Ensuring Security with Modern IT Endpoint Management

What is required is a strategy that makes onboarding a new Windows PC as easy as getting a new phone.

PC security

Work habits already were changing pre-pandemic, with employees becoming increasingly mobile. Today, employees largely work from home and are not going anywhere; however, from an IT standpoint, they’re still considered mobile.

This dynamic has changed once-simple tasks, such as updating an operating system, into a complex, multilayered undertaking, driving companies to look for new ways to manage their distributed workforces while ensuring security.

Modern endpoint management defined

What is required is a strategy that makes onboarding a new Windows PC as easy as getting a new phone, says Jim Cooper, Chief Technologist for Personal System Services at HP. Nearly everyone today knows how to configure a new phone: Merely enter your username and password, and almost everything is migrated from your old device to the new one via the cloud, including your applications, data, and settings.

Giving users that same experience with PCs means moderninzing the classic “gold disc” approach to be similar to users’ experiences in the mobile world. Enabling a self-service experience is important for a majority of users because work-from-home policies that protect employees from COVID-19 also reduce access to in-person IT support.

While an off-the-shelf, mobile-like experience is great, there are limitations. Windows applications can be large, and depending on the employee’s location, he or she may face limited bandwidth availability, or get service from an Internet provider that charges per GB. To compensate, vendors such as HP now offer endpoint management services that include pre-provisioning of devices; the devices come with applications preloaded and security settings already configured. Users get the same out-of-the-box experience as they do with mobile.

One of the biggest challenges for customers looking to modernizing Windows management is moving group policies from Active Directory into a mobile device management (MDM) console or unified endpoint management (UEM) system, such as Microsoft Endpoint Manager or VMware Workspace ONE. The benefit of a UEM to IT is the ability to manage Windows and other operating systems commonly in the workplace – Android, iOS, macOS, etc. – using a standard approach based on guidance from the Open Mobile Alliance (OMA) Device Management (DM) Working Group. Hopefully, in the future, we will see UEMs create interpretors that convert policies into the appropriate controls for all OSs used within the organization, Cooper says.

To begin the journey, IT needs to take steps to move the on-premises group policies used to configure and enforce Windows settings when a device is connected to the corporate network to the UEM; this would enable those settings to be configured and enforced over the Internet.  Unfortunately, this is difficult for many organizations that have not reviewed and maintained their policies over the years. To simplify the work, Microsoft and other organizations have published modern security baselines. Even with that, Cooper says, many IT organizations have been slow to change, limiting their ability to enable a self-service experience for remote workers.

Once customers move their device configuration and security controls to a UEM platform, they have the ability to improve their threat posture by defining Zero Trust Policies. For Microsoft 365 environments, that would include the ability to define policies where devices and users must meet certain requirements to access corporate applications, data, and services.

Modern, cloud-based endpoint management offerings also can provide proactive security and threat analytics. By looking at traffic to and from devices, and applying artificial-intelligence-based analytics, the tools can identify malicious threats with far greater accuracy than previous generations − including zero-day threats.

Getting there from here

In its November 2020 report, “The New Frontier of Endpoint Management,” Forrester Consulting developed five recommendations for IT decision-makers looking to update and modernize their endpoint management strategies:

  1. Understand the ever-evolving roadmap for modernization, which includes gaining visibility, transforming policy, modernizing update management, rationalizing applications, and implementing analytics capabilities.
  2. Identify key groups that could benefit from modern management, recognizing that you don’t have to modernize every endpoint right away. (“Maybe start with sales folks who have always been out of the office,” Cooper recommends.)
  3. Make modern management palatable for security pros, such as by providing modern endpoint management platforms that support Zero Trust.
  4. Hire a partner to fill expertise gaps with skillsets in areas such as mobile management for PCs, ensuring quality endpoint performance through cloud-based management tools, and pre-configuring devices before shipping to users.
  5. Factor in change management, including training employees to deal with the changes mobile devices entail and any new applications.

Cooper adds a sixth recommendation: Be ready for change. “Change can be challenging, so customers may want to consider working with a partner to help them transition to a modern experience,” he suggests.

HP can help you address modern management needs with its lineup of services, including HP Security Services; HP Lifecycle Services, which includes HP Configuration Services to help with device configuration and deployment; and HP Manageability Services, including proactive endpoint device management. For IT, the services provide peace of mind as well as the freedom to focus their time on more strategic endeavors.


Copyright © 2021 IDG Communications, Inc.