Home Articles Endpoint device management and IT security

Endpoint device management and IT security

Toshiba endpoint

Does endpoint device management help or hinder IT security?

We’re seeing IT departments and managers continue to worry about the increased security risks that BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device) policies present. Data loss – both on a company and personal basis – in the event of devices being lost or infected by malware is high on the list of concerns held by organisations of all sizes. This is becoming increasingly difficult to control due to the vast number of devices and platforms that connect to business sensitive information, resulting in a potential security minefield that businesses are keen to avoid.

When considering endpoint management, businesses often focus predominantly on security. This is not just about the ability to apply policies to devices and knowing where they are, but essentially implementing patching and ensuring software is up-to-date and not at risk of vulnerabilities and hackers.

Recently, we have seen exploits such as Heartbleed and Shellshock have devastating effects on enterprises, proving how important it is for businesses to patch devices, particularly when outside of a secure network. Businesses are opening up to the idea of a more mobile workforce, but the main constraint continues to be the perceived security risk.

Companies want to empower their workforce by deploying mixed-device estates, allowing them to enjoy the best of PC and mobile.

BYOD and CYOD captures two types of device; firstly Windows PCs and secondly smartphones or tablets with mobile operating systems, such as iOS or Android. The challenge here is that companies often use different solutions to manage these two product arms. For example, Client Management (CM) tools for Windows PCs are a very different consideration compared to the Mobile Device Management (MDM) solutions which are used for devices with a mobile OS.

Today, companies want to empower their workforce by deploying mixed-device estates, allowing them to enjoy the best of PC and mobile worlds during their day-to-day working lives. This encompasses everything from smartphones and tablets, to Ultrabooks – all of which have the ability to access corporate data and apps.

At present, there is no single solution that unifies the device management space, so IT managers face the challenge of using both MDM and CM tools to manage the two very different environments. However, unified endpoint management solutions look set to evolve in order to overcome this challenge and revolutionise how IT managers can tackle this common headache.

Some systems are evolving to encompass both MDM and Client Management tools, with an example of this being Toshiba’s Cloud Client Manager (TCCM). Toshiba’s TCCM is evolving to include an MDM* together with its CMT capabilities.

With the solution sitting off-premise, customers can remove the cost and skills barrier that users of other solutions may face, as there is no need to install servers and employ additional staff to manage the upkeep of these servers. It also becomes much quicker and easier to deploy more mobile devices with a per-endpoint license, making it possible to work out exactly how much the management of devices will cost up front.

Currently, many companies implement restrictive strategies around mobility, rather than embracing new devices which could act as business enablers. This is because many businesses naturally remain concerned about off-premise security.

With this in mind, IT managers should carefully consider whether they are comfortable with entrusting business sensitive information to off-premise cloud providers. This is where solutions such as TCCM can become invaluable again, as this doesn’t handle any of a company’s data – the solution collects device data, rather than documents which are on the hard drive. With this set-up, any potential risk can be quantified, so IT managers can understand the parameters, helping to provide assurance that company data is safe.

From a wider cloud perspective, business owners should also make sure they are aware of where their data is residing, who can access it and which jurisdiction it is governed by. For example, if a company would prefer its data to be hosted in Europe rather than the US, its heads and IT team need to ensure they understand the risk, quantify it, and then decide whether the risk is manageable.

Again, businesses should ensure their provider has a sufficient level of security at their data centres. It is crucial for decision makers to understand exactly what’s in place before committing to a contract.

Overall, business owners will understandably, and quite rightly, continue to be concerned about data protection, but they should also have a strategy in place so they know what questions to ask and how to qualify that risk. Through using an endpoint management system and having the benefits of cloud based solutions, the risks can be minimal and the benefits extremely rewarding.

* MDM available in TCCM first half 2015.