Publication Date: 13 April 2023

Abstract

This report addresses a key category within enterprise security and risk management programs as described in our Multi-cloud Security Reference Architecture. It provides guidance for developing Unified Endpoint Management and Security (UEMS) strategies to deal with issues exposed during the pandemic as the combination of massive digital engagement and the sudden proliferation of users working from home increased risk and challenged productivity.

A UEMS strategy for large organizations should identify business and technical requirements, capability gaps, target architectures, and implementation roadmaps. This report is a starting point for understanding the UEMS space, formulating your strategy, reviewing your requirements, and building out capabilities in the context of an overall security and risk management program.

This report also provides tools leveraging our enterprise consulting work including a UEMS reference architecture template, process guidelines, a quick market survey, and key recommendations.

 

Authors:

Dan Blum Principal Consulting Analyst [email protected]

 

Executive Summary

Having a secure and productive working environment for employees, contractors, and partners is a modern-day necessity for just about any business. Managing and securing the workforce endpoint computing devices (i.e., desktop PCs and mobile phones or tablets) is likewise critical and has been an area that is often overlooked.

Providing user endpoint management and security (UEMS) to support the required types of devices and applications in a manageable and secure manner represents a significant IT and organizational challenge. Technology, training, and operational support must span multiple types of associates, devices, and network environments. The UEMS must also protect the organization from compromised workforce or third-party devices that could cause security breaches.

Typical UEMS challenges are managing a hybrid, cross platform endpoint environment in which many workforce members and third-party associates work at home or off premises and use personal or vendor-owned devices. Managing and securing this endpoint environment is critical in the modern business world to maintain workforce productivity (including non-employees) and competitiveness. Periodically enterprises must refresh entire subsections of the endpoint inventory with new hardware or OS releases, and this must be handled in a manner that provides strong security with a minimal impact on productivity. The goal is to continue delivering business applications into the environment, protect the organization’s systems and data from breach through compromised endpoints, and maintain regulatory compliance.

The UEMS market category is a big, complex, and always-changing space. It is a fusion of User Endpoint Management “UEM” and endpoint Security (“S”) tools that are working to proactively address the business challenges in endpoint management.  “UEM” itself emerged as the market’s response to the hybrid, cross platform endpoint environment including desktops and mobile devices operated in both company-owned and bring your own device (BYOD) formats.

TechVision Research recommends organizations develop a UEMS strategy to solidify business buy-in from all stakeholders and ensure a smooth, optimized deployment of complex UEMS technology, processes, and support infrastructure. It provides guidance for identifying business requirements and proposing business plans as well as implementation strategies. It addresses technical requirements, capability gaps and maturity assessments, target architecture, and implementation roadmaps.

The benefits of the UEMS strategy will justify the efforts required to create it as it directly impacts employee/contractor productivity as well as addressing a major security challenge. Through a well-planned and well-run deployment that fits the business requirements, full endpoint lifecycle management and security capabilities can be provided. Office employees, field employees, long-term contractors, and vendors or partners requiring access to the IT environment all will be able to work productively and securely regardless of whether they employ a Windows or Mac PC, an iOS or Android mobile device, or any other supported device type.

 

Introduction

Let’s start with basics; What is an “endpoint”?

For this document, a user endpoint is defined as follows:

A computing device, dedicated to a human user, and capable of communicating over a network.

Examples of user endpoints include desktops, laptops, mobile devices (e.g., phones, tablets, field worker devices) and Internet of Things (IoT) devices. These endpoints must support employees, contractors, business partners, and the potential for IoT integration.

UEMS – or user endpoint management and security – is our preferred acronym for combination of capabilities inherent in the industry “UEM” and “EPP” (endpoint protection platform) market categories.

UEMS is vitally important to modern organizations because without workforce users having manageable and secure devices they cannot work safely and productively, nor (in some cases) safely interact with other non-workforce associates such as partners and customers.

A UEMS strategy is necessary for large enterprises to even establish minimal UEMS capabilities and then improve or optimize them. In this report, we provide guidance for developing:

• High-level strategies that identify business requirements and propose business plans as well as
• “Implementation strategies” that (also) identify technical requirements, gaps, capability maturity assessments, target architectures, and implementation roadmaps.

Typical Business Challenges

Some of the most common UEMS challenges that impact how businesses and government entities securely and productively operate include:

• Hybrid endpoint environment: Businesses must support both desktop PC solutions and mobile (phone/tablet) devices for the workforce. That means customers can’t rely solely on endpoint platforms built in management capabilities but must consider cross-platform capable management tools.
• Work from home (WFH) culture: WFH has been a factor at almost all organizations for many years. It has created multiple management and security issues, exploded during the pandemic, and although many users are returning to the office, increased WFH is here to stay. WFH users are more likely to require local admin privileges on corporate-owned devices and/or to perform the organization’s work on bring your own device (BYOD) PC or mobile systems. Systems with local admin and BYOD endpoints can’t be controlled or trusted as well as corporate ones, and they are more difficult to support.
• Compliance and security risks: Endpoints are the doorways through which employees access the organization’s data and processes, and the endpoint environment is a big part of the typical organization’s attack surface. According to “50 Endpoint Security Stats You Should Know In 2023” by Expert Insights, 68% of organizations in 2020 suffered successful attacks on data through the endpoint vector. Companies with large numbers of remote workers or BYOD devices are at the highest risk of endpoint attacks, and BYOD systems are twice as likely to become infected with malware as corporate ones. Ransomware is currently the most common and most dangerous type of malware, hitting 53% of businesses in 2021 (many more than once). Ransomware attacks create major availability challenges that jeopardize business operations and can also turn into data breaches as criminals exploit sensitive or personal information taken from endpoints and other compromised systems.
• Overly lengthy endpoint refresh cycles: Making changes to the endpoint environment can be costly and difficult. It is not just the devices needing updates to new operating systems, applications, or other functionality. It is also a matter of retraining users and rebuilding management, support, and security processes and procedures. As a result, many organizations only update to new PC hardware or to a new version of Windows (for example) once every 3 to 5 years. Five years is a lifetime in the world of IT, and the workforce suffers productivity challenges, and company competitiveness may be impacted during the long wait.
• Cost Control: UEMS infrastructure is costly, starting (generally) with the endpoint hardware, vendor per user cloud subscription or software license fees, and often even larger costs for maintenance and support staff. Many of the software and service costs must be paid for each of the many tools vital or related to endpoints (management, anti-malware, web filtering, network security, etc.) However, lack of strong or at least adequate UEMS creates much higher long-term costs from lost productivity and competitiveness, or even breach issues.

The magnitude of these challenges and the stark cost tradeoffs between doing too little or doing too much (e.g., acquiring unnecessary or unfit tools) drives the need for a UEMS strategy and architecture. We’ll now look at how the market and specific vendors are addressing this critical area of need and how that impacts large organizations.

State of the Market

The market category we call UEMS is a fusion of “UEM” and endpoint security (“S”) tools working to solve business challenges in endpoint management.  “UEM” itself emerged as the market’s response to the hybrid endpoint environment. UEM is a fusion of mobile device management (MDM), mobile application management (MAM), and enterprise mobility management (EMM) tools many years in the making. Leading solutions provide a one stop shop for managing both desktop and mobile devices from a single console via agent-based (aka “client management”) solutions and agentless or API-based (aka “modern management”) interfaces.

Most businesses of any size recognize the need for UEM + S and deploy solutions from some of the leading vendors such as IBM, Ivanti, ManageEngine, Microsoft, and VMWare on the UEM side and from vendors such as Broadcom, Crowdstrike, Cybereason, Microsoft, SentinelOne, Sophos, Trellix, Trend Micro, and VMWare in the security space as well. All or most of these vendors are working to address hybrid cross platform UEMS requirements and to deliver functionality in a cloud-based model.

