New features such as compliancy checks via MDM (is it a known device belonging to the user and have the right policies been implemented?), XDR (AI-driven eXtended Detection & Response: do anomalies occur on the device?) or CASB/SASE applications (accessing cloud services via a broker that keeps control of data traffic in relation to the end-points) provide additional assurances about whether access to and use of SaaS features is permissible. In addition to these tools, an incident alert organization (SOC) is of course essential!
Now, all these developments combined significant contribute to the idea of IT-out-of-the-wall, or consumerization of IT: IT as a user good and no longer as a management burden. Here, the desktop has been transformed into a cloud connected edge device: local processing power for compute-intensive or graphically complex applications, with data input via keyboard, microphone or camera, synchronized and managed with storage and services available in the cloud.
The desktop of 2010 still exists in physical form and has not even changed that much in terms of content. However, technical management is supported by platform vendors better, and is made available through the cloud. Direction of that management is done with MDM techniques. This desktop must now share its existence with various other, often mobile, devices under the heading of cloud connected edge devices. That multitude of platforms with variations in the available MDM rules does increase the complexity of management again.
For the IT department, another essential task is added: working on-the-edge-of-the-cloud means a much broader attack-surface requiring new and sophisticated cloud scale zero trust techniques. This is to ensure business data security in the cloud era. This way, these devices are virtually part of a high-tech walled garden after all, the only way to prevent arbitrary unmanaged devices from unlawfully using cloud services. That, too, is living on the edge!