16 Endpoint Security and Compliance Management Design Guide Using IBM Tivoli Endpoint Manager
1.4 Endpoint security and compliance management
Organizations can have few or as many as several hundreds of thousands of
endpoints that must be tightly controlled to effectively manage risk. In
far-reaching environments, the numbers and varieties of servers, desktops,
notebooks, mobile IT devices, and specialized equipment, such as point-of-sale
devices, ATMs, and self-service kiosks, which are known collectively as
endpoints, are growing at unprecedented rates. With rapidly increasing numbers
of remote workers and roaming devices, there is no well-defined perimeter
anymore. The perimeter, by necessity, must be the endpoint itself.
The pains caused by security and compliance issues, however, are not only in
the attacks, but also in the way that organizations protect themselves. Protection
can be costly, complex, and time-consuming, stretching IT staff thin and driving
costs even higher. After security is in place, many organizations must prove
compliance with internal policies, security standards, and government
regulations. In addition to the pain involved in achieving initial compliance,
compliance drift is another key concern. After compliance levels are attained,
organizations must ensure that the compliance levels are continuously
maintained.
Controlling costs is high on the priorities of IT leaders, affecting IT teams that are
being asked to do more with less. Organizations require a tool that is simple and
scalable. The tool must automate management capabilities so that costs and
complexity are controlled, while still being able to meet compliance mandates.
The Tivoli Endpoint Manager Agent constantly monitors endpoint compliance,
communicating endpoint status and providing real-time visibility through a single,
centralized console. And by using a continually updated policy database of
thousands of IBM Fixlet® messages, and providing the ability for clients to create
their own Fixlets, the Tivoli Endpoint Manager Server always contains current
endpoint compliance, configuration, and change status, enabling real-time
reporting. Reporting through a centralized console provides real-time visibility
into the configuration and compliance status in various easy-to-understand
reports.