I was asked recently what I think will happen in the near to medium term with endpoint devices in large companies. Large companies depending on the industry have to make customized or bespoke technology patterns. My perspective is generalized but with some influence by regulated financial, pharma, insurance and defense aligned companies.
In the not so distant future bring your own device will be the same as bringing your own clothing. No one pays extra money to provide your clothing and you have to be responsible for what you wear, how you dress and how you present yourself. You are effectively a “citizen” and representative of the organization you work with and regardless of the condition of employment.
Today, many companies manage endpoint devices through asset management, software management, data management, subscription, and virtual desktop technologies. These technologies are essentially disconnected from each other and managed through multiple resources. This causes business disruption and confusion through all phases of plan, build and run. Companies are trying to lower their operational risk through using VDI and other virtual constructs but these simply exacerbate the problem. The reason why they may cause more harm than good is due to gaps in vendor security both technological and procedural.
Additionally, vendors compete with each other in ways today that are subversive and with underlying intent that may appear to be operational ignorance. For example, Microsoft recently made changes to licensing models that will have an impact on AWS. The overall cost impact will impact companies using both MS and AWS but Microsoft may have underlying intent to drive AWS VDI or services business to Azure at the cost to its own customer base. These nuances create cost center increases in license and administration outside of the estimated run. It makes for a bad day when trying to explain to the CIO that one company just made a seemingly passive change that will cost potentially millions due to a platform strategy.
Beyond this, virtual machines come with a host of security issues if running on uncontrolled host endpoints. The questions raised to vendors about these vulnerabilities result in answers that deflect or defer the problems to other vendors.
Aside from the problems associated with VDI in security, network, operating system, audio, video virtual driver support and the laundry list of challenges or costs that weren’t expected, companies have to manage a variety of differentiated endpoints.
Today the expectation, is Mac OS, Linux, Unix, Andriod, IOS, Windows, and the many flavors of each. Each OS also has build number, version, and personalization which can impact the maintenance and management of the endpoint.
Companies try to manage the devices through device management tools, application tools, data management tools, group policies, device policies, and other mechanisms. These tools all come with a cost.
This is absolutely exacerbated by mobile devices and the sheer volume of compute in companies through IOT. Every person today, in general, may have 3+ computers on their person at any given time. The expectation is there will be a natural course of data flow in a personalized manner across these devices with security and capabilities balanced in harmony.
People want the ability to execute from almost anywhere at any time on any platform for multiple capabilities. The weight of data on the corporate network has increased exponentially as well. For every device that synchronizes data, we have to account for the device, the overhead, the desired real-time run capabilities.
How will we manage it all?
It starts with an understanding of what industry the person is working in along with the various states and modes of operations.
For example, a consultant in defense may have 3+ devices she works on while off client site (which will be highly contained and controlled). Her consulting company will issue her an identity and associated access and credentials to the data and information tools needed for her to execute her work in the consultancy from a reporting and discovery perspective. The rest of her work performed on client site will be performed in an issued endpoint container. There will be “sneakernet” between the client work itself and her digital workplace with her parent organization. Where her device comes from could be personal or issued by her company but in the future, it will most likely be a personal device(s).
If a person is working in a highly regulated financial industry, banking or other that requires strict adherence to compliance, the rules mostly apply to how the data is managed. For example, GDPR for EU or SEC in the US or FAR or whatever. In some cases, data validation must occur for compliance but the validation does NOT occur on user endpoint devices. It normally happens on a target service platform. Since the requirements are more likely to live on the service side, this enables us to establish fortified service and data controls on the service itself. Each service will be strung together through common identity models but with a “zero trust” model every person and registered endpoint could be validated through a run-time transaction. This means if someone does not meet a condition or criteria for interacting with the centralized capability, they can’t stay and play.
At the end of the day, individual corporate citizens will be required to come “fully clothed” so to speak. They will need to be responsible for the technology they bring or buy.
I imagine a few days before work, a person will be issued an identity. They will associate that work identity with a personal existing identity like Google or Microsoft. They will have to meet data and system corporate zero trust day 1 entry criteria. This means they will have to update, upgrade and/or gain access to an organizationally ready device or set of devices. They will manage a limited number of registered devices probably up to 6 similar to the Microsoft limit. This will give them the ability to have separate and distinct corporate devices if they choose.
Companies will not “worry” about managing updates on endpoints because user endpoints won’t be their responsibility. Vendors will manage their service endpoints and services as well.
What companies will have to focus on is the specialty networks and services for controlled environments like HIPAA or ISO standards and possibly other contained or virtual networked environments unlisted here.
At the end of the day, we will even have people working in MS Teams, or Slack/other collaboration tools with very limited identity and credentials required due to the transactional nature of the collaboration with the contractor, consultant or employee.
The overall cost burden will shift to the worker but companies will compensate the person with the expectations set. Employees will have more freedom to use devices of their choice and will have to be responsible for the devices just as they are for everything else in their lives.
It’s where the world is going. What do you think? I’d like to know!