Secure Unified Endpoint Management
Ivanti’s State of Cybersecurity Research Report Series
Research shows that IT and security suffer from siloed data and operations. Integrating endpoint management and security offers relief.
Share article
Listen to this report
01
Why align?
When IT and security teams are not aligned, it undermines a wide range of critical business goals. Coordinating endpoint management and endpoint security offers a way to harmonize IT and security directives.
Problem today
Ivanti’s research shows a clear lack of alignment between IT and security teams. Some 41% of respondents say the two teams use different tools, and 39% say they have difficulty sharing data.
What’s really at play? A tension between the core directives of each group:
- IT operations teams focus on efficiency, uptime and performance to support business processes.
- Security teams prioritize protecting data and systems from threats — and their steps to mitigate these threats often require actions that impact performance and/or convenience.
On the ground, this tension manifests itself in many ways. Take for example the competing efforts of unified endpoint management (UEM) and endpoint security. Regular system updates and patches are essential for both security and performance, but the way patches are prioritized and applied can ramp up friction between IT and security.
When the two teams are working at odds with one another — especially when security hands IT an edict they don’t agree with — frustrations arise.
It’s time to join forces, integrating the objectives and workflows of unified endpoint management with the requirements of endpoint security: secure unified endpoint management.
Why it matters
The push-and-pull of endpoint management vs. endpoint security is one manifestation of a larger misalignment between the CIO and the CISO — with significant downsides.
When IT and security teams aren’t working cohesively and collaboratively, it can have immediate and significant business implications — from productivity loss and potentially high financial costs due to unplanned downtime to a weakened security posture due to unpatched devices.
Part of the solution lies in automating security practices, including patch prioritization, to reduce the burden on IT of an “everything is a priority” attitude to patching. Currently, just 36% of organizations automate patch prioritization.
An integrated SUEM solution covers everything from asset discovery and endpoint management to patch prioritization and self-healing automations.
1 in 3 organizations don’t have a documented method to prioritize patching, according to Ivanti’s research.
02
Data silos
Integrated endpoint management and security solutions can radically drive up visibility by breaking down data silos across departments and divisions — making your organization much more prepared to repel unforeseen threats.
Problem today
Secure unified endpoint management solutions (SUEM) can support things like zero trust security, dynamic access rules and advanced threat response. Most organizations, however, are still far away from achieving that level of access and visibility.
- Currently, 72% of IT and security professionals say their security and IT data is siloed — a stunning figure, given the implications.
- 63% say these silos slow down security response times.
- 54% say this weakens the organization’s overall security posture.
Why it matters
Enterprise tech ecosystems are growing ever more unwieldy. Everywhere Work is driving increasing complexity of endpoints and systems that IT must optimize and security must protect. This has led to unsecured connections, incomplete updates, etc.
When organizations take a more collaborative approach to IT operations and security (i.e., using SUEM to break down data silos and align objectives), they can leverage powerful, next-generation tools like automated threat intelligence and proactive remediation. And they can finally begin to address issues like device sprawl and higher IT support traffic exacerbated by Everywhere Work.
03
BYOD
Intelligent endpoint management is not complete without a standardized, balanced approach to bring your own device (BYOD), which currently is tolerated at best.
Problem today
Fully 3 in 4 IT workers say BYOD is a regular occurrence, though only 52% say their organizations explicitly allow it. Among those who say their organizations don’t allow BYOD, only 22% say employees follow those rules.
When organizations don’t allow BYOD, they often fail to develop clear processes and procedures to manage personal devices and secure them — as well as the networks those devices access.
Why it matters
Employees often prefer using their own devices (32% say their personal devices are easier to use). So, forbidding BYOD can impact employee mobility, satisfaction and productivity — all of which can impact growth. It can also lead to hidden risks because undocumented devices equal unmanaged devices.
Organizations need to clearly define their protocols for using personal devices at work, including eligibility, compliance, data management and exit planning.
Once these guidelines are in place, secure unified endpoint management solutions empower IT and security teams to manage, monitor and secure all end-user devices, including personal devices used for work, from a single centralized platform.
04
Action steps
Experts weigh in on how organizations can mitigate risk and amplify cost savings with secure unified endpoint management.
