Lanline | 03 | 2019 For the end user, PC and mobile devices have been going hand in hand for years. However, IT is often still trying to manage client and mobile device management with individual solutions. UEM (Unified Endpoint Management) applications create IT services – provided that it succeeds in achieving continuous process automation. In addition to security features, this requires management functions to be integrated across platforms.
In Germany, by 2018 half of users already use a laptop professionally and 75 percent use a smartphone. 50 percent of decision-makers consider the tablet as an essential part to the digital workplace-according to analysts at Crisp Research in a survey for Samsung. The Forrester study “Forrester Wave Unified Endpoint Management, Q4 2018” also shows a sharp increase in end devices per user: According to the analysts, one in five “information workers” work with at least three mobile devices weekly.
But the real drivers for the UEM in 2018, according to Gartner and Forrester, were Apple’s Mac OS, Google’s Chrome OS and Microsoft’s Windows 10 – platforms that work well via UEM tool and can be managed thanks to MDM libraries (Mobile Device Management). They lay the technical basis to manage all endpoints, including applications and operating systems, via a common interface. UEM tools thus become the central information and decision-making platform.
IT Services and Safety in a Double Feature.
A UEM solution should make it possible to meet the high demands of end users. All IT services expect them in a timely, user-friendly and high-performance manner-regardless of the device. This includes convenient self-service portals, through which the user can easily order hardware and software. Through embedded workflows with clearly defined rules and approval procedures, IT accelerates and secures additional processes. For example, it can use security and account policy guidelines to determine which applications and apps an employee can use on the device, and can also verify the usage. Other security measures include the use of MDM professionals and consistent policies to prevent, detect, and address security risks for mobile devices and PCs.
Dashboard Overview to optimize the IT services
It is important to continuously monitor all devices quickly in order to identify vulnerabilities and shadow IT that could become a threat to security. This is achieved with a continuous inventory of all hardware and software assets. In order to detect each device, both agentless and agent-based methods are necessary.
The next step is to match inventory results with a software recognition catalog and asset management database. It is crucial to make the differences with the authorized software and hardware inventory immediately visible in a dashboard. Shadow IT, whether mobile or stationary, can be identified, tested and ultimately determine if a continuous process automation is necessary for real UEM. The UEM dashboard must report the patch and release status as well as the discontinued versions on a daily basis.
Automated Commissioning for more IT services
Ideally the workflow-based software distribution of updates and patches takes place from the dashboard-not only for Microsoft products, but also for PDF readers, browsers and other software as well. Software packages should be pre-managed for unwanted toolbars or adware. Such managing services are already integrated into the UEM solution, which makes a significant contribution to endpoint security in times of ransomware etc. Standardised processes with detailed tests in advance can ensure that the software is free of malicious code, that it runs on all operating systems, and that all users’ settings are maintained during installation.
For graphic workflow-based software distribution, the IT organization needs control mechanisms that, unlike error-prone scripts, ensure a high quality of IT services. Integrated UEM suites have attributes and information from both technical and organizational asset management, as well as the Active Directory with its organizational units or security groups. This allows for a site-independent and role-based distribution.
Ideally, communication between central and decentralized distribution points and end devices is certificate-based and in real-time. By using different protocols and deployment techniques, devices rarely logged on to the network can be reliably supplied with security-relevant updates and managed software via the Internet.
Windows 10 Deployment
The OS deployment also benefits from UEM, because it can be used at different points in the rollout process and perform tasks automatically to make the operating system installation flexible. This includes features such as automatically deploying hardware-specific device drivers, activating Bitlocker for hard drive encryption, or integrating software packages directly into operating system rollouts.
The success of a Windows 10 transfer is always dependent on testing scenarios of the applications. It is also dependent on hardware conditions such as testing system requirements in terms of architecture, the previous version, or free disk storage. This is followed by the distribution of data for an automatic transfer.
Ideally, UEM also helps to meet compliance requirements. It provides: Robust documentation for license audits, determines device usage, controls compliance with guidelines for the use of software and hardware, and makes it possible to have a clean division of private and professional data for security purposes.
License Management Integrated Into the Deployment Process
License management controls and checks the availability of licenses of the respective application either at the time of commissioning or during the distribution of software. Application metering helps avoid over-licensing. This is because analysing user behaviour is necessary to determine the most economic form of licensing. Application metering measures the actual use of software and identifies unused software. On this basis, IT can precisely determine the need for licensing and thus reduce the licensing costs.
In the UEM, Cloud applications such as Office 365 are also catered for. It is true that the manufacturers provide insight into the leased products, user rights, and purchased licenses via a portal. However, in order to obtain an overview of all licenses of a company, this is inconvenient and means significant added expenses for ongoing license management.This prevents a UEM tool that continuously reads data from the Office 365 portal, and integrates it into holistic license management.
The lifecycle of each hardware ends with its phasing out or discarding. Here, the IT department needs an integrated design or “end-of-life” process. This includes deleting personal and sensitive corporate data from disks reliably, so that recovery is impossible. According to the BSI recommendation, a tool should override the hard drives up to seven times. The old systems can then be safely disposed of.
If the help desk is integrated into the UEM, this has a positive effect for two reasons: On the one hand, the IT backload is noticeably relieved, and on the other hand, the service quality increases. In addition, software distribution, automation processes, and administrator tools such as remote maintenance from the ticket should be possible. Also, IT support should have direct access to all relevant asset and user information for each endpoint. This allows the helpdesk employee to initiate software and patch installations from the same ticket. For failed installations, the software should automatically generate a ticket. This can only be done if the UEM solution keeps all technical inventory, all organizational and user-related information, as well as all relevant patches and software packages in a database.
Gartner analysts are right to point out that some UEM tools do not cover key tasks of traditional Windows management – so they do not offer a full UEM. Typical vulnerabilities here lie in patch management, packaging of applications, or license management. However, a real UEM can only be achieved if all relevant disciplines of IT service management are integrated.