Microsoft and VMWare have the broadest and deepest functionality across the spectrum of core UEMS capabilities (see Figure 1 in the Target Architecture section). Microsoft has made tremendous advances from the early 2000s to become a leading cross-platform endpoint security and mobile device management vendor while leveraging synergies with its Windows, Office, and Azure product lines. VMWare acquired Carbon Black to address endpoint security, AirWatch to check the MDM box, and continues to provide endpoint and application virtualization solutions arguably second to none.

All the other vendors noted as well as many others have strong functionality in some capability areas required for UEMS. Some of their capabilities may be superior to Microsoft or VMWare’s in some respects. Often the choice between using one or more vendors as part of a complete UEMS solution comes down to a single vendor versus best of breed discussion.

Customers tend to favor the vendors or services they already have deployed currently, or the ones their staff are most familiar with. However, UEMS is a big, complex, and always-changing space. One of the advantages of developing a UEMS strategy using the methodology recommended herein is as follows: The UEMS strategy provides an opportunity to take a step back and a vendor-independent look at the space through the lens of the enterprise’s unique requirements and strategic business or IT objectives.

 

How to Develop a UEMS Strategy

Many of our clients are doing a reset now; looking at their point programs, vendor offerings, strategy and fit for their end point programs in the context of the overall security/risk program. In this report, we provide guidance for developing both:

• High-level strategies that address business requirements and propose business plans, and
• Implementation strategies which, in addition, address technical requirements, capability gaps and maturity assessments, and more detailed technical architectures and roadmaps.

The following are TechVision Research’s guidelines leveraging hundreds of security, identity, and related consulting projects and research we’ve conducted over the years. UEMS is now elevated to the level of importance to warrant the formalization of developing both a high-level strategy and drilling down to specific implementation strategies and approaches. The following provides some high-level guidance for each.

High Level UEMS Strategy	Implementation Strategy
Establish a core UEM team Identify Business Requirements Develop a Target Architecture Perform high level Gap Analysis Define Conceptual Roadmap	Establish a core UEM team Identify Business and Technical Requirements Develop a Target Architecture (in more depth) Perform Maturity Assessment and Gap Analysis Define Implementation Roadmap

Table 1: Guidelines for Strategy Development

A high-level UEMS strategy tends to be conceptual and visionary. It’s the best approach to take prior to having business buy-in for a major UEMS IT initiative. The UEMS team can use the high-level strategy to clarify executive sponsorship and program ownership and set basic stakeholder expectations. Once buy-in exists, developing a full implementation strategy is the best and surest route to deploying a UEMS solution and making it a good fit for the organization. TechVision can provide direct, detailed consulting support to provide overall guidance and an independent outside perspective to this process for our clients.

Establish UEM Strategy Team and Process

Begin developing the UEMs strategy by establishing a team and specific project goals and timelines. In larger enterprises, expect a full implementation strategy to take at least 2 to 3 months. It will require considerable information gathering and multiple workshops to level set team members’ knowledge and expectations, gather and share information, agree on requirements and priorities, and brainstorm architecture and implementation planning.

The UEMS strategy – like all formally commissioned IT strategies – should have an executive sponsor, such as the CIO or first line IT director. For larger enterprises, TechVision Research recommends dividing the UEMS team into a “Core Team” that does most of the work and an “Extended Team” of stakeholders that provide subject matter expertise (SME) on requirements as well as input on proposals affecting their areas of operation.

The UEMS team should interview all key business, IT, and security stakeholders as well as internal SMEs while defining requirements and performing maturity and gap analysis. It is desirable for the team to prepare presentations and reports and to socialize the strategy through workshops for the extended team. Establishing this process is important for achieving the desired result, but also subsequently documenting how and why you made key decisions.

