Part 4 of eWEEK’s “Home as Enterprise Branch” series discusses why enterprises now are focusing heavily on updating the endpoint management of their desktop PCs, laptops, phones, tablets, video equipment and other devices housed in home offices-turned-corporate branches here in 2021.
Remote work is driving more unstructured data sprawl than ever in the history of digital anything. Whereas before the pandemic (pre-2020), most business data emanated from highly-secured commercial offices, now it’s estimated that more than half of all these important files are coming from places (gulp!) that might be wide open to interception from bad actors trying to make a profit off holes in security. Some of those are gaping ones that any rookie hacker can crack in a matter of minutes.
This is precisely why enterprises now are focusing heavily on updating the endpoint management of their desktop PCs, laptops, phones, tablets, video equipment and other devices housed in home offices-turned-corporate branches here in 2021. The fact is, since a majority of workers are finding advantages in working at least part of the time from home, they want to keep this in play as long as possible, and companies are obliging them. There are advantages for employers here, too, but that’s another story.
“We heard from our customers about this: 67% of IT executives are concerned about unstructured data sprawl, and more than half say remote work is the main culprit. My reference is to data across multiple apps, multiple clouds,” Vineet Jain, CEO of Egnyte, said during a recent #eWEEKchat on this very topic.
Data sprawl is literally everywhere
“There has always been some WFH (in the corporate mix), but the sheer scale of that today, and how organizations have to embrace it is really the difference. Along with the cloud, it is really the final nail in the coffin of the ‘security perimeter’ as an architectural approach to security,” Gorka Sadowski, Chief Strategy Officer at Exabeam, said on the #eWEEKchat.
“Zoom became a verb during Covid, and that is despite all the incumbents and alternatives, Webex, Skype, FaceTime, etc. Maybe because of the UX?” Sadowski said. Many people would agree.
Part 4: Selecting Endpoint Visibility, Management for WFH Employees
Policies need to be gently enforced for users
Jain of Egnyte said that for corporations to have more control, enforcing data governance policies without the tech getting in the way is key.
“Further, getting the content management architecture right is key. Examples are files sitting on unsecured devices, data loss and mismanaged permissions,” Jain said. “The attack surface has grown exponentially, so even basic things like hardening your routers, keeping anti-virus up to date and centralizing content in one ‘logically unified’ silo are some of the means to meet the security challenges.”
So how does a company go about upgrading its system so that all of the above happens, and that bad actors don’t get inside and cause mayhem? Ransomware numbers are way up the last two years, yet the general public doesn’t hear much about those exploits at all—largely because it’s extremely embarrassing to a company, not to mention surrendering to a ransomware crook is generally not seen as an asset by shareholders.
Based on Gartner Research’s 2020 UEM market report, eWEEK here features three leading companies’ solutions in this article. To find more information on more endpoint management market leaders, see eWEEK’s library on the topic.
Defining Unified Endpoint Management
Gartner Research defines the UEM tools market as a set of offerings comprising mobile device management (MDM) and management of personal computers, via traditional client management tools (CMTs) or modern management, through a single console that also combines the application of data protection, device configuration and usage policies. Modern UEM tools:
- Provide a user-centric view of devices across device platforms.
- Enable modern PC management through native Windows 10, macOS and Chrome OS controls.
- Enable MDM through native iOS and Android controls.
- Aggregate analytics and telemetry from users, apps and devices to help inform policy and related actions.
- Provide insights into user experience through aggregation of telemetry signals, events, logs and synthetic transactions.
- Integrate with unified endpoint security (UES) tools to support security policy management, execute administrative actions and improve integration with identity and access management (IAM) tools.
VMware Workspace ONE
In the 2020 Magic Quadrant for Unified Endpoint Management (UEM), Gartner recognized VMware as a leader for the third successive year. VMware’s centerpiece here is its Workspace ONE UEM product, an end-to-end solution which:
- enables customers to drive workplace modernization, implement zero trust and improve employee experience;
- delivers a device-agnostic user experience across all major mobile and desktop platforms through deep integration with single sign-on (SSO), remote access, endpoint security, identity; management, desktop and app virtualization, and numerous third-party solutions;
- uniquely enables traditional and modern PC and mobile management from a single console, and fully supports customers migrating from traditional network-based CMT to modern UEM-based PC support; and
- helps organizations maintain business continuity with scalable digital-first infrastructure, flexible virtualization solutions, and intelligent and secure device management that keeps employees productive and engaged anytime, anywhere.
VMware’s Workspace ONE is focused on providing improved employee experience through UEM, virtualization, analytics, apps and workflows. Its operations and clients tend to be geographically diversified. VMware continues to invest in helping customers drive workplace modernization, implement zero trust and improve employee experience, anchored by Workspace ONE Intelligence and Carbon Black endpoint security integration.
What separates it from competitors
- End-to-end solution: VMware enables remote work and a seamless, device-agnostic user experience through its deep integration of UEM with single sign-on (Workspace ONE Access), remote access (Workspace ONE Tunnel), endpoint security (Carbon Black), and desktop and application virtualization (Horizon); and support for many third-party solutions. Social media analytics highlight satisfaction with the remote onboarding feature, which has taken on increased importance during the COVID-19 pandemic.
- Ease of use: VMware offers seamless integration of traditional and modern PC and mobile management techniques through the same console, in addition to in-console templates and wizards to empower IT admins to maximize value. VMware also curates a vast online knowledge repository that includes product information, videos, labs, blogs, implementation guides, learning activity paths and reference architecture in its Tech Zone portal.
- Flexibility: VMware’s flexible architecture enables customers to operate exclusively on-premises, exclusively in SaaS, or a hybrid of the two where customers decide on a component level what model is a best fit. Standard and customizable connectors can enable complex integrations. VMware also offers several integrations with third-party identity, endpoint security, IT operations and IT service management tools.
You should know …
- Platform value proposition: To maximize the unique value of VMware’s Workspace ONE platform (e.g., employee experience, risk-based conditional access [zero trust], automation, intelligence and analytics, etc.), clients will need to purchase the Enterprise license tier.
- Advanced feature adoption: VMware continues to make investments in areas such as modern management of Windows and macOS devices, and offerings such as employee onboarding; yet adoption has been slower than expected.
- Microsoft 365: VMware customers committed to Microsoft 365 must rationalize the incremental cost of paying for Workspace ONE and Microsoft Endpoint Manager, or should look for advanced Workspace ONE capabilities to complement Endpoint Manager. The Workspace ONE integration to MEM offering is currently in limited beta.
IBM Security MaaS360 with Watson
IBM Security MaaS360 with its Watson product, also in Gartner’s Top 3, is focused on artificial intelligence (AI)-enhanced UEM. Its operations are geographically diversified; clients tend to be small to midsize technology, retail and manufacturing companies based in the Americas and Europe. IBM continues to invest in AI, ensuring alignment with new devices, features and use cases, and deeper integration with identity and endpoint security products.
What separates it from competitors
- Watson Analytics: IBM has used its Watson AI expertise to deliver analytics designed to help customers identify, prioritize, triage and resolve issues on devices managed by MaaS360. Customers value the efficiencies gained from customizable, automated reporting that helps them identify and prioritize critical issues.
- Ease of use: Gartner clients continue to report that MaaS360 is easier to implement than other UEM solutions. The product offers several policy templates through a wizardlike interface that uses AI to deliver benchmarked reports that enable customers to configure and validate their environment against peer and published practices. It also has a clean dashboard to react to events quickly.
- Strong CMT support: The integration with third-party CMTs, along with Group Policy Object (GPO) migration capabilities, simplifies the journey to co-management and modern management. Clients have referenced positive experience with integrations to Microsoft Endpoint Configuration Manager, HCL BigFix and Tanium. IBM also offers self-directed patching and application updates for Windows and macOS (using OPSWAT), and tools to help customers migrate to modern management.
You should know …
- SaaS only: MaaS360 is available only as a SaaS solution and does not provide any on-premises management option. It does, however, offer an on-premises access gateway to enable mobile devices to access email and other applications.
- Mostly midmarket: Gartner rarely sees MaaS360 on enterprise client shortlists unless the organization is already heavily invested in IBM software. IBM is working on enabling its sales force to sell MaaS360; however, most sales are from small to midsize companies or through the carrier channel.
- Limited endpoint diversity: Despite strong CMT integration, most clients report using MaaS360 to manage mobile devices rather than as UEM to manage PCs via co-management or modern management.
Microsoft Endpoint Manager
Microsoft Endpoint Manager (MEM), the final member of Gartner’s Top 3, combines Intune and Configuration Manager and is available with an Enterprise Mobility + Security (EMS) license. Microsoft’s operations and clients tend to be geographically diversified. Microsoft continues to invest in improving end-user and IT admin experience, integration with endpoint security and identity systems, and expanded use of analytics, AI and machine learning (ML).
What separates it from competitors
- Marketing and product strategy: With the establishment of MEM, Microsoft offers the most used UEM tool on the market, with significantly more devices under management than its competition. Though many I&O leaders are confused by the MEM, Configuration Manager and Intune relationship, online references in 4Q19 increased by 278%, with discussions on how MEM combines its offerings into a single console at no additional cost.
- Microsoft-native: Deep integration across Microsoft products offers security capabilities that are difficult to replicate piecemeal. Evidence of improved stability and performance achieved by reducing third-party plug-ins cannot be ignored. MEM’s integration with Azure Active Directory, Defender Advanced Threat Protection (ATP) and Microsoft 365 app protection offers improved security and user experience through zero-trust conditional access.
- Co-management: Improved Intune and Configuration Manager integration, along with the pandemic, have accelerated the adoption of co-management and modern management. Prepandemic, clients were too focused on replacing Windows 7 with Windows 10 to adjust their endpoint management strategies.
You should know …
- Third-party integrations: Clients frequently struggle with limited integration with third-party identity, service and asset management, and endpoint security products. Additionally, organizations seeking advanced macOS management and remote control are required to use third-party integrated solutions.
- Nonstandard use cases: MEM currently lacks robust management capabilities for IoT, wearables, rugged frontline devices and UNIX/Linux operating systems as well as required controls for highly regulated use cases where containerization and integrated VPNs are more common. MEM enables management of Microsoft 365 Enterprise apps and data using Intune app protection policies and conditional access; however, that may not meet compliance requirements.
- Difficult to use: Clients’ most common concern is that using MEM is not easy. Reasons include the overhead required to architect, build and maintain Configuration Manager and integration between on-premises Active Directory (AD) and Azure AD. Managing some policies (like Windows Hello) requires use of multiple consoles. Clients also frequently voice frustration with staying abreast of product updates and finding documentation and best practices across the various websites, communities and blogs.