Kappa Data Unplugged

Question of the Month: MDM & UEM – Gaining control over your devices without the complexity

Marketing Kappa Data

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 14:40

In the episode of Question of the Month, our shorter podcast series where we tackle one pressing question at a time. Today, Fréderic Van Walle explains the essentials and the evolution of device management: what exactly are MDM and UEM, and how can organizations manage a growing fleet of devices without the added complexity? 

🔗 Meer weten? Bezoek onze website: www.kappadata.be

🎧 Zin om zelf eens aan onze microfoon te schuiven? Laat van je horen!

SPEAKER_01

Every month we take one topic from our Kappa Data IT compass and ask one simple question. Today it's not about your network, it's about something just as critical, your devices. Because the reality is organizations are managing more devices than ever before, such as laptops, smartphone, tablets, and more. And with that growth comes complexity, security risk, and a lack of visibility. So the real question becomes: how can organizations truly gain control over all their devices without increasing complexity? Today I'm speaking to Frederick van Walle, vendor manager at Kappa Data. Hi Frederick.

SPEAKER_00

Hi, Eurine.

SPEAKER_01

Good to have you here. How are you?

SPEAKER_00

I'm great. How are you?

SPEAKER_01

I'm doing okay as well. So perhaps let's start and kick this off immediately with a question. Frederick, this is probably not the first time that you're discussing this topic with customers, partners, perhaps with people within Kappa Data. But today we are talking about mobile device management and more broadly, unified endpoint management. For those who might not fully familiar with it yet, what exactly is MDM or UEM?

SPEAKER_00

Well, it goes quite broad. In the old days, let's say, we only talked about MDM, mobile device management, where we were talking about smart stuff like smartphones and uh tablets. Um today we want to gain more control on laptops, computers in general, but in real life, those are laptops. Now, why would we want to do that? We have Active Directory where we can push things, but that doesn't really give us complete control. We want to know what they use, what do they have, what do we want them to do or allow them to do. Um, we want visibility, we want to know actually everything that they don't use that laptop for something else that is allowed to do. So it can go very far, but the first thing that we want to do is have security, and um the second thing we want to do is just gain stuff like uh return on investment, and that we we we gain money out of it somehow because we use things more efficiently.

SPEAKER_01

So that means that with MDM we're talking about mobile devices such as smartphones and everything around that. For example, your phone at work, you have to make sure that it's uh compliant, that it's secure, and that you are not going to sites that you cannot go to. That's correct.

SPEAKER_00

Uh one of the things, and you don't um well, let's say put things on there that shouldn't be on there. If it's a trusted device, there's mostly no problem. If it's an untrusted device, you just don't want uh some Excel files or whatever being on there, or uh if they communicate with a certain website, you don't want them to upload files, that's the DLP part. Um, you don't want to use them untrusted applications because you don't know what they do on that device. And I'm not only talking about apps on the smartphone, the same goes for laptops. You can go to whatever website you want to, and yeah, and I'm not talking about beautiful women or something, I'm really talking about business-like applications that you think that are good, but that are in real life actually not as good as you think they are.

SPEAKER_01

Yeah, so making sure we are not falling into a trap.

SPEAKER_00

For example, and um uh a lot of advantages that we can gain out of it because we want to gain control, um, we want to have visibility, we see what they do. Maybe we see some people uh using different applications that they shouldn't. We want to block them, or optimize them because people are using different applications, and we we say, Well, don't use that one, we all are using this one, or um we could have a licensing uh double licenses that we use. These people use these licenses, these people use that licenses, and uh we can optimize them by combining them, or maybe you you have like uh 50 people uh that are have assigned a license, but 20 out of them are not using the application, then you could win some money just by optimizing the licenses by knowing what they really do, and then comes the part of being aligned with whatever the company wants. If they say the company says it has to go like that, like password management, for example, you need to have uh 12 characters in the password and figures and this and that that you can check and control that the user has that, no matter from where that person is working.

SPEAKER_01

Okay, so it's not just a controlling ID, but it's also a return on investment ID, and as well to make sure that we as a company are secure. So actually, everybody who is a company, doesn't matter what size, they should be at least investing in UEM or MDM.

SPEAKER_00

Yeah, and uh well, suppose you have friends, right? Not of course you have friends.

SPEAKER_01

I do, thank you for that.

SPEAKER_00

And suppose they say, Well, Euline, you work in IT. Can you somehow make sure that all our smartphones and all our laptops are secure? Can you make sure that we are somehow protected against different kinds of attacks? Then you will say, uh, something like that, where should I start? So you can you can say keep it up to date. That's the first thing you will probably say. But how do you know that they keep it up to date?

SPEAKER_01

And I have to be honest, sometimes I'm also not that up to date either.

SPEAKER_00

You mean yourself or your computer?

SPEAKER_01

Myself and my computer, I think. So both of these.

SPEAKER_00

So if you have a central platform where you see what all your friends are having regarding patches, regarding versions of software and the operating system, if you can see whatever they are using from software and you know that these are to be trusted, if it all comes together, you know that at least that part of the system is safe and then comes in, all these laptops are managed differently. Think out of it, um, this one is bought there, another one is bought over there, so they are all different kinds of laptops. What if you can bring them all together in one platform? Think of macOS and a line XR Windows, etc. And you can all manage that in one laptop and make sure that they are all aligned with what you think that should be the thing that is secure. And what if you say, you know what? Do you have a pin code? Of course I have a pin code. Do you use MFA? What? MFA? Okay, from now on. Multifactor authentication. Click, yes, multi-factor authentication from now on. Click, you will be using MFA. Whether you want it or not. You asked me, do you have a safe computer? Well, I'm giving you uh a safe way of using your computer. So all these things we combine.