Identify Business and Technical Requirements

Developing a UEMS strategy should start with a thorough understanding of your organization’s key business and technical requirements. Although UEMS requirements and priorities vary among organizations, we can provide a “starting point” based on our research and consulting experience. The most common business requirements we see are to:

• Enable the workforce through a choice of powerful, easy-to-use endpoints.
• Provide ease of deployment of new devices and functionality, including the ability to remotely provision or to drop ship OEM vendor devices loaded with the corporate image directly to a home office. Enable rolling refresh of the endpoint population for new releases.
• Support required platforms including desktop PCs, Macs, iPhone, Android, or other mobile devices as well as Chromebooks and other thin clients.
• Support various user constituencies including office workers, field workers, home office and bring your own device (BYOD) users, contractors, partners or suppliers, and customers^[1]
• Remotely manage endpoints, including ability to install or provide virtual application access subject to user entitlements. Also apply configuration changes or patches as well as enact automated IT policies and procedures.
• Integrate with key IT management tools such as service management, change management, and security management.
• Provide detailed reporting and analytics on performance, security, and usage.
• Reduce risk of comprised endpoints through security capabilities such as antimalware, application control, device firewalls, data encryption, access control, patch management, remote wipe, and SIEM integration.
• Future proof solution with ability to scale and adapt to meet the changing needs of your organization. For example, many organizations may use more traditional on-premises (or hybrid) UEMS solutions but seek to make them 100% cloud-based as soon as possible.

We recommend you then work with your business stakeholders to fine tune or elaborate this list as necessary for specific constituencies, platforms, applications, use cases, and functionality required. You should also collaborate with groups responsible for endpoint support or security in IT and other business units to identify more technical requirements. Be sure to query IT support staff, help desk personnel, and to review incident reports or service requests to discover unmet needs or pain points. Getting input from the business side, security side, IT side and support teams helps to properly represent the capabilities needed and smooths the path towards a successful program.

Once the initial business and technical requirements are established, the next step is to prioritize. Identify which requirements are critical, which are nice to have, and which are of lower priority. This will ultimately factor into your timelines and roadmaps. Critical and other high priority requirements can be distinguished based on business demand for the specific capability. For example, endpoint virtualization might be a high priority for companies that process a lot of sensitive information using contractors or home office users. Application virtualization could also be a high priority, if the same users require access to many applications, especially legacy applications or others that are difficult to manage across dispersed clients.

Some required capabilities may be chosen, or weighted, differently depending on the nature of the business. For example, a big investment in endpoint detection and response (EDR) may be necessary for organizations in financial services, government / defense, and other industries operating in a high threat environment but less critical to others.

While specifying requirements, always remember that technical tools such as EDR (e.g., Crowdstrike, Carbon Black, etc.) require process and budget as well as technology. High level strategies should address who in the enterprise will be responsible for maintaining and funding each UEMS capability. Implementation strategies can then take those assumptions and map out the technical approach.

Develop a Target Architecture

Once you have prioritized requirements, it is important to develop a target architecture for UEMS. This puts your organization in a stronger position to evaluate vendors or develop roadmaps and budgets. Without this approach many organizations simply follow a specific vendor’s roadmap which may or may not fit your prioritized requirements.

Building on the results of the workshops and knowledge gained about the organization’s existing baseline environment during requirements analysis, the UEMS team should create an organization-specific target architecture.

Figure 1 depicts the TechVision Reference Architecture for UEMS. This model can be adapted into a target state architecture for the typical enterprise and has already been used by some of our clients.

Figure 1: A UEMS Reference Architecture

Figure 1 is a contextual and conceptual architecture diagram that depicts the business, regulatory, and risk context which should drive the required endpoint lifecycle management processes, endpoint security capabilities, and how these are supported by related enterprise IT processes and security capabilities.

Core Capabilities

Per the reference architecture, the endpoint strategy should support office employees, field employees (i.e., employees located at retail, industrial, agricultural, or health care sites as well as travelling employees such as salespeople), long-term contractors, and vendors or partners requiring access to the organization’s IT environment. Regardless of whether the user has a Windows PC, Mac PC, or iOS or Android mobile device, enterprises should offer the maximum possible ability for working productively with tools native to the device as well as applications delivered to, and virtual applications or capabilities made accessible to the device.

