Endpoint management in a COVID-19 world
While the focus during the pandemic has been on getting employees connected so that they can work from home, proper endpoint management is key to enterprise data security.
Employees forced to work from home due to the coronavirus pandemic are using a variety of internet-connected devices -- including smartphones, tablets, smart speakers, and both corporate-owned and employee-owned computers -- to get their jobs done. Yet the use of each additional device poses a threat to a company's security strategy.
For IT administrators, the management of those devices, including such means as those provided by unified endpoint management products, is now a critical consideration for enterprises in a COVID-19 world. Endpoint management is used to secure devices before they are given access to a company's network. Unified endpoint management is the concept of controlling multiple types of devices through a single console.
"With much of the global workforce moving to work remotely, endpoint security has never been more critical," said Christopher Sherman, senior analyst at Forrester Research. "In many cases, enterprises are quickly provisioning new remote resources to their employees, further exposing an already increasing attack surface."
With these additional devices potentially serving as new attack vectors, he said, opportunities for cybercriminals have grown.
"We've already seen opportunistic attackers taking advantage of the pandemic and increasing their campaigns against consumers, as well as employees," he said. "This is likely to increase as the quarantines continue."
Accelerating the mobility trend
Mark Bowker, senior analyst at Enterprise Strategy Group (ESG), said the trend toward mobility and remote work has existed since the launch of the iPhone and has already forced IT professionals to secure an "expanded perimeter" around a company's data.
Citing an ESG survey of full-time employees -- including those in sales, marketing, HR, finance, IT, engineering, software development and customer service -- Bowker said 74% of respondents did at least some work in a non-office setting at least once a week, while 50% did so every day of the work week.
"Employees expect to be productive from anywhere, and most IT organizations have implemented capabilities to securely deliver applications and data to employees," he said. "The current challenge is rapidly scaling existing deployment, while maintaining security policies for users that may have a higher risk profile associated with them -- and [who are] no longer working on a known network or known device."
Alex Willis, vice president of global sales engineering at BlackBerry, agreed, noting the predominance of the mobile workforce.
"Now there's a lockdown, and at most places, people are having to do their entire job on these devices," he said. "I think the problem organizations are seeing is the urgency in expanding it beyond the typical road warrior or mobile worker. They're talking people who have never worked from home before and they're having to, very quickly, set them up in a home office."
Jason Dettbarn, founder and CEO of cloud-based Apple device management firm Addigy, said there had been increased demand for device-management products since the early days of the outbreak.
"The clear consensus is that a lot of people didn't feel they needed device management for Apple," he said. "They've had a BYOD model, maybe, or have allowed [Apple devices] in the office ... now, they have this forced need where they really have to make sure they're managing [these devices]."
Employee devices provide flexibility and risk
Given the widespread nature of the pandemic, many firms are trying to roll out remote work devices at the same time -- making provisioning a challenge. This, experts noted, could lead to enterprises allowing employees to use their own devices -- a flexible option, but one that imperils data security.
"Most people have really powerful home computers these days, but getting remote access to be productive on a home computer introduces a lot of risk," Willis said. "If you don't control the machines, you can't really control the security posture of that machine."
The same holds true on the mobile side, Dettbarn said. As Apple depends on China for manufacturing, the company is facing a shortage of devices available to enterprises -- meaning those businesses may have to rely on the devices employees have on hand for mobile productivity.
"A lot of [employees] will likely have an Apple device in their home that they can use for BYOD," he said. "Now, an organization that might be a little more Windows-focused might have to adapt to Apple devices to get people up and running."
Zero trust for remote work
As companies may be forced to rely on employee devices, they could turn to zero-trust security -- in which a user's actions and devices are continuously evaluated -- to allay security worries.
"When a company implements a zero-trust strategy extending to all their edge devices, they can afford to be less concerned with the health of the ... employee's home network, since protection is centered around what is most at risk -- their corporate apps and company data," Forrester's Sherman said.
Willis said zero trust represented a departure from the castle-and-moat approach to security -- a model in which everything outside the firewall was untrusted and everything inside was considered safe.
"Now, with zero trust, it doesn't matter if you're in the network or not. Everything is considered untrusted," he said. "Even though the users don't know it, they're being authenticated with every step they take: How are they interacting with the application? What network are they on? What endpoint are they [using]?"
If something looks wrong, Willis said, the zero-trust management product will require reauthentication, but the hope is to keep employees from having to jump through hoops to accomplish their usual tasks.
Getting management in place
Like many other companies, both BlackBerry and Addigy are providing limited-time free access to some of their products during the coronavirus crisis. Dettbarn said the nature of the situation drove the decision.
"Everybody is so uncertain about what's going on, that admins are handcuffed by financial constraints or a spending freeze," he said. "If [IT administrators] had to go get those financial approvals [to buy new management products], that's probably not going to happen."
Alex WillisVice president of global sales engineering, BlackBerry
Sherman said proper patch and configuration management, as well as a robust endpoint security solution, are the best ways to protect the devices employees use for remote work.
"To this end, we're seeing many endpoint management-focused products offering combined management and security," he said.
Willis said organizations that are hoping to put work-from-home plans together quickly would do well to remember the importance of device management.
"[Companies] think the end goal is connectivity, but the real end goal needs to be secured connectivity," he said.