Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Bottom line: Getting endpoint security right for virtual workforces needs to include self-healing, native endpoint security integration and improved experiences that give employees the freedom to use their own devices.

Solving the paradox of providing anywhere-work workforces with endpoint security for their devices without adding more complexity to tech stacks is a challenging problem to solve. In addition, every endpoint with access to the corporate network is another potential attack surface.

CIOs and CISOs are aware of the agent sprawl already on company-owned and BYOD devices. More agents mean more potential for software conflicts, rendering the endpoint just as vulnerable as if there weren’t any installed.

Forrester’s recent report, The Future Of Endpoint Management, provides insights and useful suggestions to CISOs and their teams on how to modernize endpoint management. Forrester defines six characteristics of modern endpoint management, endpoint management challenges and the four trends defining the future of endpoint management in 2022 and beyond.

The report’s author, Andrew Hewitt, told VentureBeat that when clients ask how to get started with endpoint management, he says, ”the best place to start is always around enforcing multifactor authentication. This can go a long way towards ensuring that enterprise data is safe. From there, it’s enrolling devices and maintaining a strong compliance standard with the UEM tool.”

It’s time to modernize endpoint management 

Endpoint management is table-stakes for securing anywhere-work workforces. Forrester observes that rapidly growing virtual workforces are forcing endpoint management to modernize quickly to stay in sync with what enterprises need. Six characteristics that illustrate how endpoint management is improving due to virtual forces include the following:

1. Enabling management for all devices and apps on a unified platform.   

A single, unified platform to manage company-owned and BYOD devices is now essential for any endpoint strategy. For example, Forrester’s report explains how enterprise infrastructures support multiple operating systems, and one large food distributor “uses 55 versions of Microsoft Excel and 95 versions of Teams.” What’s needed is a unified endpoint management (UEM) platform that supports self-healing endpoints and can scale across company-owned and BYOD devices. Leaders in UEM include Blackberry, CrowdStrike, IBM, Ivanti, Microsoft, ManageEngine, VMWare and others.   

2. Cloud-based platforms have won the endpoint.

Cloud platforms are dominating the sales of endpoint management platforms today because they’re typically faster to implement, more effective at automating patching, and are structured to streamline remote support. CIOs have told VentureBeat often that using on-premises endpoint management as part of their tech stacks often leads to several or even a dozen corporate image configurations that all devices must be configured with. With cloud-based endpoint management, Forrester says enterprises purchase the devices they are standardizing on, configure them with cloud APIs and have them drop-shipped from the factory to the employees’ houses, where startup is completed without needing IT’s time.

3. Endpoint management platforms need to excel at self-service to grow adoption.

IT help desk and security support teams have been asking endpoint security platform vendors to have more self-service capabilities for years to alleviate the drain on their time. However, with anywhere-work workforces now becoming permanent, endpoint management platforms need to fast-track this aspect of their product strategies to gain greater adoption. 

4. More contextual awareness and less device-driven endpoint management are needed.

Modern endpoint management platforms must give employees the freedom to use their own devices while securing them as effectively as a corporate-issued one. Forrester says that’s where endpoint management platforms are progressing with user-centric data that can be used for customizing and then applying the configuration, adjusting policies per device and automatically keeping them in compliance.

5. Automating device configurations and deployment.

IT and security support teams spend a large percentage of their time configuring, reconfiguring and deploying devices remotely. Modern endpoint management platforms need to design in more automated support to streamline configuring and deploying third-party devices. Self-healing endpoint management platforms that have resilience designed can shut themselves off, automatically update device configurations, complete patch management updates, and then redeploy themselves without human interaction. 

Endpoint management platforms that can automate device configurations and deployment include CrowdStrike Falcon, Ivanti Neurons, which uses AI-based bots for self-healing, patching and protecting endpoints, and Microsoft Defender 365, which relies on one of the most advanced approaches to self-healing endpoints for correlating threat data from emails, endpoints, identities and applications.

Absolute Software’s approach relies on firmware-embedded persistence that provides self-healing endpoints and an undeletable digital tether to every PC-based endpoint. “Most self-healing firmware is embedded directly into the OEM hardware itself,” Hewitt told VentureBeat. 

