Do you know where all of your organization’s devices are at this moment, and what they’re being used for?
As organizations increase their smartphone, laptop, tablet, and other mobile device usage, they’re also increasing their risk across these thousands and sometimes hundreds of thousands of endpoints. The question becomes not just how you can keep track of those devices, but how do you gain insight into each device’s real-time status, compliance, and security?
This is why security teams are turning to mobile device management (MDM) solutions. But in our current report on the “State of device management,” we found that organizations are struggling to keep up, as only 23% say that all or nearly all of their devices are enrolled in their MDM, and only 25% have all or almost all of their devices running the last OS. Additionally, only about half find their MDM solutions effective.
If you want to increase endpoint security, pay attention to these industry trends and implement them in your device management strategy so you can keep end users safe and your organization secure.
Five trends shaping the future of device management
Device management needs to evolve quickly to keep up with growing inventory and rising threats. Here are five new trends in device management and how your organization can capitalize on them.
Trend 1: Zero trust
A laptop should not be granted permissions simply because it is located in an office. With the growing popularity of remote work, consider your office network as safe as the Wi-Fi at your local Starbucks. This is why zero-trust — the ability to control access to applications based not on the identity of the user but on the identity and state of their client device — is a great place to start in device management.
Organizations should move from perimeter-based security to explicit and constantly enforced verification of the security attributes of a user or machine — ensuring you authenticate users as well as their device. Zero trust is also a cost-saver, as IBM recently reported that having zero trust deployment can reduce the cost of data breaches by 42.3%.
Trend 2: Moving away from VPNs
End users still rely on VPNs, yet having their laptop placed on the “internal network” of the company grants a level of trust that should not be offered. Devices also are not verified constantly throughout the day via VPN. Organizations that want to make sure the security of their devices will move away from VPNs to safer protocols like TLS with identity-aware proxies — which will provide a more productive experience for employees while improving security at the same time.
Replace VPNs with HTTPS proxies with strong two-factor authentication (2FA) requirements, integrate them into your endpoint tools, and implement continuous device posture checking as well. Additionally, invest in tools with open APIs that can be incorporated into the overall architecture you want to deploy. Not only will you have a much safer security architecture, but the proxies being used for specific applications won’t require centralizing all traffic from workstations.
Trend 3: Thinner endpoints
Why not also rethink which endpoints you choose? Most SaaS is web-based — do we still need Mac or PCs if everything is on the web? Wouldn’t a Chromebook be easier to manage and safer? With more apps moving to the web, make your endpoints thinner and more manageable.
Instead of trying to block known malicious software, consider performing a pilot program with iPads or Chromebooks. A high-end Chromebook used with Google Workspace can provide a great experience, and is much simpler to manage and secure than a full PC or Mac. For development, try out the different web IDEs that have become available in the last few years. They offer a great way to keep confidential code centralized on a secure platform.
Trend 4: Cloud and remote first, on-prem second or nonexistent
Since the COVID-19 pandemic, the ways people work have changed. Companies with offices are offering hybrid work options, and every company wants to be able to keep working if there’s another lockdown. This is why organizations will continue to turn towards cloud and remote options, and away from on-prem.
Combined with zero trust and reducing VPNs, legacy technologies that are extremely hard to secure, such as Active Directory, should be phased out as well. Make sure that everything you deploy from now on supports modern authentication standards, including hardware two-factor authentication (2FA), and can operate over the Internet safely. Then, start planning for the future removal of traditional Active Directory by protecting it and containing it, and leaving it available only for legacy systems that require it.
Trend 5: Hardware 2FA becomes mainstream
According to research from Microsoft, accounts that use multi-factor authentication are 99.9% less likely to be compromised. Although still relied on by many, SMS and voice 2FA are not safe. While notifications sent to apps on smartphones are better, attackers are compromising those as well.
That’s why organizations need to turn to hardware-based methods for their authentication. For instance, FIDO U2F keys are gaining support in many web apps, and more and more devices can act as a FIDO U2F key, like phones, Chromebooks, and Windows Hello. Start supporting these authentication methods right now, and encourage people to use them. If you are a smaller organization where there is not a lot of legacy software such as Active Directory, enforcing their use is easy in 2022 — but it has to happen for everyone, or credential theft will remain a major threat to businesses everywhere.
Manageable device management
Device management doesn’t have to be overwhelming. By prioritizing endpoint security and following the trends above, organizations can lower their risk and better secure their organization’s laptops and servers, starting today. And you will know where all of your organization’s devices are at this moment, and what they’re being used for.