Manage EndUser Devices Simplify device management by aligning
Manage End-User Devices Simplify device management by aligning practices for laptops, phones, BYOD, and everything in between. Info-Tech Research Group Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997 -2018 Info-Tech Research Group Inc. Info-Tech Research Group 1
ANALYST PERSPECTIVE Unified endpoint management (UEM) is inevitable, but work still lies ahead. Unified endpoint management promises to simplify the lives of desktop management teams and mobile device management teams. The same skill set and the same pane of glass can be used to manage all of your devices. The result is a greatly simplified mobile experience and a happier end user. There is a big cost to UEM. Replacing an existing tool with UEM means that you need to replace an existing skill set. Poorly implementing a new tool means continued financial and time costs as your team fights it every day. Before you change out your firefighting equipment, ensure that you know what type of fires you are fighting. Just as you can’t fight an electrical fire or a grease fire with the same extinguisher, you also can’t fight different IT fires with the same tools and processes. Ken Weston, Research Manager, Infrastructure & Operations Info-Tech Research Group 2
Unified endpoint management is the future, but it should be a best practice before selecting a product This Research Is is Designed For: This Research Will Help You: üDesktop Management Teams üMobile Device Management Teams üEnd-User Device Management Teams üReduce the time it takes to fulfill service requests üReduce the number of technician interventions on user devices üSimplify the deployment of devices and apps üBetter secure the system with patch management This Research Will Also Assist: This Research Will Help Them: You: üIT Service Managers üInfrastructure Directors üCIOs üUnderstand their role in device management üUnderstand whether a new endpoint management tool is the right choice for their IT department üSave time and money on desktop management üEnable your desktop technicians to do more with less Info-Tech Research Group 3
Executive summary Situation • Desktop and mobile device management teams use separate tools and • • different processes. People at all levels of IT are involved in device management. Patch deployment is increasing in scope beyond Windows OS updates. Complication • Vendors are pushing unified endpoint management (UEM) products, and • teams struggling with device management are hoping that UEM is their savior. The number and variety of devices will only increase with the continued advance of mobility and emergence of the Internet of Things (Io. T). 1. Many problems can be solved by fixing roles, responsibilities, and processes. Standardize so you can optimize. 2. UEM is not a silver bullet. Your current solution can image computers in less than four hours if you use lean images. 3. Done with, not done to. Getting input from the business will improve adoption, avoid frustration, and save everyone time. Resolution • • • Define the benefits that you want to achieve and optimize based on those benefits. Define the roles and responsibilities involved in end-user device management. Create a training plan based on what your team needs to do with the tool. Create standardized processes within each team first. After each team has standardized, decide if a new tool is required. Stop using device management practices from the era of Windows XP. Create a plan for lean images and app packages. Take an evolutionary, rather than revolutionary, approach to merging end-user support teams. Process and tool unity comes first. Info-Tech Research Group 4
A single-pane-of-glass management tool for all devices, apps, and data is your destination but your journey starts here 3 Optimize Supporting Teams and Processes Extend and/or Adopt Supporting Technologies 2 1 Identify the Business and IT Benefits of Optimizing Endpoint Management Info-Tech Research Group 5
Welcome to the post-PC world! It is a multi-device, multiplatform world today (and an Io. T world tomorrow) Post-PC is not no PC, but the mobility wave of the past decade has added multiple devices and application delivery platforms to end-user computing (EUC). Today 10 Years Later ati ou d S er liz tua vic Vir es 10 Years Ago Cl on Applications • Locked down PCs • Users assigned to specific • • workstations Little device variety BYOD not a major issue • Technology, processes focus • • • on protecting users Multiple endpoint devices per user Users maintains unique profile across devices Access anywhere, anytime is expected • EUC infused into all aspects of life • Support variety of: o Devices o Applications o Ownership models • Strategy focuses on the user, not the device Info-Tech Research Group 6