SPEAKER_01

And I think for your IT manager, it's also like catching all the flies at once because instead of having it all separately over all the different kinds of computers, making sure that you have the visibility, you're just managing it in one platform, I guess.

SPEAKER_00

Yes, uh, and not only managing, you also have like um as some kind of an inventory, who is using what, how old is that computer, should it be replaced, all these things you need to? Because maybe one laptop is becoming uh end of life or a smartphone, like my old smartphone. It was like three, four years old, it was working perfectly, fast enough for me. Just one problem, it became out of um end of uh life, meaning there were no more updates. And if you work in a security company, you know you should not use devices that have no support anymore. So I needed to replace my smartphone, although I had no problem at all. That you can see in your uh management device uh solution.

SPEAKER_01

Okay. MDM indeed. I think that's definitely a good recap uh to already put it all at once. So it's one uh platform where you can have an overview, when you can gain insights, where you can make sure that you have all the information gathered and uh follow up with everybody in the organization, how big, how small they are. Um what about so this is just one thing. What about like integrations? Is it able to be integrated with everyone, uh with every company, with every organization, or do we need something extra for that?

SPEAKER_00

Now you make me think a bit.

SPEAKER_01

Well, sometimes I try to do that.

SPEAKER_00

Yes, you can integrate with a lot of different things. Of course, it depends on uh what you want to do with it. You can have uh external authentications, you can have internal authentication, depends on the product you're working on, but mostly you want to combine MDM or unified endpoint management with some kind of identity solution because you have the device, you have the identity, and they work together. You need both of them to have a fully secured environment.

SPEAKER_01

Okay, but it is flexible and it's adaptable to your recognition and your standards and needs.

SPEAKER_00

We're talking in general, not for one particular brand. So it depends, of course, on the brand, but it of course it should be adaptable.

SPEAKER_01

Yeah, and talking about adaptable, uh, one of those things is being adaptable to like new compliances, things that the governments are making sure that is in the same line and direction as they want, such as NIST2 and ISO 27001 is uh not one of those uh things that comes up to mind uh quite often. Um, do you have any idea on that? Is it compliant?

SPEAKER_00

Well, that's where uh some things come together. So you have the batch management, but if you can combine it with the identity, you also have the identity management where they ask you for particular passwords, as I explained, because a lot of them just combine the two. Um, you have the MDM part, again, that's the combination because in my mind it often goes together. Um, those are all things that uh are required for NIST2, or if you or if you go to uh the ISO 27001 uh that you talked about, you have the asset visibility, uh, who is using what again, who is using what again, these things come together. What needs to be encrypted, is your device encrypted, is your data encrypted, etc. So, yeah, um, of course, it's both a visibility on these standards, but also an enforcement point for these standards. So, you do have a lot of checks you can put in the boxes certain these two items regarding compliance.

SPEAKER_01

Okay, that's already very good to know. Um, where do you see the future of endpoint management evolving? Well, this can you already give us a little bit on that?

SPEAKER_00

Yeah, but I do have a dream about that. I, in my opinion, and it can't be that far away, you buy a computer from a store, no matter which one. Like you go and buy a television. If you buy a television, you turn it on and you have image. These days, yeah, these days you can install an application to have a certain visibility on uh in a certain country, but no matter which TV you buy, you will have television. And in my opinion, you buy a computer, you open the computer, you see a QR code. You take your smartphone, you scan the QR code, and from that moment on, that is your computer linked to your company, and everything comes in place automatically. And it doesn't matter whether you run Windows or Mac OS or Linux or whatever, you just open it, scan the QR code, and directly it's okay. And if something's not working, you push a button, reset. It wipes everything, you rescan the QR code, and back you're in.

SPEAKER_01

Or you call your internal IT guy.

SPEAKER_00

No, you don't call your internal IT because we want less workload on internal IT. So you don't call internal IT, you push the button and you automatically repair it yourself. That's my future look.

SPEAKER_01

I think your future look sounds great, and it's definitely a good way to go. Let's hope that we can make that work. I do know that we here internally at Capadata we already use an MDM tool, and we are I'm I'm very, very happy with it. Uh, since I'm in marketing, we are sharing a lot of passwords over all the countries and all the nationalities. You're able to give uh everybody the rights that they need, so once a new person starts, it's very easy to set up. So I'm definitely a fan.

SPEAKER_00

You want to hear a story about that?

SPEAKER_01

I'm yes, perhaps a little one.

SPEAKER_00

So you know I I'm a techie, right? Uh I've always had uh full access administrative rights on my computer. Always, all my life. Once, in this case, GymCloud came in, they gave me 24 hours of administrative access. They were being so kind. After not even 24 hours, I got a phone call from support. Hey, I see you have VMware on your computer. So they see that, they know the applications I use and I shouldn't be using. So I said, Yeah, so well, due to our ISO, we shouldn't be using that anymore. So it has good things, it had bad things. But the good thing is, not having um VMware and techies will understand me, it is more secure because in VMware I can do what I want. So you really gain control. The disadvantage for me is I have two computers now. But it's more safe, the other computer is not linked to the uh to the corporate network.

SPEAKER_01

That's definitely a good story to add, and especially for the techies, because for me it's a little bit less comprehensible, but all good on that. Thank you, Frederick, for already the very clear overview. You're most welcome. Great to have you here. Um, thank you for sharing your insights regarding mobile device management, so MDM as we discussed, and Unified Endpoint Management EUM, as we also discussed in this question of the month uh podcast. Um, management devices is no longer just an operational task, it's a critical part of your security strategy because the real challenge isn't just having more devices, it's staying in control of all of them. Until next episode with a new question.

SPEAKER_00

Bye bye.