Effectively managing devices in crucial, not only to the security of your network but also to the productivity of your people. Devices are the gateway to your organisation’s data and people expect nothing but excellence.
I see it a little bit like goalkeeping in football. If an economic development target is missed, or waiting times slightly dip above the target, management are considerate in their appraisal of an individual’s contribution (akin to cutting the striker a bit of slack for putting one wide of the post). Now see the same manager’s device become infected with ransomware, or suffer a random Wi-Fi or print driver error the morning of their big presentation, and someone’s gonna pay (keeper getting intense flack for letting a ‘soft one’ in). Fair? No. But ho hum, it’s part of being an IT tech and we all come to deal with it or shoot for one of said manager positions!
So what is it that makes managing end user devices particularly difficult in public sector? We dig a little deeper to break it down:
Microsoft have really ramped up their game now, moving from one new OS every 5 years or so to 3 in 6 years (Windows 7 to 10). Unfortunately, their innovation all happened at a time when public sector budgets were hit hard by a reduction in funding. This funding impacted investment in other things too, so if there was an enterprise application due an upgrade – and it could wait – it waited. The chances are it’s still waiting. In our experience, this is one of the primary reasons end user device management is in a tough place in many public sector organisations.
Life was a lot simpler for IT admins when everyone had a Windows desktop PC. When Apple released the iPhone almost 10 years ago, everything changed. Now we have iOS, and MacOSX courtesy of Apple. Never one to miss out on the party, Google’s now in deep with Chrome OS and Android respectively. When you take into account the variations in Android kernels from different smartphone vendors, and the different versions of each, the IT admins job has certainly become more complex in recent years.
When one your executive team brings in his shiny new iPad after Christmas and wants to access his or her email on their winter sun holiday to Lanzarote so that they can “keep on top of email”, the expectation is you can accommodate that.
What you can do
Fortunately, as the devices and systems you have to manage have become more diverse and complex, so have the management tools available to bring it all together.
Management suites like System Center 2016 (previously SCCM) combine end user device management with controller and server management, to create a complete package.
While this is great for Windows, it won’t get you all the way with the shiny iPads or pesky Androids. Luckily, Microsoft spotted this gap a number of years ago and Intune slots in nicely with System Center 2016 to create a full management suite that can manage all versions of Windows, Android, Chrome and iOS from a single pane of glass.
Multi location working
There’s no doubt in our minds that the more locations you have, the less simple managing devices becomes. Even with great inroads in remote management tools, there still are faults and issues that can’t be fully diagnosed remotely – YES Intel – this includes vPro machines (dead PSU anyone?).
We worked with a local authority last year on a large-scale Windows XP upgrade project. It took nearly a year to complete as the thousands of devices spread across multiple locations all had to be upgraded on a one-by-one basis. Granted, this could have been far simpler using one of the many system management tools (like Windows Deployment Services, Windows Server Update Services or System Center) if the network was configured correctly in the first place, but there’s no doubt that multi location increases complexity.
What you can do
Getting multi location end user device management right is a root to branch process. First off, you have to have the right structure. A lot of that will depend on how many satellite offices you have, how many people you have in each, etc. The right structure then needs supporting with the right remote management tools and the right processes (this involves timing of things like patch and update management so as not to kill your network). One of the more recent innovations to help overcome the specific multi location data security implications is around rights management. We’ve been doing some work with Azure Information Protection. It’s ideal to help for public sector organisations to meet the Government’s security classification scheme and it makes sure that only the right people in the right places can access your organisation’s sensitive data. This can be done automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
You can have the most robust systems, but the biggest risk to security and productivity comes in the form of people. You see, the problem with us humans is…we’re humans. We do stupid things all the time. Sometimes by accident and sometimes not.
Whether it’s within the IT or network team, or one of the wider employees flaunting policy, weird things happen and perhaps this is the one area that will never be fully resolved until our machine overlords are ruling the roost.
What you can do
While crazy or stupid things people do may never be fully preventable, there are things you can do to put yourself in the best shape possible.
This is where you really have to step up and take people on the journey. It starts with training and communication and then continues ad infinitum with constant communication. This is what separates the good organisations from the great. Good organisations probably get most of the recommendations in this article sorted. The great ones nail the people side of things too and it can make all the difference. If you take people on the journey, your end user device management strategy will be properly embedded into the organisation. In our experience, this results in simpler deployments, less security breaches and generally a more stress free existence (which can only be a good thing right?).