The UEMS system supports core UEMS processes and technologies. It can manage endpoints with legacy interfaces (such as older versions of Windows or Unix/Linux) as well as modern PC or mobiles devices via APIs (aka “modern management”). It can onboard users to devices; deliver applications; provide training and support; and manage updates, changes, and protection. It aligns with enterprise identity and access management (IAM) services to control contextualized zero trust access policies for each user/device combination. It can wipe lost or stolen devices.

Core endpoint security capabilities can enforce least privilege configuration enabled through the vulnerability and configuration management processes as well as virtual desktop infrastructure (VDI). VDI (to some degree) protects the business from the risk that users may incur compromise on their host endpoints. Endpoint protection systems can also apply application control as another aspect of least privilege operation, and anti-malware capabilities that prevent malware from executing on the host.

When malware does compromise a host, more advanced endpoint detection and response (EDR) capabilities may be also able to analyze and detect the malware and contain or eradicate it. EDR capabilities and preventative anti-malware solutions both rely heavily on vendors’ cloud-based intelligence and security analytics collected from millions of systems across the Internet.

As we described in our Multi-cloud Security Reference Architecture report, UEMS must fit within an overall enterprise security and risk management program. We’ll now describe a few related management and security processes that more directly impact the endpoint management and security program.

Related Management and Security Processes and Technologies

Related management and security processes shown in the diagram include asset inventory, vulnerability and configuration management, and incident response provided through the security operations center (SOC). IT service management can orchestrate UEMS device onboarding or off-boarding as well as training or support services. Vendor or supplier management is responsible for ensuring suppliers whose employees access business assets support the business’s endpoint-related standards.

Related technologies in the network security domain provide additional layers of protection, including network intrusion prevention capabilities within the company’s network segmentation architecture. To some degree, network-based extended detection, and response (XDR) solutions’ anti-malware capabilities can compensate for the lack of strong endpoint protection or EDR defenses on BYOD devices. Network security also includes Cloud Access Security Broker (CASB) systems, secure web gateways (SWGs), and secure email gateways (SEGs) to filter web and email traffic for malicious content. Data encryption and information rights management tools can protect sensitive information on endpoints from exfiltration and breach.

Levels of UEMS Architecture

A high-level strategy can stop here (after some light editing of Figure 1) to suit the desired scope of the organization’s UEMS infrastructure. Planners should anticipate further work down the road on refining the picture to show which capabilities are included and how they’ll work together.

A full implementation strategy should go deeper, determining exactly what capabilities should be provided and provide additional logical and physical diagrams in the target architecture for additional specificity. Although the requirements, architecture, and gap analysis are shown as three sequential sections in this report, the UEMS team should iterate between different levels of target architecture and gap or requirements analysis when delivering a full implementation strategy.

For example, develop a high-level target architecture once business and basic technical requirements are defined. Then perform the maturity and gap analysis. Finally, return to the requirements and target architecture to add more technical detail and further refinements.

Fitting Capabilities and Logical / Physical Architecture to the Organization

Many mid-sized or large enterprises will require most of the capabilities in Figure 1, it’s important to understand that not all capabilities will be:

• Needed by all organizations,
• Deployed everywhere in an organization, or
• Implemented at the same time, in the same order, or in the same manner.

 

For example, the endpoint environment and how it is managed will look quite different in a large law firm or consulting company that’s all office and home users than it will in a hospital network or manufacturing company.

Once you have worked down through the layers of Figure 1 to understand basic functional requirements for different types of users, locations, and endpoint hardware, UEMS architecture is all about selecting management and security capabilities and specifying their logical and physical architectures. These must balance risk with the business mission and operational needs.

Perform a Maturity and Gap Analysis

As the basis for a UEMS strategy, enterprises should review of the current state of endpoint computing at the enterprise and analyze the degree of “gap” between it and updated solutions that could meet the UEMS business and technical requirements to deliver the target architecture. For a high-level strategy, the gap can be assessed relatively quickly and qualitatively.

