Loading
Overhead view of people walking in a concrete courtyard

The path to Unified Endpoint Management (UEM) can enhance endpoint security

01

An introduction to UEM

3 min read

The evolution of endpoint management along with remote work has increased the need for a unified approach among security solutions that helps protect multiple devices, including mobile, desktop and laptop.

The need for enterprise officials to have effective security in place for different device types is more pressing than ever. Consider how the percentage of full-time home-based workers using mobile devices for their organizations expanded dramatically in the wake of the COVID-19 pandemic.

7%in 2019, according to research conducted by the U.S. Bureau of Labor Statistics

42%in 2020, according to the Stanford Institute for Economic Policy Research

The range of endpoints has expanded to cover the Internet of Things (IoT) and any other computing device used by an employee or guest to access network resources.

To add to security risks, some organization leaders allow bring-your-own-device (BYOD) policies among workers. If left unsecured, these devices allow attackers access to corporate servers, sensitive databases and secure networks. The cost of remediation needed from any resulting BYOD attacks can cost organizations millions of dollars and result in months of downtime.

Like other security professionals, you must address all these potential challenges to maintain and protect confidentiality, integrity, identity and nonrepudiation within your organization. The ultimate goal is to achieve effective endpoint security for any type of device, which requires knowing the capabilities of devices in operation, the dynamic threat landscape and changing user expectations. You — and possibly your IT and security team members — need to carefully consider what endpoint management and security solutions meet these conditions, because not all offerings fulfill these goals.

The top options

When discussing endpoint management and security for distributed workforces at enterprises, the following technology solutions appear among the top results:

  1. Mobile device management (MDM)

  2. Enterprise mobility management (EMM)

  3. Enterprise mobility management (EMM)

Some users mention these security software terms interchangeably. However, the goals and capacities of each offering vary considerably, and several differences do exist.

For most enterprises, UEM is the optimal answer among security solutions for better management of remote work because the technology encompasses what MDM and EMM solutions provide separately. A leading UEM platform among enterprises is IBM Security® MaaS360® With Watson®.

To learn more about how UEM benefits security professionals, let’s examine how the offering builds and improves upon MDM and EMM and other work-from-home compliance solutions for mobile devices.

02

Modern device management evolution

3 min read

Evolving technologies and threats meant that mobile device management software had to evolve ultimately into UEM to best meet users’ needs.

The enterprise mobile device management platform emerged as an initial effort to create an environment where the company owned and controlled the functionality of every mobile productivity tool and application. The goal of an MDM solution was to keep corporate data secure while using mobile devices as part of a remote workforce.

An MDM platform uses software as a component to provision mobile devices while protecting an organization’s assets, such as data and content. The following other components are part of MDM tools:

  1. Device tracking

  2. Mobile management

  3. Application security

  4. Identity and access management (IAM)

  5. Endpoint security

As MDM gained popularity, some IT and security leaders included the technology with BYOD policies. They found certain employees enjoyed the freedom and convenience of having one device to switch between business and personal needs anywhere, anytime. These users’ personal devices get role-based access through MDM software to enterprise data and email, a secure VPN, GPS tracking, password-protected applications, and more for optimal data security. MDM software can then monitor the behaviors and business-critical data on these enrolled devices.

The changeover to EMM

MDM technology evolved into being part of enterprise mobility management solutions due to the proliferation and explosion of business and personal applications available in smartphones. This growth, along with an increase in BYOD by employees, led to the need for more targeted management of the data, content and applications on these phones than what MDM provides. Whereas MDM manages just the features of a device, EMM software manages the entire device.

  1. Management through MDM application programming interface (API) for iOS and Android

  2. Integration with vendor stores.

  3. Product Information Management (PIM) app and secure browser for iOS and Android

  4. Near real-time actions

  5. Over-the-air enrollment

  6. Certificate distribution

  7. Integration with AD and LDAP, including Microsoft Azure

Features of mobile application management (MAM) tools include security policies, personal information manager applications, such as email or contacts, and an enterprise applications store for internal applications distribution. MAM led to the evolution of such applications as mobile information management (MIM) and mobile content management (MCM). MIM and MCM focus on the security of a document repository where employees and employers can access and share documents or files without affecting the entire device or other applications.

Combining MAM, MDM and mobile identity, EMM software includes a container designed to prevent data business leakage. Remote workers get seamless but conditional access to intranet sites and use their devices’ VPN capabilities to access corporate applications and data with ease and speed. The goal of EMM is to preserve data security while allowing the remote workforce to quickly connect to business resources and remain productive, agile and competitive in the marketplace.

