2. How Do I Handle Application and Operating System Version Conflicts?
Control patching through MDM, EMM and UEM tools. IT’s standard advice to end users is to apply all security patches to OSs as soon as possible. But IT teams know that patching too early or too late can lead to application compatibility problems. MDM, EMM and UEM tools can delay OS patches until applications have been tested, then force installation once everything is verified as compatible.
3. What If Old Applications Won’t Run on New Operating Systems?
Sometimes, application updates are simply impossible. Legacy applications on the server side can lead to client-side restrictions: OS, browser and Java version issues are common. The best answer is virtualization: Use a virtual desktop from vendors such as Citrix, VMware or Microsoft, isolated from the rest of the network. This minimizes security risks and keeps legacy applications running without blocking critical updates.
4. What About New Applications that Won’t Run on Old Systems?
IT teams must set limits on what operating systems can be connected to their networks and applications. This is true even in a zero-trust environment. An old, buggy operating system presents an enormous security risk, and virtualization doesn’t mitigate that risk. Forcing updates and budgeting for new desktop hardware can be difficult, but the cost is small compared with potential security risks.
5. How Do I Balance BYOD and Device Management Resistance?
IT departments must manage devices at some level, not just for application compatibility but also for security and access control to business data. BYOD is a two-way street: Users must give up some level of control in order to have their own devices touching applications and data. If that’s not acceptable, then BYOD is not right for that user. Android Enterprise’s Work Profile, which creates a special work partition and guarantees users full privacy regarding everything else on their devices, might be an acceptable compromise for some users, but even that requires an MDM agent on the devices. In the long run, BYOD only works as a cooperative agreement between IT and the end user.