How to manage other people’s devices

Ever since BYO became a ‘thing’ back in around 2008, the subject of managing BYO devices has been a thorny one.

When it comes to corporately owned mobile devices, the answer is pretty simply: manage the thing. Put an agent on it, manage the device, the applications and the data. If you want to allow the end user to use it also as a personal device, fine, go down the Personally Owned, Corporately Enabled (COPE) route.

Now, there is a pretty traditional solution when it comes to BYO mobile devices too: MAM (Mobile Application Management). As it’s not a corporate device, putting a management agent on it is probably not a route you want to go down. Instead, manage the apps only and inject compliance and security configs directly into them.

Okay, great.

Desktops aren’t that simple. Windows especially, doesn’t have a particularly strict App Store model, meaning that applications, and therefore malware, from a range of sources can be installed with very little effort. So, how do you enable access into your prized, secure systems from an unmanaged, and let’s be clear here, dirty personally owned endpoint?

Remoting platforms such as Citrix Virtual Apps & Desktops and VMware Horizon have been the traditional solution here. Keeping your Windows desktops and apps locked away in your DC or in the cloud means that the workload is abstracted from the endpoint. Anything dodgy on the endpoint cannot (unless there’s some careless misconfig) get access to the Windows session running on the virtual session.

Sometimes however, especially in environments requiring a high level of compliance, or a secure environment that cannot take the risk of losing credentials and data via key loggers etc, there needs to be some management of the endpoint to ensure compliance with security standards and to mitigate risk.

In the past End Point Analysis (EPA) tools have been used to ensure this level of compliance. Think about it though. With EPA tools checking BYO devices, all you’re really doing is leveraging indirect control of a personally owned device by mandating that certain controls need to be in place before they can connect. Yes, you are not ‘touching’ the endpoint, but you are still trying to enforce policies.

What can you do in this situation?

Well guess what? I have a solution. What if you could have complete control and management of that BYO device, but only at the point that the owner / user wanted to connect to your services?

Introducing the IGEL UD Pocket!

The UD Pocket is a very simple solution. It’s a bootable USB-A / C key that you can pop into almost any x86 based device (including x86 Mac) and boot from. This then boots into IGEL OS, which is a secure, light OS built for SaaS and VDI. Once in, and leveraging centralised management, you can connect straight into corporate apps securely. Even better, the IGEL OS is read only, meaning that it is very difficult to compromise. Restart the machine or remove the stick, and the machine boots back into its default OS, whether that’s Windows or Mac.

Here’s a simply tagline: Want to enable your users to use any of their desktop / laptop devices for secure access to your services? Give them an IGEL UD Pocket for On-Demand Management.

Watch my video, I dare you: