Event Recording

Unified Endpoint Management: Practical Considerations

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Hello, my name's Richard Hill, as my colleague mentioned, I'm a lead Analyst at KuppingerCole and today I'll talk about some practical considerations of unified endpoint management, and really the, if the slides could jump up there, that'd be great. That doesn't look like my slide deck.
Really the, the intention of the presentation is to provide an overview of that UEM market based on my analysis of the unified endpoint management solution in the market. And also I'll give you my insights on how I see the UEM market evolving and some criteria that your organization may want to consider when evaluating UEM solution. So let's go onto the next slide please. Right? So with that, let's look at the agenda for today. I'll start out by giving an introduction to unified endpoint management. Talk about how we got to where we are today in regards to UEM, as well as some other topics to note, once I'm done, I'll go over the functional criteria to consider when evaluating UEM solutions based on what I see in the market today. And then I'll look at some nonfunctional criteria to be aware of before selecting a UEM product. And then finally, I'll give an overview of UEM according to that last Ole UEM leadership compass, and then give a brief summary of the market as I see it. So let's move on to the next slide please. And one more
And go ahead and click. So I thought I'd start off by helping to have an understanding of how we got to where we are today. And it didn't seem that long ago where the work environment consisted mostly at desktops and computers and landline phones, which probably dates me, but traditional client management tools were used for desktop computers and relied on manual updates, software and patches that were layered on top of each other. And then later we saw gold images of desktop operating systems where it used to provide a good known state of the operating system, but still required patches on our routine schedule, which would later become known as patch Tuesday. For instance, go ahead and click.
As mobile phones became more economically available, laptops, tablets, computers replaced, many of those desktop computers and the business could control the employee device regarding its operating system and software applications used as well as other security controls. When that D device was within that perimeter of the organization and mobile device management provided the tools to control the device functionality and help manage that life cycle of mobile devices and their platforms and the capabilities such as the OS deployment software distribution, patch, management monitoring, remote control, all those things, as well as helping to automate support other functions that were typically done or executed manually, go ahead and click. And then the enterprise mobility management solutions added mobile information, as well as application and contact management. That ability to push software updates or patches to devices has become what is known today as modern endpoint management, go ahead and click and the range of the endpoint devices or those types have expanded past desktops, laptops, tablets, mobile phones to now include things like printers and IOT devices and wearables like apple watch, or even newer types of endpoints.
You know, like the virtual argumented or even mixed reality environments using headsets like Oculus or HoloLens, go ahead and click. And as businesses were trying to seek improvements in productivity and efficiency while employees wanted to work from anywhere from many times, especially within this COVID 19 world where we live in today, there's a continued push to the cloud environments, also the convergence of OT and it network systems and that sharing of data from industrial I O T type of devices, that the information they collect, allowing both businesses and operations to utilize and benefit from that information sharing as well as the increase in the use of AI ML, analytics, orchestration automation, and vulnerability mitigation capabilities. So in a nutshell, UEM is continuing to evolve to meet that growing list of it requirements. Go ahead and click a couple times.
Yeah, couple more clicks, please. There you go. And as you just saw, the evolution of UEM capabilities continues to grow, including the type of endpoints entering the workspace and other areas of an organization. Some capabilities already exist in the it environment. And other types of adjacent capabilities to UEM are provided by third party solutions that augment or extend into other market areas. So most likely the ability to integrate through UEM extension points will be needed. Two more clicks please. And the integration points may include APIs for accessing directly by invoking API endpoints, such as a restful call to a service could be a private API that facilitates integration of related product services or components within a suite or partner API that manages specific business relationships by integrating software between partner organizations, or it could be open APIs that expose services functionalities to its customers and connectors are typically out of the box adapters between the UEM solution itself and other popular third party solutions.
