With more people logging in from more devices and more places, it’s more important than ever that IT can track, manage and control who does what.
Endpoint Management (EM) lets IT teams manage an organization’s endpoint devices—including laptops, tablets, PCs and servers—from a single control point. By providing visibility throughout a device’s lifecycle, EM helps configure, patch and monitor endpoints, providing data to help security teams identify and repel cyberattacks.
When COVID-19 hit, many IT operations teams were still adjusting to a changing world, from one with PCs managed behind corporate firewalls to a complex stew of company and employee-owned computers, phones, tablets and sensors.
Aside from the administrative burdens of the new mobile enterprise — keeping tabs on who owns what, and which applications and data they can access — it also created increasingly irresistible targets for cybercriminals. In 2019, 68% of companies were victimized by some kind of attack made through these endpoints, according to the Ponemon Institute.
Phishing attacks, for example, were the leading source of successful breaches, according to Verizon. For bad guys, it’s simply a lot easier to fool an unsuspecting employee to click on a well-crafted malware-packed email than to execute, say, a massive denial of service attack or tapping into a well-defended corporate network.
68% of companies were victimized by some kind of attack made through endpoints in 2019
EM, then, provides a comprehensive way to lower the cost and increase the security of managing these devices—from remotely configuring them to conform with company policies to keeping them continually patched. Rather than deploy an army of IT and security specialists, EM tools let IT leaders enforce policies on everything from the length of passwords to wiping clean the hard drive of departing employees.
How does endpoint management work?
Over the decades, companies have invested in multiple systems to manage and secure new generations of devices. Mobile device management systems emerged in the late 2000s, allowing companies to create secure partitions on millions of employee-owned smartphones coming onto the network. Performance monitoring systems helped IT troubleshoot technical problems, and Enterprise Mobility Management systems added the ability to track not only the hardware, but the apps and data people could use on them.
Modern EM is designed to track devices for the entire lifespan of the device, regardless of operating system or form factor. EMs also perform so-called lifecycle management for both company-owned and employee-owned devices. The software monitors every device so they comply with company policies, remediates problems and handles a grab bag of discrete tasks, from setting up an employee’s PC with the latest version of Zoom to booting the device off the network if the person is terminated.
When implemented properly, EM can also help unify two critical groups of employees—IT professionals (who focus on maintaining stability to keep everyone’s devices working) and security specialists (who focus on defending against ever-changing threats). A 2019 Tanium study found that 52% of CIOs and CISOs had failed to update or patch a potential security vulnerability because they feared disrupting IT operations. By providing a single source of truth about who is using what devices to access which applications, EM makes it easier for both sides to do the right thing.
EM can help unify two critical groups of employees—IT and security specialists
Key benefits of Endpoint Management
- Improved IT hygiene. Scary, new “zero-day vulnerabilities” may garner big headlines, but 97% of all security breaches are the result of poor security hygiene. Obviously, the culprit could be the failure to install a security patch with latest virus signatures. But good hygiene goes beyond security-specific operations. EM helps make sure that a device’s OS is up-to-date and that they aren’t running old, easily hacked applications.