  1. Simplifies device management and configuration

  2. Helps initiate enrollment requests and distribute apps and documents

  3. Enables greater collaboration



EMM and UEM

EMM serves as a subset of UEM. In fact, UEM technology encompasses MDM, EMM, MAM, MCM and MIM technologies in one solution, as shown in Figure 1.

CMT +
Devices
Desktops and laptops
Platforms
Windows, MacOS
MDM & EMM +
Devices
Desktops, laptops, smartphones, tablets, rugged devices, kiosk, printers
Platforms
MacOS, Chrome OS, Linux®
IoT =
IoT sensors, gateways, wearables
UEM
Devices
Desktops, laptops, smartphones, tablets, rugged devices, kiosk, printers, IoT sensors, gateways, wearables
Platforms
Windows, Android, iOS, MacOS, Chrome OS, Linux, IoT

Figure 1. The attributes of a UEM solution are a combination of client management tools (CMT), MDM, EMM and IoT.

UEM is much more than just bundling these management systems together, however. The technology can help your organization better enable and empower a more hybrid or remote workforce now and for the future, as trends indicate.

03

Trends driving investment into UEM

2 min read

UEM is the choice of many organizations’ IT experts and security officials who want to give their remote or hybrid workforce top compliance and employee experience.

Offering a single platform that helps protect and manage a wide range of employee devices and operating systems, UEM technology provides the following benefits.

  1. Unifying these applications:

  2. • Device configuration

  3. • Data protection

  4. • Usage and security policies

  5. • User experience and productivity

  6. Giving a single, user-centric view to enhance end-user support and gather workplace analytics

  7. Serving as an integration point with key related technologies



  1. Reduction of threats and vulnerabilities

  2. Compliance for business assets and data

  3. Improvement of user productivity, with the freedom to creatively solve business problems with as few roadblocks as possible

These features and activities help you reorganize your employee computing strategy if you plan to shift to a hybrid working model or build a more effective hybrid workforce. UEM solutions can modernize and improve the way you protect and manage a more remote workforce.

Such considerations are important in light of the business climate in the aftermath of the COVID-19 pandemic. A majority of employees anticipate working primarily remotely or in a hybrid fashion at home and at the office for the foreseeable future, often using BYOD policies. Fortunately, UEM technology empowers your employees to do their best work anywhere, anytime.

Employee experience

Locker
Secured
Security is seamlessly integrated into the way people work across endpoints, apps, users and the network.

Head looking left in profile
Informed
Employees are informed and aware of their role within an organization, but also around broader business initiatives and changes.

Hand with star floating above it
Empowered
Employee experience and well-being programs are in place that empower people to do their best work.

Person’s upper body with heart highlighted
Valued
In doing their best work, employees need to feel valued by the organization.

Hexagon of connected circles with person in the middle
Connected
Employees are optimally connected not only to each other, but also to the technologies and systems that support work.

Smartphone
Device agnostic
Employees are enabled to work productively across a range of different device types.


Figure 2. The digital workplace capability of UEM tools offers these potential results for an improved employee experience. 1

Be prepared to meet your employees’ expectations to work wherever they desire without compromising their security or productivity for the preceding anticipated benefits. Capabilities that help you measure and positively impact the employee experience across mobile are important. Seek vendors that offer capabilities and services that transform how you and your organization’s employees conduct mobile work along with helping to strengthen security and mobility management practices.

The essentials in a top UEM solution

Workplace mobility programs with UEM capabilities at their core help you navigate many management, security and connectivity complexities. Other features that help improve reporting, compliance and the security of your mobile workforce are workflow automation and IAM capabilities. Consider the following additional criteria when choosing your UEM solution:

  1. Endpoint and application management

  2. Reporting and analytics

  3. Digital experience

  4. Integration and partner ecosystem

  5. Maturity

  6. Strategy and vision

  7. Marketing impact

UEM platforms that offer this essential range of broad and advanced management and security capabilities should be your top consideration. In this regard, one UEM solution stands out from the competition to fulfill this criteria.

04

Why choose IBM MaaS360 UEM

5 min read

Drive digital transformation with the UEM solution that integrates with your mobile security tools and provides enhanced security with an easy-to-use platform.

To implement a security-rich, work from anywhere, anytime environment while combatting the risk of a distributed workforce, IBM Security MaaS360 With Watson stands apart from other UEM technology. IBM Security MaaS360 With Watson protects devices, applications, content and data so you can rapidly scale your remote workforce and BYOD initiatives. And With Watson, you take advantage of contextual analytics through AI for actionable insights.

  1. You get a scalable global delivery from a security-rich, trusted, open, best-in-class cloud platform.

  2. This solution is extremely user friendly and simple to operate, thanks in part to software-as-a-service (SaaS) technology.

  3. Integration with and management of devices and platforms you use, including the Microsoft ecosystem, is easier than most other UEM options.