Make the business case for SUEM
Among the key promises of SUEM is making organizations more proactive. Most organizations wait for an employee to complain (i.e., "my device is not working”) and then IT spends time working on patching. What if an intelligent system could recognize a pattern of device underperformance and recommend automated diagnostics across all vulnerable devices before most experience a problem — all with minimal employee downtime and no IT support required?
This proactive approach isn’t only valuable to individual employees. SUEM offers tools for leaders to identify cost containment opportunities and develop highly informed automation strategies — pinpointing areas where automation can drive efficiency, raise employee experience and improve performance.
And from a security perspective, the data from SUEM solutions offers a clear view of what attackers will be interested in — what's known as external attack surface management. What’s the most likely entry point for an attack? Which systems will they compromise first? What lateral moves may follow? When an organization understands vulnerabilities and their relative impacts, they can prioritize actions from a sea of possibilities.
Define lines of responsibility
Many organizations report a persistent friction between the goals and actions of IT teams and those of security teams — and the frustrations and inefficiency that result from it.
The last five years have brought about exponential growth in what’s called the digital attack surface area (e.g., devices, applications, servers, code, even shadow IT). Who owns this space? Who's going to manage devices, apps or code? We don't have clear swim lanes.
Now with SUEM, we can break down the silos between IT and security, and prioritize actions based on the patterns and signals uncovered. SUEM empowers teams to work off the same dataset to infer, analyze and recommend actions … all from a unified dataset rather than individual data silos. High-performing organizations are evolving from device management into secure device management.
Dr. Srinivas Mukkamala
Chief Product Officer, Ivanti
Develop a no-nonsense approach to BYOD
Bring your own device (BYOD) is a great way to empower your remote workforce when managed thoughtfully. Your BYOD policies, strategies and technology solutions should clearly address the incremental risk associated with allowing personal devices into your office and on your network. For example:
- Eligibility: determine which employees are allowed to use their personal devices for work. Define what types of devices are permitted and which security measures must be followed (e.g., encryption, password management)?
- Responsibility and compliance: set a policy that requires the end user to agree to an MDM policy, which gives the organization the ability to remotely wipe the asset.
- Data management and privacy: predefine and document the level of access given to BYOD devices. Generally, organizations should not provide full network access to an unmanaged device. Take a least-privileged access approach and provide clear guidelines on what data and applications employees’ personal devices have access to.
- Support and maintenance: ensure that you have a list of approved devices. Devices that are different from standard enterprise devices or have older and unsupported apps or OS will increase the cost to support and affect the productivity of the user.
- Exit planning: when an employee departs the organization (or loses BYOD privileges), how will the employer manage and remove existing accessibilities and corporate data and ensure that all personal devices are disconnected from the network?
Alongside these protocols and guidance, organizations need a mobile device management solution where they can enroll and oversee all personal devices used for work. Choose an MDM solution that offers a range of critical management and enforcement features like device enrollment, application management, remote wiping and compliance enforcement.
Daren Goeson
Senior Vice President of Product Management, SUEM, Ivanti
Adopt dynamic exposure management
The sheer number of vulnerabilities and the sophistication of threat actors have both increased dramatically. Add to that, the time it takes to exploit a vulnerability has shrunk. What we currently call “patch management” should more aptly be named exposure management — or how long is your organization willing to be exposed to a specific vulnerability?
If you're making decisions based only on vendor severity or CVSS score, you're going to be blindsided by a lot of vulnerabilities because vendors are not always classifying CVEs as critical. Organizations must take a more nuanced approach and ask: what's actively being exploited? Can we detect where it’s located? Do we have a process to prioritize regular maintenance versus a rapid response or priority update response?
The most security-minded organizations — especially those within highly targeted industries — are now running a two-track system:
- Regular monthly maintenance (i.e., scheduled patch management)
- Continuous maintenance that targets fast-emerging, critical threats
This two-track system, however, can lead to challenges when measuring compliance. When you run a two-track system, you will need to adjust your KPIs to ensure they recognize the value of managing active exploits.
Chris Goettl
Vice President of Product Management, Endpoint Security, Ivanti
Methodology
This report is based on a survey of over 7,300 executive leaders, IT and cybersecurity professionals and office workers conducted by Ivanti in October 2023. The full survey results are published in 2024 State of Cybersecurity Report: Inflection Point.
