I have seen a lot of endpoint trends come and go over my fifteen-plus years in enterprise technology. From the very first ‘mobile’ devices from Palm and HP (iPaq… the first iDevice!) to VDI and now the wave of constantly iterating MDM and mobile security platforms…
I ask myself, what’s a thoughtful CIO to do here?
In the interest of clarity, I should say that I have really only worked with two technologies throughout my IT career: Symantec’s Altiris technology and Microsoft System Center (the artist formerly known as Systems Management Server). There have been a few other brief flirtations (JAMF Casper, LANDesk, etc) but for the purposes of this article assume the commentary is relevant to what I know best.
Now, back to the question I posed. If you are leading a technology organization, or even running a growing business…do you know:
All of the form factors in the hands of your end users?
The number of solutions deployed to manage those devices?
Your patch compliance across the entire ecosystem?
What to do in case of emergency?
My experience tells me that you probably don’t know the answer to any of those questions, let alone all of them. The good news is there’s probably someone that can identify the gaps and assess your risk (hint: it’s me, or another grizzled veteran of the Windows Vista wars).
But before you invest any time in the answers… let me give you a few hard truths:
It’s impossible to manage risk without asset intelligence
There are too many complex tools doing too many things
You cannot secure devices you can’t manage
Operational maturity is measured by how your team reacts to an advanced/persistent threat
With respect to asset intelligence, this is not an argument that your ITAM program is broken (but if you think it is, go look at this). The simple fact is you must know who is using what, where they are and if they are using those tools for approved purposes. This is the difference between merely having information and having intelligence.
I am also willing to bet that you have separate MDM, MAM and endpoint management tools. This used to be a necessity, but with the rise of the hybrid architecture (watch out for the Azure Shark!) we can stitch the right tool with the right team to accomplish your systems management mission.
Do you have a single systems management platform?
Finally, when the fudge hits the ceiling fan you’ll find out whether you have asset intelligencethat is actionable, enabling you to touch those devices and support your remediation mission. If you are a CISO/CSO reading this and want to have some fun – go ask your desktop guys for a live dashboard showing the manufacturer, model and operating system of every device with access to company IP. Keep in mind that is only a surface-level reading of your exposure.