  4. No vendor lock-in allows you to use whatever technology you prefer in conjunction with operating IBM Security MaaS360 With Watson.

  5. You have flexibility to determine access to your company’s resources behind firewalls.

  6. AI-powered analytics assist in your daily activities and provide full access to reports as needed.

  7. Compared with other UEM options, IBM Security MaaS360 With Watson is more affordable for small and midsize organizations.

Consider the many features

The MaaS360 SaaS platform allows for evolution to simplify your experience as administrator and support multicloud and flexible consumption models. The platform includes a dashboard that provides a common view for you and your mobile security team. This user interface enables you to have control and overview of all mobile devices and applications used in your organization and prioritize and minimize your backlog of team tasks.

  1. Fast deployment: Simple, self-service provisioning process designed for maximum configurability

  2. Effortless scalability: Trial instantly becomes production environment with the ability to turn up new devices, users, applications

  3. Automatic upgrades: Continuously updated daily with new capabilities and same-day OS support for the latest platform

  1. Enhance real-time event processing framework and apply analytics on a broader data set across your tools.

  2. Experience expanded telemetry on device and application health and operations to predict trends and patterns that helps you reduce outages and save on operating costs

  3. Expand user risk management to look for new device, application and network-level threats and automate response, including conditional access based on the risk score.

  4. Monitor device, application usage and management tasks, such as patching on endpoints, to track impact to end-user productivity.

For device management, you can enable new features and special use cases for BYOD and company-owned Android devices using Android mobile device management. As an administrator, you get expanded application configuration support, including the ability to design the layout of your organization’s managed Google Play Store.

  1. Laptop management and CMT integration

  2. Patching of third-party applications

  3. Patching cycles

  4. Enhanced automation and orchestration

  5. Device hygiene to clean up spaces

  6. Configuration of operating systems and hardware, such as setting battery performance

Taken together, the elements of IBM Security MaaS360 With Watson provide a powerful framework for a remote or hybrid workforce.

Interlocking puzzle pieces depicting unification of devices and users

Figure 3. Using IBM Security MaaS360 With Watson unifies, helps secure and manages your organization’s users and devices.

The following five features distinguish IBM MaaS360 with Watson from the competition.

Smartphone connected to computer monitor screen
Complete UEM
of mobile devices, laptops and things

Cloud
Industry-leading cloud
on a mature, trusted platform

Four connected device screens
Open platform
for integration with leading IT systems

a user interface containing 10 rectangular
Industry-leading user interfaces
for application catalogs and workplace container

Person wearing a headset
Dedicated to your success
with 24x7x365 support by chat, phone and email


Praise from experts

Reviews from outside analysts emphasize the performance and versatility of IBM Security MaaS360 With Watson. Omdia2 designated the solution as a Leader and added, “Well suited for organizations seeking a feature-rich UEM solution that also offers strong mobile security capabilities.” The following considerations stood out to Omdia reviewers:

  1. A comprehensive set of UEM capabilities, with support for a diverse range of operating systems that help organizations manage the many different devices that employees now use in the workplace

  2. A strong set of mobile security features that support core endpoint management capabilities

  3. Actionable and cognitive insights from Watson that help improve how the mobile workforce is managed and secured

KuppingerCole3 analysts gave top marks to IBM Security MaaS360 With Watson for security, functionality, interoperability and usability and called the tool a Market Leader and Innovation Leader. The analysts judged the solution strong for the following elements:

  1. Good content management

  2. Strong patch management

  3. Strong endpoint intelligence

  4. Good endpoint security

  5. Admin and DevOps support

  6. Device management

  7. Wide range of supported endpoints

  8. Strong professional services and partner ecosystem

IBM commissioned Forrester Consulting4 to conduct a Total Economic Impact (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying the MaaS360 solution. The study found the following results:

183%

ROI

USD 14.7 Million

Total net present value of benefits versus costs over three years

90%

Reduced end-user setup times

50%

Increased IT administrator efficiency

50%

Reduced risk of a security breach

90%

Decreased device configuration times

Clients added the following comments in the Forrester report:

MaaS360 helps a lot when it comes to addressing zero-day threats. MaaS360 does a great job of identifying the impacted population, allowing us to focus on developing a strategy to remediate the threat. ”
— Director of mobile product and innovation, financial services
IBM’s risk analysis dashboard is incredibly helpful. Instead of running reports manually and creating for management, I can share the dashboard and give everyone a real-time view of our environment. ”
— Information systems administrator, manufacturing
05

UEM, XDR and zero trust convergence

6 min read

As technology is evolving, you need a zero trust strategy and extended detection and response (XDR) as part of your endpoint security platform and policies.

