{"id":17686,"date":"2020-02-10T04:30:09","date_gmt":"2020-02-10T12:30:09","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/02\/10\/news-11421\/"},"modified":"2020-02-10T04:30:09","modified_gmt":"2020-02-10T12:30:09","slug":"news-11421","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/10\/news-11421\/","title":{"rendered":"UEM to marry security \u2013 finally \u2013 after long courtship"},"content":{"rendered":"

<\/p>\n

Credit to Author: Lucas Mearian| Date: Mon, 10 Feb 2020 03:00:00 -0800<\/strong><\/p>\n

The days of enterprise security being a separate entity from mobile and desktop endpoint management are coming to an end, which should delight infrastructure and security teams who\u2019ll eventually have more powerful machine learning-enabled tools at their disposal \u2013 and a single console through which to control them.<\/p>\n

Security around mobile and desktop infrastructures has traditionally depended on what’s being managed; you purchase one for mobile devices and another for the rest of your endpoints, whether laptop or desktop.<\/p>\n

While security threats are growing, particularly phishing attacks via email, SMS or hyperlinks, the amount of money companies spend on mobile security appears to be shrinking. And yet, the percentage of organizations that admit to having suffered a mobile compromise grew in 2019, according to a Verizon survey.<\/p>\n

Two-thirds of organizations said they are less confident about the security of their mobile assets than other devices, according to\u00a0Verizon’s Mobile Security Index report<\/a>. The 2019 survey included 700 small, medium and large companies.<\/p>\n

Over the past year and a half, vendors have moved to more tightly integrate security with unified endpoint management (UEM), offering a more comprehensive strategy for securing all enterprise endpoints, according to Nick McQuire, a senior vice president of research at CCS Insights.<\/p>\n

UEM involves products that provide a centralized policy engine for managing and securing corporate laptops and mobile devices from a single console. Essentially, UEM platforms represent the next generation of device management; in many ways, it\u2019s a culmination of\u00a0mobile device management<\/a> (MDM),\u00a0enterprise mobility management (EMM), mobile application management (MAM)\u00a0and client management philosophies.<\/p>\n

\u201cThere are products now that have, or are close, to the single-console approach to unified endpoint and security management,” said Phil Hochmuth, vice president of mobile research at IDC. “For smaller firms, or organizations with lean IT staffs, this consolidation is key. For larger organizations, role-based separation and access to features and dashboards will be important.”<\/p>\n

Machine learning-based security is taking access to corporate applications and data to a new level, managing not only who can log into those systems through UEM platforms but continuously monitoring what employees are doing while using corporate apps and data repositories.<\/p>\n

\u201cWe absolutely believe the way the industry is moving forward is it shouldn\u2019t matter what kind of device you have, you should get an appropriate security policy based on the device and other contextual variables, such as who owns the device, where in the world you\u2019re located, what time of day you\u2019re accessing something, or if you\u2019re on a public W-iFi,\u201d said Rob Smith, a research director at Gartner.<\/p>\n

Known as a “zero-trust” framework, end users are subject to pre-determined parameters that can discern their intentions based on their roles in the company; if their actions fall outside of the boundaries for safe behavior, system access can be cut off.<\/p>\n

\u201cA lot of [threat detection] has to do with knowing what the device is, who the user is\u2026, the health of the device and making sure the user is tied to their credential and that credential is tied to the device,\u201d said Bill Harrod, federal CTO at MobileIron. \u201cThen it\u2019s about being able to evaluate the risk in all those places.\u201d<\/p>\n

In short, zero trust means being able to take proactive measures before an organization is compromised or loses a significant amount of data. While machine learning plays a part, companies also have to ensure they have trusted communication channels, meaning data is encrypted while in transit and at rest. That can help avoid common security issues, such as man-in-the-middle and ransomware attacks, Harrod said.<\/p>\n

It also means “taking measures to quarantine [a breach] or stop continuous user authorization” because nothing can stop an employee\u00a0from doing anything they want once they’ve input the correct credntials, Harrod said.<\/p>\n

Zero trust relies on multifactor authentication, analytics, encryption and file system-level permissions; it includes dynamic enforcement of access rules, not only for a user’s identity but also for their device and the context in which they’re attempting access. The result is that users are given the minimum amount of access to accomplish a specific task.<\/p>\n

While not a new concept, adding zero trust capabilities to UEM is at leading edge of device management, and enterprises should expect some, though not all, vendors to begin selling single-console products over the next year and a half, Smith said.<\/p>\n

\u201cGartner sees a convergence of management and security, however, they will remain separate buying centers,\u201d Smith said. \u201cBut, there will be vendors such as Microsoft, VMware and BlackBerry who\u2019ll offer it as a single solution.\u201d<\/p>\n

For example,\u00a0VMware last year bought Carbon Black<\/a>, a cloud security vendor whose product uses artificial intelligence (AI) and machine learning to protect endpoints through behavior recognition. In October, BlackBerry announced the availability of its mobile threat defense (MTD) product combined with its Unified Endpoint Management product \u2013 the result of its acquisition in 2018 of AI\/ML security vendor Cylance<\/a>.<\/p>\n

