No one can say for sure what the future workplace holds, but it’s a safe bet that many people will continue to work from home at least part of the time, while also doing some work in the corporate headquarters or other company-owned facility. This hybrid work model appeals to both employees and employers because it provides flexibility and can even reduce costs in office supplies, real estate, utilities, and other areas.
This type of environment also presents challenges. For example, how can organizations protect employee devices, provide secure access to networks and data, and ensure proper use of apps on devices and in the cloud, when workers might be shifting from location to location?
One way to make hybrid work environments easier to manage is to deploy technologies such as unified endpoint management. UEM platforms provide a central interface for managing all endpoint devices used within an organization. UEM can help companies manage mobile devices, laptops, desktops, printers, wearables, and Internet of Things (IoT) devices through a single management console.
“Accelerated adoption of remote and hybrid work has increased pressure on end-user computing groups to rapidly implement new technology, improve patching levels, and increase compliance,” says Tom Cipolla, senior director analyst, Digital Workplace Infrastructure & Operations, at research firm Gartner. “UEM tools increase the ability of these teams to respond to this pressure by unifying all device operations into one platform.”
Without a UEM approach, multiple teams are needed to coordinate activities with their own unique definitions of success, leading to unsuccessful enterprise-wide patching, slow software rollouts, and inconsistent device management practices, Cipolla says.
Many organizations that haven’t deployed UEM are not fully aware of the benefits or are reluctant to invest the resources to migrate, Cipolla adds. “To overcome these obstacles, they should take an objective approach to reviewing UEM capabilities, especially those which automate current manual tasks,” he says. “They should also take a phased approach to migration, to enable skill growth and to allow time to apply lessons learned throughout the transition.”
Here’s how four organizations are leveraging UEM to manage their emerging hybrid work environments.
USSFCU: Enhancing security and user experience
The US Senate Federal Credit Union (USSFCU) was in the midst of a remodel of its headquarters building when the pandemic changed everything. Since then, the financial services provider has shifted its focus to enabling hybrid work, and is using VMware’s Workspace ONE UEM platform to support the new model.
“We initially deployed the platform as an isolated piece of our enterprise, meaning not as a part of a larger employee workplace strategy,” says Mark Fournier, CIO.
However, with the shift to remote work that began in 2020, as well as what Fournier describes as a growing sophistication around application consumption, identity management, and the “journey towards a holistic employee experience,” the platform now serves as a core part of the organization’s hybrid workplace strategy.
USSFCU is using the UEM platform alongside Workspace ONE Access (an identity management application), Workspace ONE Assist (a real-time technical support tool for remote workers), VMware Horizon (a desktop and application virtualization product), Dynamic Environment Manager (a desktop profile management tool), and other technologies from the vendor, Fournier says.
Prior to deploying UEM, “we actually had no support for centralized management of company devices at all,” Fournier says. “Mobile devices were generally not permitted, and what we did have went largely unmanaged. This is a problem that I think many businesses face. Either they see this level of management as too complex, too costly, or not really worth the time in terms of appreciable benefit.”
One of the biggest benefits of UEM is the security it provides, Fournier says. Being able to ensure the identify of users of enrolled devices is a key to keeping data and systems safe from intrusion, for example.
By leveraging a Dell Factory Provisioning component within Workspace ONE, the organization can more easily provision devices such as laptops to the mobile workforce. “We’ve been able to ship devices straight to our employees, many of whom are working remotely, and see those employees set themselves up with little to no support from IT,” Fournier says.
Not only does this provide a good experience for employees, but it reduces the IT overhead that might otherwise be tied up in dealing with individual systems and configurations, Fournier says. “Most importantly, the [UEM] platform overall helps to reduce the in-person interactions to only what is deemed absolutely necessary in a given situation,” he says. “In today’s COVID-aware world, this is crucial to help keep people safe while also maintaining functionality and security from wherever they need to work.”
USSFCU is aware that in today’s environment, the work model is in a state of constant change. The UEM platform will be a key part of addressing shifting requirements.
“The implementation is more of a journey that continues on,” Fournier says. “UEM is constantly evolving to address new use cases and needs, and we find ourselves always working to iterate and improve what is possible for both IT resources and our colleagues.”
CT Holdings: Supporting infrastructure services remotely
Another company embracing the hybrid work model is CT Holdings. The organization’s family of companies consists of businesses that provide manufacturing and technology services, specializing in industrial wireless network solutions, Industrial Internet of Things (IIoT) platforms, and network management software for customers in a variety of industries.
“We have a hybrid work environment in our business, but many of the employees in our technology solutions organization work remotely and deliver services while in the field,” says Kevin May, president and CEO of CT Holdings. “They encounter and utilize a number of networks in supporting our critical infrastructure customers.”
Employees who provide shared services to the various companies within CT Holdings, as well as IT staffers working in the holding company’s manufacturing services business, require flexibility in working in corporate offices, from home, and from other locales.
To help support this model, CT Holdings deployed Sophos Mobile UEM, a platform that supports the management of Windows 10, macOS, Chrome OS, iOS, and Android devices and provides configuration and policies, inventory and asset management, and detailed reporting on the use of devices.
CT Holdings selected the Sophos UEM at the recommendation of its technology services partner, Technology By Design. The firm “understood our frustrations with the legacy solutions we had in place for threat detection [and] protection and identified gaps in our overall device protection and management practices,” May says.