Zero trust has been one of the most discussed and prioritized concepts since the beginning of the COVID-19 pandemic. According to a research report by ESG,5 respondents from surveyed organizations gave the following results:

35%have implemented or begun to implement zero trust across the organization

36%have implemented or begun to implement zero trust for specific use cases

75%have an active project underway to upgrade their endpoint security in support of zero trust

The big advantage IBM Security MaaS360 With Watson offers is to help you build a zero trust strategy with modern device management. This approach includes protected access to your corporate resources and provides a first step toward digital transformation. Here’s exactly why and how this changeover should occur.

The future opportunities hybrid and remote workforces provide your business can also present many potential security challenges. More devices means more security needs to stretch your IT and security team members. Industries and governments are requiring more device regulations. Ransomware and other sophisticated attacks on devices are also increasing.

For these reasons, you need an XDR solution and a zero trust security solution incorporated into your endpoint security framework along with an UEM. XDR provides threat management with visibility, automation and contextual insights. You receive threat detection and response that enhances your incident response security.

A zero trust approach gives the least privileges to employees to access only what information they need, verifies those employees every time they seek access and assumes that data breaches can happen. The positive outcomes of a zero trust strategy include more productive employees, improved business continuity and a better experience for clients.

Among UEM solutions, IBM Security MaaS360 With Watson is designed to work together with XDR and zero trust strategies. If you add zero trust endpoint security to IBM Security MaaS360 With Watson, you can expect the following benefits:

  1. Expanded security detection, prevention and response on mobile endpoints

  2. Enhanced security analytics to enable responses based on users and devices’ risk posture

  3. Zero trust and XDR use cases through integrations with the IBM Security stack

Consider the following use cases.

Circle containing three Xs with dots on the left side
Threat detection and management
Cyberthreat management systems can help counter advanced attacks by cybercriminals. The zero trust framework assumes a complex network’s security is always at risk to external and internal threats. Modern XDR systems connect tools, unify workflows for a seamless experience, automate work to improve analyst productivity and use open security to avoid lock-in.

Lock connected to three circles below it
Data leak prevention and endpoint security
The growth of ransomware attacks has influenced organization leaders to focus on increasing their data protection actions and prioritizing data security as a feature within endpoint security. Effective device management deployment needs to establish data loss prevention (DLP) policies to limit the movement of corporate data either due to malicious actions or user error, despite operating systems or applications.

Thumb print with a check next toit
Identity management
The modern security model should allow work from any place on any device with access to tools and data in any ecosystem. This model should provide real-time context across all domains, which should be part of any zero trust architecture. Centralized workforce and consumer identity and access management should include the following features:
  1. A unified landing page for enterprise single sign-on (SSO)

  2. Provisioning of any corporate application for use

  3. Configuration of risk-based Conditional Access (CA) policies at a granular level

  4. Multifactor authentication

  5. User lifecycle management



Diamond shape connected to three right-facing arrows
Automation and orchestration
Rapidly solve and iterate on security issues that occur as part of a zero trust practice with orchestrated actions and common playbooks. These features are part of a Security Orchestration, Automation and Response (SOAR) system. The orchestration and automation capabilities build dynamic playbooks that enable teams to adapt faster based on new incident information and focus on high-level investigations by reducing repetitive tasks. Numerous security tool integrations amplify the power of the SOAR system.

Dot graph and line graph on top and a bar graph and circle graph on bottom
Advanced analytics
IBM Security MaaS360 With Watson features Watson Advisor Insights from the console home screen, so you can see real-time alerts to potential security risks and vulnerabilities. The Policy Recommendation Engine uses customer analytics to recommend individual changes to policies that may better suit the organization. AI-powered analytics dives into assessing multiple risk factors spanning device attributes to user behavior, granular reporting, from device activity to application and data usage to installed software and many more.

Computer screen with a shield
Converged endpoint management and endpoint security
ESG research found that more than 55% of the organizations responding believe that endpoint management and endpoint security would align very well in the same solution.⁶ Increasingly, modern UEM solutions have endpoint security features embedded and offer granular types of alerts and automatic management of vulnerabilities.


By converging XDR with a zero trust strategy under IBM Security MaaS360 With Watson, your mobile remote and hybrid workforces get security updates faster and easier than without these processes. Regardless of whatever technological innovations occur for mobile devices, you and your team will be ready to handle these future challenges while keeping operations running smoothly for your employees and clients.

1 Adam Holtby, Omdia Market Radar Unified Endpoint Management Solutions, 2021-22, 18 November 2021.
2 Adam Holtby, Omdia Market Radar Unified Endpoint Management Solutions, 2021-22, 18 November 2021.
3 Richard Hill, KuppingerCole Leadership Compass, Unified Endpoint Management (UEM) 2021, 9 December 2021.