And then of course, there's SDK type of developer kits where developers could use these software libraries and just drop 'em into their applications to make function or method call and their code, which in turn calls the service API. So which integration method should be used really depends on your own organization's DevOps needs and should be kept in mind when evaluating UEM solutions. So head go ahead and click here. I thought I'd throw in a quick graphic on the UEM market growth from ground view research. Really this chart just shows a steady growth over time in both UAM solutions and services. I, I would expect that that market to grow even more since hybrid work environments will continue at some level due to the pandemic and beyond in other market factors. So let's go ahead and click.
So let's move on to some functional criteria I see in the market today, go ahead and click here. We see, you know, key evaluation criteria to consider when evaluating UEM solutions. And so having that ability to manage devices, applications, and content patch management is a critical capability to have having that ability to view all your organization. Endpoints is important too. And I'm seeing an increase in the use of endpoint intelligence from UEM solutions and the level of endpoint security features is key as well. And let's not forget the teams that need to support the UAM solution over time, those administrators and DevOps teams. So let's go over these capabilities in a little more detail, go ahead. Click device management is the management of all the various endpoint types that includes life cycle management, such as maintaining a device inventory over time, onboarding provisioning, decommissioning of those endpoints operating system management and providing remote access for support like troubleshooting or even wiping when required let's click application management.
This category of capability focuses on that ability to control and apply policies to applications in regards to the endpoint devices, as well as other application management features, it includes that capability to enroll devices and users via app stores, for example, or software packaging and deployment distribution of applications to endpoints, whether it's bulk or otherwise applying aspects to of security such as white or blacklisting applications or isolating corporate from private user applications. And these are only some of the capabilities for managing applications on endpoints. Click content management generally refers to that ability to again, apply access rules and policies to this time to documents or other content on the endpoint device. The rules and policies can be cos or fine grain enough to apply down to an individual file. Capabilities can also include catalogs of enterprise documents or content security, as well as audit logging. And again, isolating corporate from private user data are only some of the examples and let's move on.
Patch management is in important capability. This category focuses on that ability to distribute and apply endpoint device system patches to operating systems or applications. For instance, and patches can come from various vendors and that patch can be deployed on a schedule, or you may have a critical emergency patch that needs to be distributed rapidly when necessary other capabilities include reporting of endpoint system status regarding the patch such as, you know, the level of that patch or missing patch discovery as key also as well as the ability to push those out, whether it's a security, hot fix or application security batch or others, also that level of automation that's provided should be looked at let's go ahead, click please. And then enterprise endpoint visibility is the ability to provide a consolidated view and management of all endpoints, regardless of where that solution is deployed. Many organization nowadays have devices or endpoints, you know, spread between offices on premise or at home or out in the field or factories.
And these endpoints may also have access to services throughout it environments, whether it's on-prem in the cloud or hybrid mix of those in that centralized endpoint visibility often features a single pane view via some dashboards, for instance, that provide visibility to device inventory or the state of the device potential threats. And depending on the level of intelligence in that UEM solution, maybe some recommendations may be given on what could be done about those threats, policy management visibility, to the licenses of devices and reporting on compliance or any of the aspects. I just mentioned, just go ahead and click here. You may wanna look at the level in use of analytics or artificial intelligence, typically machine learning to provide that insight into different aspects of UEM domain, as well as ability to drive automation or assist or take action to remediate endpoint related issues when needed as well as other capabilities, such as that ability to access the risk level of an endpoint device, or identify outlier devices that may need attention. Some of the intelligent information that comes from security feeds, which may be from a, you know, the vendor's own security assessment of what they see with their customers or the feeds may be from third party vendors. If security, intelligent feeds are, are not provided through the vendor, whether it's their own or supplied through a technology partner, be sure that there is an integration point via an API or SDK or some other connector available, go ahead and click.
And then there's endpoint security. There's a wide range of endpoint security to consider and such as the ability to collect and analyze information to detect, prevent the execution and malicious code like malware or prevent data loss or prevent loss productivity on devices. Other capabilities to consider can be the level of security intelligence. You know, that forensic investigation tools firewall like features and URL filtering crypto libraries file system monitoring, process obfuscation, as well as the ability to provide strong internal security like authentication for the management of the console or user registration interfaces. And really these are, you know, many capabilities are available and the level of endpoint security varies from vendor to vendors. So you wanna carefully assess what security features are needed from a UEM solution that you're evaluating. Let's go ahead and click.