A multi-device, multi-platform world may be a boon to the technology user but it can be a nightmare for tech managers Tech Manager Challenges Large organizations with complex environments. There’s one tool for deploying updates to PCs and one tool for threat scanning. There’s one tool for managing i. Phones with another tool for managing legacy Black. Berry devices. There’s yet another tool for connecting Lotus Notes to Android devices – and that’s not even considering the Macs. Different processes. It’s not helpful when the CIO, the IT director, and the service desk technician are all installing applications differently and releasing updates to the environment in different ways. Understaffed IT departments and overworked IT support teams. Engineer the environment to work with less effort? Many teams are too busy with the day-to-day pains from not engineering the environment properly in the first place. Too many people doing the same thing. Every time an update is released by Microsoft, two to three technicians perform the same testing in the environment and build packages without telling each other. 1 in 4 IT workers report that they manage devices: • 15% of surveyed CIOs and executives • 30% of surveyed directors • 25% of surveyed managers • 24% of surveyed front-line personnel Any guesses for whether all the device managers in the same organization follow the same processes? Source: Info-Tech Research Group IT Staffing Diagnostic (3, 215 respondents across 90 organizations) Info-Tech Research Group 7
In a multi-device, multi-platform world, virus scanners and patching only for Windows OS isn’t enough To maintain a secure environment, you need to secure all platforms, all apps, all web browsers, and all data. • Web browsers are a major target. 61% of attacks through web apps target the browser instead of the OS (Edgescan). Symantec reported that it discovered an average of 2. 4 vulnerabilities in web browsers per day in 2016. • Macs are becoming a target for attack: “Apple’s operating system, which was once seen as being almost impregnable, saw an increasing amount of malware being detected on it over the course of 2016. ” – Symantec • Do you have the visibility into your environment to even know where to start? You cannot patch apps and platforms that you do not know exist. Create a standard process for ensuring that end-user devices are running up-todate software. Your cybersecurity team determines whether a patch is the best response to a vulnerability. Once they decide, be ready to quickly deploy a patch. Info-Tech Research Group 8
Unified endpoint management promises a single management platform for all endpoint devices, platforms, apps, and data Unified endpoint management (UEM) is about managing all end-user devices – be it a Windows laptop, an Apple smartphone, or an Internet of Things device from a single console. It is based on a convergence of client management tools (CMT) and enterprise mobility management (EMM). Example Product: VMware Workspace One In January 2014, VMware acquired industry-leading EMM vendor, Air. Watch. Since then, VMware has been working to merge and integrate Air. Watch with VMware’s End User Computing (EUC) solution. The result is Workspace ONE, a solution for managing applications, identity, desktops, mobile devices, and security by “integrating access control, application management and multi-platform endpoint management. ” Other UEM Vendors Like Air. Watch (VMware), most UEM vendors’ starting point has been EMM. Other major competitors include: • IBM • Mobile Iron • Microsoft • Black. Berry • Citrix VMware Workspace ONE Info-Tech Research Group 9
Windows 10 is a key enabler of UEM, bridging traditional “desktop” management and mobile device management UEM typically relies on mobile device management (MDM) APIs. For the first time, with Windows 10, Microsoft included such APIs in its flagship OS. Image Source: VMware Result: Tools like System Center Configuration Manager (SCCM) were traditionally used to manage Windows PCs. With the addition of the Windows estate, enterprise mobility management (EMM) is extending to UEM. This is a clear example of Microsoft’s pivot to a “cloud first, mobile first” strategy. Organizations planning large-scale Windows 10 migration should think of the migration as a launching pad for unified endpoint management. For more information, see Info. Tech’s blueprint, Migrate to Windows 10. Info-Tech Research Group 10
But just because vendors are pushing UEM tools does not mean they, or you, are ready for their use in your organization Teams that are struggling with device management are looking for a silver bullet, and are hoping that UEM is their savior. UEM will not magically fix your environment. What it will do is give you: • The ability to push apps, security settings, and updates to devices without them having to be on the corporate network. • The ability to implement per-app-VPN and SSO to ensure that the user is able to be securely productive from anywhere. • One tool for managing both traditional computers and mobile devices. • A divide between personal and corporate data on devices. • One place for collecting metadata and generating reports for both traditional and mobile devices. Expectations created by the IT industry are not realistic in terms of proven benefits or the time it takes to realize them. – John Ward and Elizabeth Daniel, quoted in COBIT® 5 for Business Benefits Realization, p. 8 Determine whether you should: (a) implement a new UEM tool, (b) expand your CMT to manage mobile devices, (c) expand your EMM to manage traditional computers, or (d) make no changes. This decision should be based on the relationship with the vendor, existing (and missing) skills and competencies within IT, TCO, and required feature set. Info-Tech Research Group 11