The services provider worked closely with CT Holdings to identify potential threat vectors at the homes of key personnel within the organization, and deployed Sophos managed security appliances to help CT Holdings manage potential threats.
“Prior to Sophos and Technology By Design, the limited products we had in place and our ability to assess and remediate threats was limited, and not able to scale and support our growth,” May says.
With the UEM and appliances in place, the company has been able to increase its level of awareness of threats and how mobile devices are being used by workers, regardless of their location.
“The Sophos platform makes it easy for us to activate new offerings and keep in step with advancements in device management and security,” May says. “It enables us to continue our growth trajectory without having to add staff dedicated to care and feeding of the devices required to operate a modern business.”
Edison High School: Automating device patching and other updates
The education sector has had to deal with all kinds of uncertainty during the pandemic, including changing work models.
Edison High School in Portland, Oregon, is no exception. The school was looking to automate security, patching, and backup to address challenges such as an “out-of-date and understaffed IT landscape,” says Troy Spetter, director of educational technology.
“Our servers were almost 12 years old and the backup system hadn’t been run in about six months,” Spetter says. “All the updating and patching had to be done manually. It’s hard to stay on top of the IT needs in any organization, but when you face a 160-to-1 ratio of users to IT staff, smart time management becomes imperative.”
To address the various challenges and support a hybrid work environment, the school deployed technology from Quest Software, including KACE Systems Management Appliance (SMA) and KACE Desktop Authority for UEM capabilities.
“We have a large population of Dell computers, and the interconnectivity between those endpoints and the SMA allows for smooth delivery of Dell-specific updates,” Spetter says.
The UEM platform helps keep students’ and staff’s computers updated and protected to accommodate remote learning.
“Our teachers had already run a couple of digital learning days on campus, trying out remote tools using Zoom and Google Classroom with the students,” Spetter says. “But that didn’t solve the problem of supporting all the teachers, who were working from home on their laptops. I knew I couldn’t manage all those systems manually.”
Edison had long had a license for Desktop Authority, Spetter says. “But with limited time and resources, the product was used only to map network shares and printers when people logged in,” he says. “I had just begun exploring the other capabilities of Desktop Authority when schools worldwide suddenly started switching to remote learning.”
While working with Desktop Authority, Spetter learned about the KACE
SMA. “I took advantage of promotional pricing to license the SMA for Edison, then started enrolling the school’s computers and setting up schedules for patching,” he says. “Our priority was to automate as much of the patching and security as possible, then focus on other priorities.”
One of the main enhancements was reduced time needed for patching and other security tasks. “Patching and security used to take up about 80% of my time,” Spetter says. “Now all I have to do is check their status in the SMA window that I keep open in my browser.”
McConkey Insurance & Benefits: Supporting and protecting employee devices
At McConkey Insurance & Benefits, the IT support model the insurer had in place was not designed for a hybrid work environment, according to Steven Gladfelter, technology manager at the firm.
“Our goal was to find a technology platform for the IT department that would be an all-in-one solution to help streamline technical support for our end users, and provide additional tools to assist technical staff in completing work in a quick, efficient way,” Gladfelter says.
The firm also wanted to provide a streamlined method of updating or patching software and operating systems, provide an efficient method to install new or updated software on devices, remotely manage external users working off the main network, create an efficient way to deploy new equipment to staff, and have a central location for inventory and reporting.
McConkey determined that a UEM platform could address all these needs as it migrated to a hybrid work environment, and in February 2021 it deployed ManageEngine’s Desktop Central UEM Edition.
Prior to implementing the UEM, the IT department’s reporting mechanism was severely limited, Gladfelter says. “Desktop Central has provided a valuable tool to address this need,” he says. “Once Desktop Central was up and running, we were able to provide management and IT staff with reporting on equipment, software, and, importantly, patching of equipment.”
The firm has seen three main enhancements to support its hybrid model after adopting the UEM platform. One is that it has ensured that all computer equipment is patched, whether it’s on-site or remote.
“Desktop Central was pivotal in bringing patch management back in house to address critical needs for updating [operating systems] and third-party applications,” Gladfelter says. Previously, a third party was handling updates. “This has allowed us to secure our equipment from external threats that may attempt to access our infrastructure,” Gladfelter says.
Another is enhanced remote support. The UEM enables interactive desktop access and the ability to service equipment behind the scenes through the system management function.
“This provides us with a means to update or fix desktop security problems without interrupting the end user and their work,” Gladfelter says. “If we need to add a user to the local security group, we can now do this. If we need to stop a service that is a potential threat without interrupting the user, our staff has the ability to do so. If we need to copy files to the desktop for a user, Desktop Central provides this ability to our technology staff.”
Perhaps the most important improvement from using UEM for hybrid work has been the ability to enhance security. “As our company moved to a hybrid solution for our workforce, the technology that staff used changed as well,” Gladfelter says. “It was necessary to roll out new laptops for remote workers that not only allowed them to do their day-to-day work activities, but also supported an increase in video communication.”
Desktop Central allows the firm to protect its equipment for remote workers. Since the UEM was deployed, the firm has been patching not only company-owned equipment but also employees’ mobile equipment used off-site. “We are patching not just our Windows [operating systems], but third-party applications as well,” Gladfelter says. “This has been a tremendous boost to providing the necessary security to equipment used remotely.”
Desktop Central also provides a means for addressing the need for a central repository for inventory. “This was an important requirement for us to ensure that all equipment was accounted for once it left the building and was deployed to our hybrid workforce,” Gladfelter says.
