. Unlike desktop computers and most laptops, mobile devices have a GPS chip, so their location can be tracked. Because most new software gets onto a mobile device through an app store, it’s useful to integrate mobile device management with online stores like Apple’s App Store and Google Play. That ties into creating allow- and deny-lists, which let you control the apps people use in your corporate environment and on your network. You can also enforce the restrictions and policies you put in place to ensure users don’t somehow get around them.
Finally, mobile devices are more easily lost and stolen than desktop machines. You have a security advantage when you can manage the device by wiping, locking or resetting it remotely.
Modern device management
Modern device management is the convergence of traditional and mobile device management to get the best of both worlds. That means you have the flexibility to handle devices that could be just about anywhere, while still exercising tight, traditional control. However, that combination is not always evident in the protocols on which more traditional mobile device management is based. Modern device management uses an agent to add functions that further marry traditional and mobile capabilities.
Why it’s important to incorporate a modern device management strategy
In most companies, the highest priority is to mitigate the risk of vulnerabilities and data breaches that cost money and put corporate reputation in jeopardy.
A modern device management strategy gives you a handle on that risk and provides the flexibility to respond quickly and accurately to device theft and breaches, and helps reduce overall burden on IT admins.
Smart admins are becoming involved in the broader work of achieving business initiatives. With more skin in the game, they’re keen for tools that free them up for higher-value tasks. By adopting a modern device management strategy most tasks can be moved to the cloud and are designed to be intuitive, centrally managed, and easy to execute without waiting months to deploy software and train staff.
In most organizations, the main role of device management is in preparing devices for the workforce, especially in onboarding new hires and new users.
Increasingly, IT sees that what comes from the factory is often good enough for their environment. Instead of perfecting and installing golden images, your admins can simply add their own settings, including special applications and configurations for securing and restricting the device.
Modern device management incorporates the enrollment model of mobile device management, such that organizations can drop-ship a device to remote users, who simply power it up. The device connects to the internet and the operating system vendor enrolls it to your business, applying the configuration you’ve specified. Your users don’t need to visit IT in person; they can have the device configured automatically and remotely wherever they’re working.
Considerations when developing a device management strategy
The following considerations are necessary in determining factors for a modern device management strategy.
Are your operations dependent on employees being inside the firewall?
It’s a question of operational flexibility. Can your company operate effectively when devices are outside the firewall? Can your employees work anywhere that suits them? The pendulum has swung very quickly toward work from home; did your organization negotiate that change successfully? Do your employees need to be in the office to be productive? If your business applications or processes depend on employee presence, or if your devices require a direct, physical interface to machines on the same network, then migration will be difficult.
Is your authentication and identity management up to snuff?
Single sign-on (SSO) and multi-factor authentication (MFA) come into play. Can you implement them and move off of obsolete schemes for ensuring users are who they say they are? Do those solutions work properly regardless of location, such that users can access the company intranet without being inside the firewall?
Can IT teams manage devices from the cloud?
A lot of modern device management is rooted in cloud computing. Does your IT staff have a policy or mindset dictating that device management should be run from your data center? That would be a non-starter for cloud. Your IT team and entire organization should be favorably disposed toward cloud computing to start down the path of modern device management.
How do you distribute applications and patches?
Especially in larger organizations, traditional management is characterized by distribution points that often take the form of network shares. A global company may stage its software distribution across sites in, say, Tokyo, Boston and London. That boosts throughput and reduces latency for devices in the highest-priority regions when updates and patches are released, but it represents a significant investment in infrastructure. If your company has distribution points around the world, is it committed to continued reliance on them for getting software onto devices? Or are you willing to migrate toward distribution from the cloud, over the public internet?
Though IT teams will gravitate toward whichever approaches allow them to most easily find, manage and secure devices anywhere, device management has evolved and the way organizations approach their device management strategies must evolve as well.