Prepare for the future and achieve these measurable benefits by optimizing now A proactive approach to device management will reduce long-term effort, prepare you for UEM, and address risks in your environment. Proactive Approach to Device Management Reactive Approach to Device Management • Minimal effort spent upfront • • Effort spikes post-deployment from conflicts and incompatibilities Pre-deployment effort: requirements gathering, configuration, and testing • Fewer post-deployment problems Long-term effort from poor configurations • Less day-to-day maintenance, fewer incidents • Measurable Time spent # of benefits of the per device supported proactive devices approach: Time to provision End-user satisfaction Time spent per update # of self-serve tickets # of device incidents Info-Tech Research Group 12
Phase 1 First, get out of firefighting mode by identifying the real problem By looking at what benefits you need to achieve and what problems you need to solve, you can determine if a change in toolset is right for you. 1 Identify goals based on strengths and pain points 2 Prioritize goals based on stakeholder drivers 3 Determine how best to achieve these goals Implementing a new tool may be like using a regular fire extinguisher to put out a grease fire – it will only make matters worse. If your problem is broken processes and a lack of learning and development, a new management tool will only further break your environment. Info-Tech Research Group 13
Phase 2 Second, improve day-to-day operations Info-Tech’s members report that skill management is a major driver for migrating to a unified endpoint management tool. You will need the following roles to create and manage a sustainable, effective end-user computing environment: 2. Engineer 1. What do your people need to do? 3. Administrator 2. Can they do it? Once you’ve defined your team’s responsibilities, standardize your approach to: 3. How should they do it? 1. Architect • Distributing updates • Installing apps • Joining corporate and personal devices Info-Tech Research Group 14
Phase 3 Third, stop using management tools and techniques from the Windows XP era Save yourself, and your technicians, from needless pain. Your technicians every time an update is released • Stop using thick images. Define one gold image and a collection of app packages. • Identify opportunities for toolset changes and/or consolidation. • Understand the value of metrics, logging, and analytics. • Create a roadmap for improving end-user device management. Info-Tech Research Group 15
Achieve these benefits by following Info-Tech Research Group’s approach to optimizing end-user device management Phase 1: Identify Your Desired Benefits Phase 3: Improve Supporting Technologies Phase 2: Improve Supporting Teams and Processes 1. 1 Identify your organization’s desired benefits of optimizing 2. 1 Improve roles and responsibilities 3. 1 Simplify your image and app libraries 1. 2 Define short-term and long-term initiatives 2. 2 Optimize device management processes 3. 2 Identify toolset changes Tools, Templates, and Deliverables • Executive Presentation • Roles and Responsibilities • Toolset Action Items • Optimization Goals • Skills Required for Your Environment • Core Image and Application Package Outlines • Metrics • End-User Device Management Workflows • Roadmap for End-User Device Management • High-Level Initiatives Our best practices are informed by COBIT 5, ITIL 2011, and the experiences we’ve gathered from countless interviews, analyst calls, guided implementations, workshops, and consulting engagements. Info-Tech Research Group 16
Large health products maker moves to unify end-user service management today, endpoint management tomorrow CASE STUDY Industry Source Research and Development Interview Health. Well. EX*, a global research and development firm for health food products, has more than 8, 000 employees worldwide that use a variety of devices, platforms, and applications – traditional Windows desktops and Macintosh computers, laptops, tablets, and smartphones (both Apple and Android). Core applications include client Windows and Macintosh apps, mobile apps, web apps, and Software as a Service (Saa. S). The company has successfully merged application, data, and identity access into a single device-agnostic portal – VMware Workspace ONE. For device management, Health. Well. EX uses a range of solutions including Microsoft SCCM and Air. Watch and has separate support groups for mobile, Mac, and Windows devices alone range from Windows 7 (and some remaining Windows XP) up to Windows 10 on tablets. Health. Well. EX has realized significant time and effort savings and overall service improvement by moving all user management and application provisioning to VMware Workspace ONE. All users have a single portal for accessing their applications and data regardless of device or platform. However, Health. Well. EX is not using Workspace ONE for UEM. The reason given is because of the investments made in existing tools and processes. Moving to a single UEM solution is being considered as a result of an evolution of the device platforms and tools. For example, Health. Well. EX identified certain Windows 10 use cases as a good fit for UEM. IT will adopt UEM as it achieves a critical mass of Windows 10. * Health. Well. EX is a fictional company name for an actual company that adopted Workspace ONE for end-user provisioning. However, Health. Well. EX will take an evolutionary approach to Workspace ONE’s UEM capabilities. The company has mature tools and processes now, so there is no rush. As platforms and tools evolve, so too will their approach to managing devices. Info-Tech Research Group 17