Yeah. And so lastly, you know, admins and DevOps support, this is the ability to provide it environment support options for both administrators of that solution and the operation team that gives the ability to support their tools, their automation, continuous integration automation features may include, you know, discovering devices or installing agents or assisting with software deployments and patches and workflows can help with common administration tasks such as the setup and configuration. And that level of support intelligence here is, is not yet at the point of something like intent-based configuration, but there has been some progress there. And for administrators, you know, the solution can provide intelligence, for example, using that machine learning models that the system can present admins with contextual dashboards relevant to the issues at hand and make a recommendation for a solution. Another example is a risk analytics and machine learning that could, is used to identify anomalies in user behavior and calculate user and device risk scores based on that.
And these scores can help administrators to make decisions based on the level of risk. So the capabilities I just covered are main types of functionality that I've seen in the market, and that you may wanna consider when looking at a UEM solution. So let's go ahead and click. So moving on to nonfunctional criteria, you may be aware of, yeah, go ahead and click four times. I think slide is a little sticky to get that first bullet point. So deployment models, some things to consider here, like is the solution available for on-premise installation as virtual appliance container based like Docker or hardware appliance or cloud service, and then deciding on the appropriate deployment model should also consider both the current integration changes in future system architecture, design roadmaps, and in complex enterprise ITM structures. That strategic goal should address UEM and security in a holistic manner.
That solution support should be flexible. Hybrid deployments must also be considered when considering a cloud solution ensure that there is support for on premise applications and service as well as legacy systems. And then time to value related to the deployment model is how quickly a UEM solution can be up and running and deliver value to the organization. UEM vendors will often claim that their typical deployment times, but those come from ideal environments, which is useful as a starting guide, but sometimes it's not the vendor, but also the organization deploying that solution that may have longer deployment times due to a number of factors, such as having a more complex it environment or staffing coming up to speed on, you know, the product configuration or just running into issues, not concern that weren't considered during the planning. Like for instance, you may have a homegrown legacy system that turns out to need more customization than consider.
So go ahead and click a couple times and then vendor considerations, large vendors primarily dominate the current UEM market. However, small competitors may offer a more substantial local presence in specific Mar markets that provide leaner or maybe a, a less complicated solution. Having a large number of customers is an indicator of financial strength. And it also potentially helps in innovation such that, you know, given that there's a broader variety of requirements that are being brought to the vendor instead of the vendor following, you know, some specific needs of only a few customers. And there should also be a good partner ecosystem in the customer region to support customers throughout the whole UEM deployment and maintenance cycle. Go ahead and click a couple times. Yeah. And a couple more times there too. One more. There we go. So strategic focus vendors with a broad it security product portfolio or UEM is not the primary focus for both development strategy and investment might innovate less on UEM related aspects of their solution.
So ensuring that the vendor has a strategic focus on UEM is an important criterion and the breadth of capabilities while it's best to assess vendors based on your current requirements, your it strategy will most likely change in the future to quickly adapt to emerging market changes and competition. It's recommended to seek solutions that offer a breadth of relevant UAM features that you may require in the future to support new initiatives. So in short, you know, plan and dictate your UAM requirements and alignment with your, you know, broader information or security objectives, for instance, up to, you know, a three to five internal plan, for instance, technical support, understanding that availability and quality of technical support services of the vendor should be essential. Technical support should include technical documentation of the product, which is current and complete and comprehensive. And also in the language that is applicable to your organization, product roadmap, there must be a defined product roadmap communicated to the customer from the vendor.
So the roadmap should help you understand the vendors' future deployment plans and their ability to keep up with innovations new developments, and more importantly, whether it aligns with your organization's security goals and then pricing that vendor's licensing and pricing policy should be carefully considered when aligning current and future requirements vendors may offer free tiers of, you know, cloud based services, but increasing the price for additional features or even providing, you know, software as an open source and then charging solely for support and maintenance. So these are things to consider. So let's go ahead and click. Now, let's look at the market as Cola season, based on that last leadership compass published back in December, 2021, and go ahead and click. And here are the vendors that we reviewed in the em leadership compass. So Egan is a German company with a client management platform focusing on that dock region bear Monday, privately owned company, serving the mid-market with a strong EU presence.
