Mobility and cloud computing are rapidly becoming the norm for enterprises around the world. In turn, enterprise IT departments are facing new management and security challenges as the amount of business data soars and the number of endpoints explodes. Mathivanan V, Vice President, ManageEngine, says the question doing the rounds is what IT teams need to consider to manage and secure their businesses in this new era.
Industry analysts predict deep penetration of enterprise mobility by the year 2020. IDC, for instance, forecasts that mobile workers will account for almost 75% of the total workforce in the US. Meanwhile, Strategy Analytics predicts that the global mobile workforce will reach 1.75 billion users and account for 42% of the global workforce overall.
The economic perspective is just as promising. The global enterprise mobility market will be worth as much as $140 billion, predicts the National Association of Software and Services Companies. And the investments are paying off. To date, 84% of all companies who consider themselves on the cutting edge of mobility report an increase in overall productivity as a direct result of incorporating mobile apps into their business, according to a survey by AppsFreedom.
Likewise, enterprises are expected to continue relentlessly adopting cloud technologies. By 2020, Gartner forecasts the public cloud services market will reach $383 billion. This includes spending on cloud business process services, cloud application infrastructure services, cloud application services, cloud management and security services, cloud system infrastructure services, and of course, cloud advertising.
The flip side of increasing enterprise mobility and cloud usage is the increasing risk to enterprise security. Today, most users have at least two endpoints – a laptop and mobile device – and 80% of network devices are the endpoints that are constantly connected to the Internet and exposed to its threats such as Meltdown, Spectre, Wannacry, and Petya.
More troubling, the typical end-user has little knowledge of those threats or their ramifications. The result is more users are more likely to leak enterprise data by using compromised websites and rogue online services. The CVE listed 14,712 cybersecurity vulnerabilities for 2017 and has already listed 2,848 for the first two months of 2018. In response, vendors large and small are releasing patches on a daily basis. Enterprise IT teams clearly need to focus on endpoint security management to ensure business success in the mobile-cloud era.
Endpoint security challenges
Keeping endpoints up to date with the latest versions of their operating systems and applications has become a full-time job, one that is getting harder to perform in the mobile enterprise. A growing challenge is the diversity of endpoint operating systems that must be managed, including Android, iOS, MacOS, Windows, Linux, and Chrome OS.
For each, the IT team must learn that operating system along with its corresponding patching technique. Likewise, applications acquired from the various app stores are managed with different techniques that must be learned and mastered so that the team can secure the endpoints.
Another challenge is managing the endpoints from day one, especially mobile devices. While it’s been relatively easy for IT admins to install agent software on desktops and laptops, smart phones and other mobile devices make life harder for the admins because the devices are rarely if ever connected to the corporate network.
Consequently, devices must be provisioned with the necessary mobile device management software before they are given to end-users. Devices that are not appropriately managed are security risks, so no business application should be installed or run on them.
Related to the day-one management challenge is updating endpoints that are on the go, anytime and anywhere. IT teams must be able to install critical patches while employees are travelling, commuting, or otherwise offsite.
Data leakage presents yet another security challenge for IT teams to overcome. Data leakage can happen with or without the knowledge of users. For instance, users may knowingly copy business data to a USB device or upload it to a cloud storage service.
They may also unknowingly expose that data to a public cloud service when using third-party apps such as document viewers and predictive keyboard apps. Such apps may compromise user IDs and passwords, account numbers, and other sensitive enterprise data by exposing it to public cloud services.
When a user’s device is lost or stolen, the IT team must be able to track and recover the device or wipe the data if the device isn’t recovered. To maintain the user’s privacy, however, the IT team cannot continuously track the location of the user’s device.
BYOD presents another privacy vs security challenge: When users use their own devices for business purposes, privacy needs to be maintained. Photos, contacts, and other personal data should not be managed by a company’s mobile device management app.
On the other hand, security needs to be maintained, too. To that end, the IT team should create a container on the user’s personal device – a secure, managed area that isolates business email, CRM, and other enterprise apps and data from the rest of the user’s personal apps/data.
To establish strong endpoint security and prevent unwanted attacks, IT teams must apply strict security policies on their endpoints. Laptops, for instance, should always run a firewall, prevent the creation of unwanted network shares, and encrypt data via BitLocker or FileVault. Such security policies can protect enterprises from the security risks posed by mobility.
Predicting the development of data and endpoint management
Going forward, machine learning and AI will help make data and endpoint management a proactive, rather than a reactive process. For instance, these technologies could prevent data theft by detecting anomalies such as unusual login activities or an unusually large number of documents being uploaded to the cloud.
They could analyse the root cause of patch deployment failures and suggest fixes. They could also detect system idle times – during lunch hours, for instance – to deploy patches as soon as possible rather than wait until after hours or weekends, which can leave systems unnecessarily vulnerable.
Meanwhile, the Internet of things (IoT) will introduce many organisations to a new breed of endpoints and connected devices. Unlike their iOS and Android-powered predecessors, IoT devices will be running many different operating systems and applications, all of which may be vulnerable yet must be managed and secured.
Finally, most business applications are moving to the cloud and accessed via browser, effectively making the browser an endpoint. That means to defend against attacks, IT teams need to manage browsers and perform all security operations for them just as if they were desktops, laptops or any other device.
As organisations continue to adopt mobility and the cloud, they must also adopt the practices necessary to support this new reality. Data and endpoint security and management are priority one in IT departments. For the vast majority of companies around the world, their future success depends on recognising and committing to that priority.