VMworld 2016: As Businesses Go Mobile, Desktop Endpoint Security Becomes Obsolete
Although Microsoft has said it will take longer than expected to achieve 1 billion active devices running Windows 10 (the goal was 2018), adoption is still strong just over a year after the platform’s debut, with 350 million active devices and 96 percent of Microsoft’s enterprise and small to medium-sized business customers engaged in active pilots.
In the world that Windows 10 adoption is heralding, in which more users are accessing Windows on tablets, 2-in-1 devices and smartphones, VMware thinks the traditional attitude toward endpoint security will become irrelevant, and that companies need to combine desktop and mobile security into a unified approach.
In an interview with BizTech at the VMworld 2016 conference in Las Vegas, David Grant, VMware’s vice president of product marketing for end-user computing, said that Windows 10 is enabling new ways of managing endpoints through products like VMware AirWatch. That couldn’t happen on Windows 7 or Windows XP, he said, but thanks to new application programming interfaces, Windows 10 can be managed much more along the lines of a mobile operating system. [Explore all our live coverage from VMworld 2016 here.]
A New Mobile Workspace
Research firm Gartner predicted in the fall of 2015 that by 2018, the number of organizations managing a portion of their PCs or Macs with an enterprise mobility management (EMM) system will rise from less than 1 percent to 40 percent.
VMware thinks the best approach for that kind of endpoint security is what it has dubbed Unified Endpoint Management (UEM), which combines endpoint security, endpoint management and software lifecycle automation. Grant said that it will make IT administrators’ lives simpler and devices easier to manage.
Users are increasingly working from the road or at home and are not connected to their company’s private network. In that world, businesses need to manage, secure and update their users’ devices more like mobile devices, he said.
“Do you really want to have a set of tools for managing your PCs and another set of tools for managing your mobile?” Grant asked. “It’s probably good to unify that as well.”
Grant said VMware sees the line blurring between endpoint management and security, and between IT operations staff and security operations. “Everyone’s been saying that for years, that they’re blurring, and they never really did,” he said. “They kind of have to now. With the proliferation of these devices, the attack surface has gone up. They have to coordinate, because the way we manage these devices is different.”
Windows 10 is generally thought of as a more secure platform than legacy versions of Windows, Grant noted. “If you’re going to do Windows 10 adoption, are you really going to use the new OS of the future and use the old way of managing it? You probably shouldn’t, and you probably are going to look, at least, at new models like VMware’s UEM model.”
New Endpoint Security Approach Brings Benefits to SMBs
Most SMB IT staffs, Grant said, probably use mobile device management solutions, but likely don’t have a “great systems management model.” The average SMB with a small IT staff probably doesn’t have a Microsoft System Center Configuration Manager server to manage mobile device updates, he said, letting users instead manage their own mobile updates in a Bring Your Own Device environment.
VMware’s UEM approach is to let businesses manage desktop and notebook PCs the way they manage mobile devices.
Grant said AirWatch will manage the posture of devices, implement updates and see its status and how it is controlled. VMware partnered with Tanium to develop an endpoint security product, TrustPoint, which provides IT admins with greater visibility into device footprints and security and remediation tools. However, Grant acknowledged that the tool is likely going to deliver more of a benefit to larger organizations with significant device footprints.
Yet both AirWatch and TrustPoint can be packaged together to let small IT staffs perform both device management and security, Grant said.
VMware also wants to use its “App Stacking” technology to package legacy and new Windows applications to make them more like mobile apps. The company does this by putting a wrapper around them and pushing them down to nonmobile devices so they can be more easily managed and patched, just like AirWatch does for mobile devices.
In early August, VMware unveiled AirWatch Express, a simplified mobile device management cloud solution designed for the SMB market.
Grant said the UEM approach, which VMware will detail in the fourth quarter with pricing specifics, will help businesses move away from the model of traditional PC lifecycle management to more of a lightweight AirWatch model.
Grant said that it will “dramatically reduce” the infrastructure requirements of endpoint security since it is cloud-based and does not require servers or IT staff that are experts on legacy technology. “I would imagine, if anything, those two or three IT people [in a small business] are going to see this as a dramatic change in how they manage devices,” he said.