Bringing Shadow IT into the Light with UEM (Unified Endpoint Management)

Productively managing the security risks of unauthorized apps and devices
by Robert Troup, Executive Sales Manager, baramundi software USA

The prevalence of “Shadow IT” varies between industries and companies, but what’s consistent is the need to deal effectively with the serious security and compliance risks from incorrectly configured user-owned hardware, unpatched or unlicensed applications, and unauthorized cloud storage and mobile media.

Shadow IT isn’t so much a problem in itself as it is a symptom of underlying practical issues that result in users and sometimes entire departments finding ways to operate without IT knowledge or involvement. Where users may see a slow-responding internal service provider resistant to innovation and insensitive to day-to-day business pressures, IT sees a lack of understanding of the range of support provided, the limitations of technology, and the expanding array of sophisticated and dangerous threats.

A hard-nosed prohibition of anything not approved by IT can work. But habitual naysaying can cast IT as the tech police obstructing user productivity. On the other hand, being laissez-faire about user devices and apps endangers company data and finances, puts the IT department into a passive-reactive mode and takes it out of the loop on technology buying and deployment decisions.

Unified endpoint management (UEM) systems are a better solution. Increasing adoption of UEM systems is driven by the need to address security, IT asset management and other challenges with uniform, policy-based tools. As the name implies, UEM unites within a common framework and dashboard view common IT tasks including OS and software installation, patch management, license management, mobile device and application management, VM management and remote control. UEM systems also allow IT departments to automate repetitive tasks to improve productivity and alleviate staff burnout.

UEM control of shadow IT begins with an automatic inventory of all network devices, configurations and installed software. A UEM system can detect and uninstall unlicensed or unapproved software and track application usage to identify under-used or unneeded software licenses. UEM systems also enable machine-by-machine permission settings and encryption to address vulnerabilities from removeable media. And UEM increasingly is used to manage mobile device enrollment, app installation, whitelisting/blacklisting and data access control for BYOD programs.

For non-IT managers, UEM-produced data can show the technology deployed in their departments and the possible vulnerabilities. Easy-to-understand hardware and software asset management reports can show ways to reduce costs for unused or under-used systems and justify needed technology purchases. Even a graphical representation of the numbers and types of endpoints and applications that IT is supporting, or where problem points are, can promote dialog and understanding.

The automation capabilities in UEM can accommodate user preferences and minimize disruptions. Automation also frees time for accelerating new technology evaluations. It enables IT to deploy and monitor trials of requested applications with transparency regarding deployment costs, support, security and other considerations. And because users are likely to be better informed about new systems and applications specific to their jobs, IT managers and staff can become more aware of emerging end-user technologies while improving the user experience.

Given the move to enterprise mobility and user expectations of choice, shadow IT is unlikely to disappear. However, UEM provides a foundation for evidence-based company policies about how to manage shadow IT and nearly every other aspect of corporate network usage, costs and operations. UEM also can better position IT managers as knowledgeable technical advisors to other managers on business decisions supported with real-world data.

About the Author

Bringing Shadow IT into the Light with UEM (Unified Endpoint Management)Bob Troup is Executive Sales Manager for baramundi software USA, the Framingham, Mass.-based unit of baramundi software AG in Munich, Germany. He has more than 30 years expertise in customer requirements definition, and sales and implementation of complex security, virtualization, and cloud-based solutions at companies including Shavlik Technologies (now Ivanti), VMware, Auria Corporation and Xyplex.

Bob can be reached online at [email protected] and at our company website

March 1, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...