It's management suite focuses on the management of workstations and other endpoint environments. BMC is headquartered in the us it's heli platform. It's a SA based operation management solution with client management. That includes some UEM features Citrix, another us company with endpoint management solution, which was formally Zen mobile, intra spun, outed Ws oh two back in 2018. And it provides a single platform for T UEM and em, M use cases, HCL B fix formally owned by IBM until HCL acquired it in 2019 and maintained an IP partnership with IBM, which applies to part of the big fix portfolio. But it has a strong presence in north America, as well as other regions in the world. IBM, of course, one of the largest us based firms it's mass 360 with Watson is a SA based UEM platform. Avanti has a global presence and its neurons for UEM is really strengthened by its acquisitions of mobile iron and pulse secure lately.
And manage engine is a Zoho company that provides a desktop central platform for UEM capabilities matrix 42, another German company that offers its secure unified endpoint management platform, micro focus, UK based company that gives UEM capabilities with its Z work suite. Microsoft endpoint manager is a consolidation of its endpoint, configuration management and iTune Meador is a privately held, which is company based in Finland offers a cloud based mobile device management platform. Hex node is a software division of Migo that offers a UAM solution. Quest is another us space company with a case suite that provides its UAM solution and then VMware workspace, one unified endpoint management as part of its portfolio. And the vendors to watch are notable companies in the UAM space, but I'll leave you to look at it through the leadership compass for more details. So let's click on the next slide please. So the overall leadership rating is a combined view of three leadership categories, that product leadership, the innovation leadership and the market leadership and vendors can range from strong to weak in any of these three areas. And we really recommend that you look at all leadership categories, the individual analysis of the vendors and, and their products to get a more comprehensive understanding of the players in this market. So we see six vendors here, Richard overall leadership category, Richard
Richard, Richard, Richard, Richard, Richard, hi poll here, just letting you know, you've
Got about four minutes left. Okay. Okay. You we'll we'll, we'll kind of get through these pretty quickly move on the next slide.
All right. So here's the product leadership, which is mainly based on the analysis of product features, overall capabilities and services and their functional strength. Let's move on to the next slide. And here's the innovation leaders, challengers, and a few followers. Innovation is what customers require for keeping up with that constant evolution and emerging requirements for that they're facing also note that the vendors that are grouped together tend to have about the same level of innovation and some vendors accelerate their innovation through acquisitions, such ASEE through its acquisition, to mobile, iron, and pulse secure. As I mentioned, and the leadership compass provides much more detail. So take a look at that and let's move on to the next slide.
And then lastly that the vendors in the market showing here are more spread out with less groupings. The market is comprised of many factors, such as you know, the number of customers, the geographic distribution of customers, the size of deployments and services that they have, the size of the geographic distribution of partner ecosystems could be their financial health of the participating companies, as well as many other factors. And the market leadership from our point of view requires having at least a level of global reach, although there's some global it vendors in the leadership position and a number of challengers that are increasing in that market presence and partner equal. So there's still plenty of room here for growth in the UEM market. So we should see more coming out next year as we do another leadership compass on UAM. One more click, please.
So now very quickly some key takeaways from reading this UEM leadership compass really should be that, you know, leaders have a good mix of product features and innovation and market share, but each of those vendors has specific strengths and should be examined in detail during RFPs to see which UEM solutions fits your organization's specific needs. And the UEM market continues to grow and will focus more on hybrid workspaces as we move forward. And then lastly, the, the integration really is key because the solutions may need to integrate with either existing services in your environment, or you may need a third party solution to augment that UEM solution. So also consider support for orchestration and automation of those time consuming tasks. And I think I'll stop there and thank you for your time. Thank you.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00