Identity and Access Management Capability Endpoint Management

Many IT admins don’t necessarily consider endpoint management a facet of identity and access management (IAM), but with systems representing the conduit between a user and his or her IT resources, it is critical to secure them. With that in mind, in this post we will discuss the identity and access management capability for endpoint management.

Identity and Access Management Microsoft® Style

Endpoint management microsoft (cartoon picture of a server)Dating back to Microsoft® Active Directory® (MAD or AD) in the late 1990’s, there is a strong precedence to have IAM and endpoint management exist within the same IT management platform. For example, the concept of GPOs, a key feature of AD, was groundbreaking for the time. What GPOs did was enable IT admins to control not only the users on their Windows-based systems, but the actual device as well.

For IT admins, Active Directory served a dual role all within one neat package. Windows users were authenticated and authorized against the source of truth, Active Directory, to gain access to their Windows-based IT resources and tools. Meanwhile, IT admins were able to control critical security functions related to the safeguarding of one of a company’s key assets: its data. GPOs allowed IT admins to set screen lock timers, enable local firewall controls, disable external disks (USB), and much more remotely for their Windows systems. Plus, the ability to put users in distinct groups made it easy to execute sweeping Policies across Windows-based fleets. But, as we know, circumstances in IT don’t stay the same for long.

New Endpoints, Resources, and Philosophies to Manage

new endpoints, resources (graphic of laptop)The IT landscape started to shift away from Windows-based systems to macOS® and Linux® endpoints. Infrastructure moved away from on-prem implementations to cloud-based Infrastructure-as-a-Service (IaaS) platforms like AWS® and Digital Ocean. The work people used to accomplish in Microsoft Office™ moved to G Suite™ and the cloud-based Office 365™. Applications that once demanded heavy upfront costs were now served up as web-based applications like Salesforce®, the Adobe® Creative Cloud®suite, and Tableau®. All of these additions, plus more, forced the traditional approach to (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/iam-capability-endpoint-management/