Endpoint management and identity management: At a crossroads?

Commentary - Today's workforce is no longer tied to devices. Workers are becoming more mobile and flexible, and are demanding anywhere, anytime access to their applications. As a result, IT and security teams need to do more than just manage and secure physical devices like PCs, notebooks, and smartphones. They need to focus on the workers behind those devices. That's where the two worlds of identity management and endpoint management are rapidly converging.

Traditionally, identity management has focused on managing the user lifecycle. For example, when someone starts a new job, they may be provisioned access to a laptop, business applications such as a CRM system, and the company’s internet. The user’s password and access rights are controlled through an identity management solution. This is one piece of the puzzle. The other piece, endpoint management, focuses on lowering total cost of ownership by automating IT tasks like application distribution, patch management, and Windows 7 migrations. As the workforce becomes more mobile, endpoint management increasingly requires users have the right applications and tools based on their roles and responsibilities. And given today’s increasingly complex IT environment, administrators are shifting toward managing endpoints from an identity perspective instead of simply from a device perspective.

The bottom-line – savvy enterprises today are looking for endpoint management solutions that can do both. They want solutions to automatically manage and secure devices to lower costs, but at the same time, have identity-based capabilities to increase workforce productivity.

One could argue that the convergence of endpoint management and identity is necessary in any large enterprise to prevent productivity lapses. For example, if a user’s laptop crashes, they may be issued a loaner PC, but that’s not terribly helpful if their applications don’t follow them. However, if you abstract the user from the device, you can enable users to access everything they need – based on who they are, their roles and responsibilities – as soon as they log into that device. This immediately drives up productivity.

Let’s look at an example of how endpoint management and identity management are increasing productivity, while reducing cost and IT administration. The IT department for a large hospital was getting frequent complaints from clinicians and doctors who shared workstations throughout the facility. They often experienced time delays finding patient information they needed. Moreover, they had security concerns about sharing resources. Instead of merely employing a solution that focused on devices, the hospital utilized an endpoint management solution with identity-based capabilities. This way, whenever a user logged into a workstation, they always had a consistent-looking desktop and the exact set of applications customized for their role, no matter which PC they used. And because access was tied to each user’s identity, only authorized people could log-on, protecting patient privacy and further ensuring the security of medical records.

The convergence of endpoint and identity management becomes even more critical as businesses shift towards more flexible computing architectures using a mix of physical, virtual and cloud environments, it becomes even more critical for the desktop to follow the user. For example, a large pharmaceutical firm decided to virtualize desktops as a way to gain more processing power when conducting compute-intensive scientific analysis. However, oftentimes virtual machines that have been idle have not been properly patched, leaving them vulnerable to performance issues and viruses. By using endpoint management solutions with identity-based capabilities, the firm could quickly identify which users' virtual desktops had been properly patched before initiating critical analysis. They could then quickly ramp up new computing resources as needed to perform their scientific analysis. This provided significant agility while eliminating risks.

By combining identity-based capabilities with other features like location-based awareness, endpoint management can provide even greater security for enterprises. For example, your typical “road warrior” employee is rarely behind the company firewall and often logs in from remote locations like coffee shops, hotels and airports. Your endpoint management solution should automatically recognize this and apply additional security policies based on who and where the user is. By enforcing policies based on identity and location, IT can provide users more flexibility and freedom while tightening security.

With mobility increasing and threats lurking around every corner, businesses today can no longer focus on managing just physical devices. Organizations must give users the desktop environments and security levels they need to do their jobs, no matter where their users or devices are located. This way, not only can IT help drive down costs, but they can also drive up productivity for workers, no matter where their jobs take them.

biography
Grant Ho is Director of the End-User Computing marketing team at Novell. He leads marketing for Novell Endpoint Management solutions, where his responsibilities include strategic planning for the ZENworks family of products, including competitive messaging, public and analyst relations, demand generation, sales enablement, and joint go-to-market development with Novell's partners.