Unified Endpoint Management (UEM) represents the latest evolutionary stage of mobile device management, monitoring, and security. UEM emerged as a result of three main driving factors: (1) the increasing mobility of workforces; (2) the proliferation of multiple connected devices and the Internet of Things (IoT); and (3) the inadequacy of earlier endpoint management models such as Mobile Device Management (MDM), Mobile Application Management (MAP), and the Enterprise Mobility Model (EMM). All these models were developed to deal with a key security issue: If multiple mobile devices are linking remotely onto centralised networks using communication infrastructure (such as Wi-Fi and LTE) that is not within the control of the relevant, individual network administrator, every endpoint, or node, becomes a potential entry-point for illegal and malicious activity, unauthorised network access, and data theft or corruption.
As mentioned, apart from the environmental and technological conditions that created the need for the management, control, and security of multiple mobile devices—or network nodes if deployed as part of the workforce of a particular enterprise or organisation—three different models aimed at fulfilling these functions emerged, but fell short on certain aspects.
Firstly, Mobile Device Management (MDM) had the capacity to:
The problem with this model was that it didn't cater for Bring Your Own Device (BYOD) working arrangements where workers used their own personal computers and internet providers, a trend that was developing at a lightning-fast pace with the growth in what is known as the "gig economy", as well as many enterprises and their workers preferring a BYOD model for greater freedom and control over both their work and personal activities on their own devices.
The proliferation of smartphones and their data security requirements led to the development of the Mobile Application (MAP) management model. It differs from MDM in that it addressed only device-specific apps instead of the whole device. But users found that the MAP solution did not support most native applications available from app stores. This need resulted in the development of the Enterprise Mobility Management (EMM) model, which essentially combines MDM and MAP paradigms using containers that securely encapsulate apps and data. EMM integrates into the name service, providing app customisation, doc and data security, and policy compliance while MDM manages device features.
Unified Endpoint Management (UEM) is the natural result of this evolution, which includes all use cases and endpoints from mobile to fixed to wearables to IoT through a single comprehensive enterprise mobility management solution. UEM allows IT to manage, secure, and deploy corporate resources and applications on any device from a single console. As users increasingly work remotely from traditional as well as mobile devices, and enterprises incorporate IoT and other new technologies, UEM has evolved to solve the problems modern IT departments encounter when securing and connecting these environments.
The actual value of a Unified Endpoint Management solution lies in providing organisations and users of mobile devices for multiple purposes with advanced, efficient, and effective solutions that allow endpoint users to work remotely with confidence in the security of their devices and the networks they connect to, and organisations with the ability to exercise absolute control over their network infrastructure.
The benefits of using an advanced, globally recognised and highly rated UEM product such as Ivanti UEM is that it includes all the most critical UEM capabilities, such as:
The Ivanti Unified Endpoint Management solution achieves this through a personalised user workspace. The customised workspace ultimately delivers higher productivity when logon times are reduced, and desktop responsiveness is improved. As your company begins using the Ivanti Unified Endpoint Management solution, you are sure to witness the number of support calls drop as user satisfaction increases.
As mentioned earlier, with an increasingly decentralised working landscape, multiple mobile devices scattered across large geographical areas—often globally—are being employed by individual users for both work and personal activities, often accessing centralised networks of businesses and other organisations through independent internet service providers, the security of which is completely beyond the control of the business or organisation. End-user devices are therefore veritable gateways to the networks of many different types of organisations, from corporations to governments and everything in between. The main function of an endpoint security protocol is to serve as a "gatekeeper" to protect networks from unauthorised intrusion and risky user practices.
Today's digital workspace requirements have posed challenges to IT admins tasked with securing corporate networks while simultaneously being expected to facilitate ease of access and functionality to end-users. The rise in BYOD has led to a "shadow IT" presence in some organisations that do not sanction hardware or software not supported by the company's IT policies. The issue of workers also using unsecured home or public Wi-Fi hotspots complicates matters even further. If connections are not protected by the use of a robust VPN, sensitive corporate and customer data could be at risk of ARP spoofing or poisoning—an attack that causes traffic destined for one or more hosts on the local network to be steered to a destination of the attacker's choosing, giving them access to any and all information that was exchanged.
It leaves networks vulnerable to DNS hijacking, where DNS queries are incorrectly resolved in order to unexpectedly redirect users to malicious sites. To perform the attack, perpetrators either install malware on user computers, take over routers, or intercept or hack DNS communication. DNS hijacking can be used for pharming (in this context, attackers typically display unwanted ads to generate revenue) or for phishing (displaying fake versions of sites users access and stealing data or credentials). Another threat is a MITM (man in the middle) attack where a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The goal of an attack is to steal personal information, such as login credentials, account details, and credit card numbers. Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.
Historically, security breaches originated from within a network. But today, unauthorised network intrusions increasingly come from endpoints, which demonstrates the inadequacy of focalised network security. Thus, network perimeters require security layers for protection against vulnerabilities posed by endpoint devices.
Zero-trust security—"never trust, always verify"—is a network architectural model using "micro perimeters" to secure each network segment. With these added layers of security, sysadmins safeguard an organisation's most sensitive data, apps, assets, and services with stringent identity and device verification measures. A zero-trust approach to network security ensures that should an unauthorised intrusion occur, the intruder won't have access to every part of the network. By blocking users whenever they attempt to access a different portion of the network, more robust web app security is achieved through added layers of protection.
The ability to do this better and more comprehensively is what sets Ivanti UEM apart from other packages, interfacing with practically any kind of device capable of connecting online, on any platform, and from anywhere.
Ivanti users can access all the IT services, including the service desk and security updates they depend on and are entitled to across all their devices. Optional modules integrate tightly with Endpoint Manager to provide asset management, software and hardware lifecycle management, and service management, with processes to maintain user productivity and organisational efficiency. The Ivanti UEM supports all the devices people use and improves both user and IT productivity. With a unified approach to device and application management, your organisation’s IT department gains a solution that reduces endpoint management costs and resource requirements, fills in the gaps in endpoint security, and delivers a seamless user experience. Ivanti's UEM eliminates the headaches that come with traditional UEM by focusing the security and management on the user, delivering not only unified management but a single, unified user experience on any device, anywhere, at any time.