For full implementation strategies, TechVision Research recommends performing a Maturity Assessment to evaluate current capabilities against enterprise requirements and industry best practices using a Capability Model Maturity Integration (CMMI)-style 5-level model. The findings and gaps from such analysis help the UEMS team flesh out logical and physical target architecture, select vendors or service providers, and develop a 2-3-year endpoint strategy roadmap.

Clients, TechVision Research, or other consultants can perform this task by categorizing the UEMS business and technical requirements into functional domains across a spectrum of processes and technologies such as those depicted in Figure 1, the UEMS Reference Architecture. For each requirement, determine whether the enterprise currently provides a solution. If a solution already exists, determine whether it fully or partially meets the requirement, is completely or partially deployed, and whether it is funded, staffed, and documented such that it could continue to function in the event of reorganizations, crises, etc. If a capability to meet a requirement doesn’t exist or doesn’t rate at least “defined” or “managed” on the CMMI scale, then a gap exists. The UEMS strategy core team should understand and prioritize gaps before defining the implementation roadmap.

Define Implementation Roadmap

Once an organization completes requirements, architecture development, and gap analysis it can develop a UEMS implementation roadmap. The roadmap provides timing and phasing recommendations for building out a UEMS solution factoring in the current state of the enterprise including ongoing business initiatives as well as the UEMS requirements themselves. Roadmap timeframes should cover the next 3 years and provide greater specificity over the first 18 months. In typical TechVision UEMS consulting projects, roadmap recommendations and timing consider the following factors:

• The organization’s current state services, capabilities, and skills.
• Prioritized gaps and requirements.
• Impact to improving user experience in the office, BYOD, and mobile environments.
• The timing of key business initiatives, including infrastructure migration to the cloud.
• Potential impact to the overall security posture.
• Criticality of implementation to meet dependencies from other IT programs.
• Key technology trends impacting the market.

Recommendations

The magnitude of UEMS business challenges; the cost, complexity, and time to deployment; and the major productivity and security concerns entailed make it critical for organizations to develop a tailored UEMS strategy rather than relying on “cookie cutter” vendor roadmaps. The following paragraphs call out several important recommendations towards developing your UEMS strategy.

• Obtain an executive sponsor. The UEMS team lead, often someone in a desktop support management role, needs senior management support for clarifying the business justification to create a UEMS strategy and, eventually, proceeding with the program.
• Establish the UEMS team structure, project goals, and timeline: Gauge the level of buy in when setting the project timeline and objectives. Develop a high-level strategy as soon as possible. Proceed directly to a full implementation strategy once broad stakeholder buy-in exists.
• Align UEMS target architecture with the Multi-cloud Security Reference Architecture: Recall from Figure 1 that a strong and effective UEMS must draw on multiple related process and technology capabilities. Organizations can’t afford to have a disconnect between, for example, the endpoint security architecture and asset management or network security. Therefore, we advise taking the opportunity to work through the Multi-cloud Security Reference Architecture beforehand, or in parallel with, initiatives such as UEMS. Also, the UEMS extended team should engage stakeholders and SMEs concerned with all related processes and technologies.
• Be prepared to support a hybrid, cross platform endpoint environment: This is already a given for many organizations, but some plan to bring all employees back to the office while, at the other extreme, some organizations are motivated to dramatically reduce or eliminate the need for office space. Recognize, however, that business circumstances can change and the ability to support a hybrid work from office / work from home environment contributes to business agility. In addition, new types or releases of endpoint systems are constantly entering and leaving the market.
• Emphasize supportability: Finding resources to support the UEMS and related processes or technologies is a pressing issue for many of our clients. The hybrid UEMS environment is challenging to manage and secure even without factoring in the skills shortage in IT and security. Although a 100% cloud-delivered solution may not be feasible, be sure to consider cloud-based solutions from vendors where available at all layers of the UEMS architecture.