“It’s worth asking about this in up-front procurement conversations when negotiating new terms for endpoints. What kinds of security are embedded in hardware? Which players are there? What additional management benefits can we accrue?” Hewitt advised. Forrester found that “one global staffing company is already embedding self-healing at the firmware level using Absolute Software’s Application Persistence capability to ensure that its VPN remains functional for all remote workers.”

6. Modern endpoint management needs to be analytics-driven.

Collecting telemetry data from endpoints is becoming increasingly useful for achieving more accurate end-user experience management (EUEM). Forrester is seeing the need for modern endpoint management platforms to collect and analyze end-user experience data that helps understand endpoints’ operational health, security, and performance. 

Endpoint security suites for malware prevention, detection, and remediation leads all PC and mobile technologies that firms plan to adopt in the next twelve months, according to Forrester’s Analytics Business Technographics Survey, 2021. Source: Forrester, The Future of Endpoint Management Report, June 6, 2022.

Endpoint management trends driving the market 

Forrester predicts endpoint management will evolve substantially over the next five years, with anywhere-work workforces being one of several catalysts driving its growth. Based on the interviews and research completed for the report, Forrester sees four dominant trends driving the market in 2022 and beyond.

Self-healing at multiple levels has become the market standard

AI is becoming more commonplace in endpoint management platforms to enable automatic remediation of endpoint issues without human involvement. In addition, AI brings greater resilience to self-healing endpoints, a trend that will accelerate in the years ahead.

Forrester’s Andrew Hewitt says that “self-healing will need to occur at multiple levels: 1) application; 2) operating system; and 3) firmware. Of these, self-healing embedded in the firmware will prove the most essential because it will ensure that all the software running on an endpoint, even agents that conduct self-healing at an OS level, can effectively run without disruption.”

Hewitt told VentureBeat that “firmware-level self-healing helps in a number of ways. First, it ensures that any corruptions to the firmware are healed in and of [themselves]. Secondarily, it also ensures that agents running on the devices are also healed. For example, if you have an endpoint security agent running on an endpoint, and it crashes or becomes corrupted in some way, firmware-level self healing can help to fix it quickly and get it properly functioning again.”

Modern endpoint management platforms need to provide self-healing across the three primary levels of applications, operating systems, and firmware to be effective, according to Forrester. Source: Forrester, The Future of Endpoint Management Report. June 6, 2022

Native endpoint security integration designed in

The trend of unified endpoint management platforms offering endpoint detection and response (EDR), vulnerability management, antiphishing and biometric authentication will increase in the coming years. CISOs have long told VentureBeat that they need a combined endpoint management and security platform that provides a unified view and real-time visibility across all endpoints. Leading endpoint management vendors are offering this today. Endpoint management platforms will accelerate the number of acquisitions they make in 2022 and beyond to strengthen this aspect of their product suites.

Experience management convergence or experience analysis

Endpoint management platforms will standardize more on collecting user experience telemetry data natively into their products. Forrester observes that the practice started with use cases that included how to reduce boot-up times but will expand in scope to include apps, networks, authentication mechanisms and more. The goal is to provide the most secure endpoint possible with little to no friction or inconveniences encountered by the user.  

Data protection without enrollment and privacy protection

With the growing demand that users have to protect their privacy, combined with the need to support BYOD models, endpoint management platforms need to focus more on data- and app-centric protections rather than full device enrollment, according to Forrester.

The research firm is also seeing a rise in stand-alone mobile application management (MAM­-only) approaches. For example, one CISO Forrester interviewed is currently using BlackBerry Access on personally owned laptops to separate work and personal data: “The solution provides more flexibility for employees and is saving us seven figures a year in device management costs because we don’t need to enroll the device into MDM.”

Self-healing endpoints are the future 

What’s most encouraging about the future of endpoint management is its focus on keeping the millions of anywhere-work employees productive while keeping their data and identity private. Every CIO and CISO wants to provide endpoint management that achieves those goals and gives users the freedom to use their own devices – and not force a change in their tech stacks in the process.

Forrester’s vision of the future of endpoint management is compelling, predicated on the needs of users globally, many of whom will rarely work full time in an office again, making their freedom, security and privacy the cornerstones that need to guide the development of endpoint management.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.