Do you know where all the devices in your organization are currently located and what they are used for?
As organizations increase the use of their smartphones, laptops, tablets, and other mobile devices, they also increase their risk on those thousands, if not hundreds of thousands, of endpoints. The question is not just how do you track these devices, but how do you get real-time insight into the status, compliance, and security of each device?
That’s why security teams are turning to mobile device management (MDM) solutions. But in our current report on the “Device management statuswe found that organizations are struggling to keep up, as only 23% report that all or nearly all of their devices are enrolled in their MDM, and only 25% have all or nearly all of their devices running the latest system. exploitation. Moreover, only about half find their MDM solutions effective.
If you want to strengthen endpoint security, pay attention to these industry trends and implement them in your device management strategy to protect end users and your organization’s security.
Five trends shaping the future of device management
Device management needs to scale quickly to keep up with growing inventory and growing threats. Here are five emerging trends in device management and how your organization can take advantage of them.
Trend 1: zero trust
A laptop shouldn’t be given permissions just because it’s in an office. With the growing popularity of remote working, consider your office network as secure as your local Starbucks Wi-Fi. That’s why zero trust – the ability to control access to apps based not on the user’s identity but on the identity and state of their client device – is a great place to start. in device management.
Organizations need to move from perimeter-based security to explicitly and consistently enforced verification of a user’s or machine’s security attributes, ensuring that you authenticate users as well as their device. Zero trust is also a cost saving, because IBM recently reported that a Zero Trust deployment can reduce the cost of data breaches by 42.3%.
Trend 2: Moving away from VPNs
End users still rely on VPNs, but having their laptop placed on the company’s “internal network” gives them a level of trust that shouldn’t be offered. Devices are also not continuously checked throughout the day via VPN. Organizations that want to ensure the security of their devices will move from VPNs to more secure protocols like TLS with identity-aware proxies, which will provide a more productive experience for employees while improving security at the same time.
Replace VPNs with HTTPS proxies with strong two-factor authentication (2FA) requirements, integrate them into your endpoint tools, and also implement continuous device posture checking. Additionally, invest in tools with open APIs that can be integrated into the overall architecture you want to deploy. Not only will you have a much more secure security architecture, but proxies used for specific applications won’t need to centralize all workstation traffic.
Trend 3: thinner terminals
Why not also rethink the endpoints you choose? Most SaaS are web-based. Do we still need Macs or PCs if everything is on the web? Wouldn’t a Chromebook be easier to manage and more secure? With more apps moving to the web, make your devices leaner and easier to manage.
Instead of trying to block known malware, consider piloting with iPads or Chromebooks. A high-end Chromebook used with Google Workspace can provide a great experience and is much easier to manage and secure than a full PC or Mac. For development, try the various web IDEs that have become available in recent years. They offer a great way to centralize the PIN on a secure platform.
Trend 4: cloud and remote first, then on-premises or none
Since the COVID-19 pandemic, the ways of working have changed. Companies with offices offer hybrid work options, and every company wants to be able to continue working if there is another lockdown. That’s why organizations will continue to move towards cloud and remote options, and away from on-premises.
Combined with zero trust and the reduction of VPNs, legacy technologies that are extremely difficult to secure, such as Active Directory, should also be removed. Make sure everything you deploy from now on supports modern authentication standards, including hardware-based two-factor authentication (2FA), and can operate securely over the internet. Then, start planning for the future removal of traditional Active Directory by protecting and containing it, and leaving it available only to legacy systems that need it.
Trend 5: Hardware 2FA is becoming mainstream
According Microsoft Research, accounts that use multi-factor authentication are 99.9% less likely to be compromised. Although many still rely on it, 2FA texting and voice are not safe. Although notifications sent to apps on smartphones are better, attackers also compromise them.
This is why organizations must turn to hardware methods for their authentication. For example, FIDO U2F keys are increasingly supported in many web applications, and more and more devices can act as a FIDO U2F key, such as phones, Chromebooks, and Windows Hello. Start supporting these authentication methods now and encourage people to use them. If you’re a small organization where there isn’t a lot of legacy software such as Active Directory, it’s easy to enforce their use in 2022 – but it has to happen to everyone, or information theft will happen. Identification will remain a major threat to businesses around the world.
Manageable device management
Device management doesn’t have to be overwhelming. By prioritizing endpoint security and following the trends above, businesses can reduce their risk and better secure their laptops and servers today. And you’ll know where all the devices in your organization are right now and what they’re for.