Over-arching insights By looking at what benefits you need to achieve, and what problems you need to solve, you can determine if a change in toolset is right for you. While UEM tools are powerful, if the real problem is a lack of process maturity or skills, a new tool may only make matters worse. Toolsets might not be there, your environment might not be there, but you need to prepare for UEM because it’s going to happen anyway. Standardize roles, responsibilities, and processes across teams now to prepare for the inevitable. Tech debt and outdated device management practices are costing you time. Poorly configured tools and integrations will break (and need to be fixed) every time they need to be updated. Thick images will leech time when they need to be updated. Don’t update your images and app libraries? Updates will have to be applied during deployment, costing your technicians countless hours. Info-Tech Research Group 18
Use these icons to help direct you as you navigate this research Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities. This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project. This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization. Info-Tech Research Group 19
Info-Tech offers various levels of support to best suit your needs DIY Toolkit “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful. ” Guided Implementation Workshop Consulting “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track. ” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place. ” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project. ” Diagnostics and consistent frameworks used throughout all four options Info-Tech Research Group 20
Manage End-User Devices – project overview 1. Identify Benefits 1. 1 Identify desired benefits 1. 2 Identify initiatives 2. Improve Teams and Processes 2. 1 Define roles, responsibilities, and skills 3. Improve Toolset 3. 1 Optimize supporting technologies 3. 2 Identify toolset changes 2. 2 Standardize device management processes Best-Practice Toolkit Overview of project and benefits identification Optional: Review results of stakeholder input and identify initiatives Overview of end-user device management roles and responsibilities Develop a skills management plan for end-user device management Review our considerations for device management processes Review Info-Tech’s recommended approach to imaging and apps Identify opportunities for consolidating management tools Optional: Overview of the infrastructure roadmap tool Guided Implementations Module 1: Identify the Business and IT Benefits of Optimizing End-User Device Management Module 2: Improve the Teams and Processes that Support End-User Device Management Module 3: Improve the Technologies that Support End-User Device Management Phase 1 Results: • Executive presentation • End-user device management SOP Phase 2 Results: • End-user device management SOP Phase 3 Results: • Action items • End-user device management roadmap Onsite Workshop Info-Tech Research Group 21
Workshop overview Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Identify the Business and IT Benefits of Optimizing End. User Device Management Improve the Teams and Processes that Support End-User Device Management Improve the Technologies that Support End-User Device Management Create a Roadmap and Communication Plan for End-User Device Management 1. 1. 1 Identify benefits you can provide to stakeholders 1. 1. 2 Identify business and IT goals 1. 1. 3 Document these benefits 1. 2. 1 Identify next steps based on desired benefits 1. 2. 2 Define goals based on desired benefits 1. Executive presentation for end-user device management 2. Goals of end-user device management 2. 1. 1 Align roles to your environment 2. 1. 2 Assign architect-level responsibilities 2. 1. 3 Assign engineer-level responsibilities 2. 1. 4 Assign administrator-level responsibilities 2. 1. 5 Rationalize your responsibility matrix 2. 1. 6 Ensure you have the necessary skills 2. 2. 1 Define Tier 2 processes 2. 2. 2 Define patch, update process 2. 2. 3 Define emergency patch deployment process 2. 2. 4 Define deployment process 2. 2. 5 Define app deployment, packaging process 3. 1. 1 Define core image for each device/OS 3. 1. 2 Define app packages 3. 2. 1 Gather action items for improving the support technologies 1. End-user device management standard 1. Core image outline operating procedures 2. Application package 2. Workflows and checklists for end-user outline device management processes 3. Action items 3. Training plan 1. End-User device management roadmap 2. Communication plan Workshop Day 5: Offsite Deliverable Creation Deliverables Activities Contact your account representative or email Workshops@Info. Tech. com for more information. Info-Tech Research Group 22 3. 2. 1 Gather action items for improving enduser device management 3. 2. 2 Create a roadmap and communication plan for improving end -user device management
- Slides: 22