Conclusion

The benefits of the strategy will justify the efforts required to create it. Through a well-planned and well-run deployment that fits the business requirements, endpoint lifecycle management and security can be provided to all supported user constituencies for all supported devices using appropriate tools and processes for both organization-owned and BYOD devices. The organization can improve its ability to onboard devices to users, deliver applications, provide training and support as well as manage updates, changes, and protection much more seamlessly than before.

Endpoint protection capabilities can also reduce compliance and information security risks by enforcing least privilege application control and providing both basic anti-malware prevention and extended detection and response (EDR) capabilities. They can align with IAM processes to control contextualized zero trust access policies for each user/device combination.

The endpoint strategy can enable organizations to deliver modern devices to users through a “rolling refresh” process. Field employees, office employees, long-term contractors, and vendors or partners requiring access to the IT environment will be able to work productively and securely regardless of whether they employ a Windows or Mac PC, an iOS or Android mobile device, or any other supported device type.

About TechVision

World-class research requires world-class consulting analysts – and our team is just that. Gaining value from research also means having access to research. All TechVision Research licenses are enterprise licenses; this means everyone that needs access to content can have access to content. We know major technology initiatives involve many different skillsets across an organization and limiting content to a few can compromise the effectiveness of the team and the success of the initiative. Our research leverages our team’s in-depth knowledge as well as their real-world consulting experience. We combine great analyst skills with real world client experiences to provide a deep and balanced perspective.

TechVision Consulting builds off our research with specific projects to help organizations better understand, architect, select, build, and deploy infrastructure technologies. Our well-rounded experience and strong analytical skills help us separate the “hype” from the reality. This provides organizations with a deeper understanding of the full scope of vendor capabilities, product life cycles, and a basis for making more informed decisions. We also support vendors in areas such as product and strategy reviews and assessments, requirement analysis, target market assessment, technology trend analysis, go-to-market plan assessment, and gap analysis.

TechVision Updates will provide regular updates on the latest developments with respect to the issues addressed in this report.

 

About the Authors

Dan Blum, Principal Consulting Analyst at TechVision Research, is an internationally recognized strategist in cybersecurity and risk management with over 30 years of experience in IT, security, risk, and privacy. His book “Rational Cybersecurity for Business” is a Security Leaders’ Guide to Business Alignment. He was a Golden Quill Award winning VP and Distinguished Analyst at Gartner, Inc., has served as the security leader at several startups and consulting companies, and has advised 100s of large corporations, universities, and government organizations. Mr. Blum is a frequent speaker at industry events and participates in industry groups such as ISACA, FAIR Institute, IDPro, ISSA, CSA, and the Kantara Initiative.

A Founding Member of the Kantara Initiative’s IDPro group and honored as a “Privacy by Design Ambassador”, Mr. Blum has also authored two books, written for numerous publications, and participated in standards or industry groups such as ISACA, the FAIR Institute, IDPro, CSA, OASIS, Open ID Foundation, and others.

Mr. Blum’s career has encompassed a wide gamut of experience. He has written countless research reports and has led consulting projects in North America and Europe, spanning Financial Services, Insurance and Manufacturing, Health Care, Higher Education, and the Public Sector.

During his tenure at Gartner, Mr. Blum held VP positions as a Distinguished Analyst and Agenda Manager with the Security and Risk Management Strategies analyst team. He led the effort to enhance and improve the Security Reference Architecture acquired from Burton Group. He managed successive cloud security track programs at the Gartner Catalyst conferences and spoke at Gartner Security Summit and other events. He also served as the Cloud Security Research lead at Gartner for Technical Professionals.

At Burton Group, Mr. Blum filled multiple roles over a 10-year period, initially serving as Senior VP and Consulting Practice Manager, then as Research Director for the Identity and Privacy Strategies team. He authored, co-authored, or directed all the initial identity Reference Architecture content and co-founded the Burton Group’s Security and Risk Management Strategies research service beginning in 2004.

[1] In a few edge cases, customers may be affected by an organization’s endpoint strategy. For example, a company with testing or training products may provide physical or virtual endpoints for paying customers to use.