\u201cIt\u2019s taking time for those internal silos to break down between the security side and the UEM side to come up with singular products,\u201d Smith said. \u201cThis is something that will evolve over the next 12 to 18 months, as these vendors take their existing management products and make them work with their new security companies.\u201d<\/p>\n

Microsoft has essentially already merged<\/a> its existing endpoint management and security products through its Office 365 E5 license<\/a>, which includes ATP Defender<\/a> and InTune \u2013 all under the Azure console<\/a>.<\/p>\n

Microsoft is only missing the MTD intelligence piece, according to Smith. But it’s \u00a0expected to integrate with several of the mobile threat defense venders, as it has with Lookout<\/a>, and place their data directly into Windows Defender ATP.<\/p>\n

\u201cHowever, the price leap from an E3 license to an E5 is quite big and really only adds security, so I don\u2019t think the same pressure [to buy a single-pane solution] will apply here \u2013 at least, not yet,\u201d Smith said.<\/p>\n

MOL Group, an international oil and gas company based in Budapest, Hungary, supports about 4,200 employee devices for executives, office staff, truck drivers and delivery workers.<\/p>\n

MOL currently provides corporate-owned iOS devices to its business managers, Windows phones to its office-based staff, and both Android and iOS tablets to field workers such as delivery drivers and maintenance workers. MOL also supports a BYOD deployment for employees who prefer to use their own devices at work.<\/p>\n

Most of the company\u2019s apps are customized by third-party developers and support a variety of business tasks such as route planning and optimization for deliveries. The apps are securely deployed to iOS and Android devices through MobileIron AppsWork, an application library that also enables updates to be pushed to devices.<\/p>\n

MOL employees use MobileIron\u2019s secure browser, WebWork, to access internal web resources and get approvals from their managers. And employees across the company can securely access and share files through SharePoint and internal company sites.<\/p>\n

MOL said it has also improved mobile security by containerizing apps such as KiteWorks, WebWork, Email+, and DocsWork on mobile devices.<\/p>\n

Before the company turned to MobileIron, employees would often save corporate documents to external hard drives to work on at home later. This put corporate data at risk because IT had no control over how documents were shared.<\/p>\n

Mobile devices can now be configured and secured remotely, apps can also be silently installed, updated, or removed without any end-user intervention required. If an employee leaves the company, or if a device becomes compromised, IT can lock down or remotely wipe the device to ensure corporate data doesn\u2019t fall into the wrong hands.<\/p>\n

\u201cNow we can identify all of the devices on our network, know who is connecting to which resources, and see which OS and app versions they are running,\u201d said \u00c1kos D\u00e1nyi, senior expert of group office applications at MOL. \u201cThis is essential to helping us control access to back-end resources and ensure that all devices are running the most current app and OS versions.”<\/p>\n

Mobileiron and Blackberry are currently two of the leading providers of UEM zero-trust solutions, according to McQuire.<\/p>\n

For example, in November, Blackberry added several zero-trust software updates<\/a> to its flagship Enterprise Mobility Suite.<\/p>\n

\u201cBlackBerry has had\u00a0a security focus for some time \u2013 even before acquiring Cylance<\/a>,\u201d said Jack\u00a0Gold, principal analyst for\u00a0J.Gold\u00a0Associates. \u201cThey are now porting those AI security features to the mobile device world from their previously PC-centric offering. They are also moving in a workspaces direction as they offer secured on-device access through secured browsers and [Office] 365 type access.”<\/p>\n

Single-console management isn\u2019t the ultimate benefit of unifying security and endpoint management, according to IDC’s Hochmuth. The biggest benefit is the integration of data and analytics between endpoint management and security, which will be transformational, he said.<\/p>\n

When vendors add artificial intelligence to UEM, it opens up the possibility of self-fixing end-user computing environments, and automated breach and vulnerability responses.<\/p>\n

\u201cBeyond that, businesses can use this data to optimize and improve how employees with technology do their job. This can drive more efficiency, creativity and productivity and \u2013 ultimately \u2013 better business outcomes,\u201d Hochmuth said.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Lucas Mearian| Date: Mon, 10 Feb 2020 03:00:00 -0800<\/strong><\/p>\n

\n
\n

The days of enterprise security being a separate entity from mobile and desktop endpoint management are coming to an end, which should delight infrastructure and security teams who\u2019ll eventually have more powerful machine learning-enabled tools at their disposal \u2013 and a single console through which to control them.<\/p>\n

Security around mobile and desktop infrastructures has traditionally depended on what’s being managed; you purchase one for mobile devices and another for the rest of your endpoints, whether laptop or desktop.<\/p>\n

While security threats are growing, particularly phishing attacks via email, SMS or hyperlinks, the amount of money companies spend on mobile security appears to be shrinking. And yet, the percentage of organizations that admit to having suffered a mobile compromise grew in 2019, according to a Verizon survey.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10554,11066,22200,714,24181],"class_list":["post-17686","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-mobile","tag-mobile-apps","tag-mobile-management","tag-security","tag-unified-communications"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17686"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17686\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17686"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}