You have end users in San Francisco, New York, Delhi, and London. They have laptops, desktops, tablets, and smartphones (and sometimes all four). How will you keep track of which users have been assigned particular assets, let alone ensure the security and usability of them and the networks to which they connect? Three words: distributed device management.
Distributed device management (DDM) is designed to automate many of the processes in which IT engages related to end user computing. Both SaaS and on-premise management suites generally handle at least a significant subset of the following:
- Device discovery and tracking
- Malware scanning and/or compliance with malware protection policies
- Software installations
- Patch management
- Policy enforcement
- Device configuration and change management
- Remote backup
- Data encryption and remote wipe
- Remote control/screen sharing for technical support
Most modern DDM suites work with Windows PCs; some support Windows Phone. Others provide Android and/or iOS support, but these frequently require separate software. Not surprisingly, the ability to leverage DDM services across all devices in an enterprise is a major driver of IT support for Windows-based phones and tablets. Dell’s KACE management utilities, for example, can handle Windows and Mac clients, as well as most popular flavors of Linux.
Regardless of the exact features or device support for any given DDM solution, the goal is to provide IT staff with significant monitoring capabilities for end user computing as well as the ability to fix problems remotely as they arise and push software updates consistently. Out-of-date anti-malware software and operating systems that have not been regularly updated are major sources of infection, making the ability to force updates a key feature of most DDM software. Being able to remotely scan for infection is more reactive than ensuring timely software updates but is still a vital function, especially in BYOD settings or for highly mobile users who may spend much of their time outside of the corporate network and the gateway anti-malware that usually involves.
Similarly, the ability to define role-based policies is a significant time-saver for IT staff (in addition to ensuring that the right users have the right software). For instance, users who are part of a “Mobile Power Users” group in Active Directory might be allowed to install non-standard software while management utilities could detect and remove unauthorized software for all other users. An “Executives” group may have different backup policies than other users and a “Secretaries” group might be the first to receive updated versions of Office.
The burden falls on IT staff and various stakeholders to define policies and business rules that DDM software can enforce. Once these policies are established and in place in the software, however, many mundane but time-consuming IT tasks like software installation can simply be automated. As a result, DDM helps IT achieve better security and compliance while reducing the resources required to keep end user devices safe, functional, and secure.
Chris Dawson is a research analyst and writer for Ziff Davis, among others.
