everythingpossible - Fotolia

Sophos branches out into unified endpoint management

Organizations that use Sophos desktop management are intrigued by new EMM features the company continues to add. Some may move their mobile devices to Sophos for a UEM approach.

Improvements to Sophos Mobile 7 intrigue businesses that want to take a unified endpoint management approach to securing endpoints, but value strong desktop management and security.

The security vendor last week bolstered its enterprise mobility management (EMM) tool by adding support for built-in Google Android containers to separate business and personal content on devices. Many EMM vendors already offer this feature, but the difference is that Sophos is an antivirus and desktop management platform that is improving on the EMM side, while EMM vendors take an opposite approach. By integrating Mobile 7 and the Sophos Central platform, the vendor -- like many EMM providers -- now offers a unified endpoint management approach.

"Running Sophos on ... mobile devices is something that's absolutely appealing," said Shawn Umansky, network engineer Saint Michael's College in Colchester, Vt. "These days, you need to manage more and more, and you need to drive down complexity."

Saint Michael's College uses Sophos Central, the company's cloud-based management platform, to manage all of its roughly 1,200 PCs on a campus of 2,000 students. The school currently uses LANDesk to manage its mobile devices, but because of the advancements Sophos has made in EMM, the IT department is considering using Sophos Central to manage the mobile devices, too.

The school switched to Sophos Central from another antivirus platform in 2015 because it wanted its IT staff of about 20 people to have fewer management responsibilities on their plates. With the cloud service, Sophos takes care of much of the management, and adding the school's mobile devices would reduce complexity even further, Umansky said.

Sophos spreads into mobile

Sophos Mobile 7 supports containers Google built into the Android OS. With the new feature, IT admins can implement strict policies on business content on users' Android devices, such as what apps they are allowed to use, without affecting personal content. If IT needs to remotely wipe a device because it's lost, stolen or if the user leaves the company, they can do so without wiping the personal data.

"This certainly intrigues me," Umansky said. "We are still trying to identify the long-term MDM [mobile device management] strategy, and we always look at opportunities to improve."

Sophos is looking to improve its mobile capabilities in order to deliver more of a unified endpoint management approach. EMM vendors, such as VMware AirWatch, MobileIron, BlackBerry and others, already offer containerization for mobile devices, while Sophos has traditionally specialized more in the desktop management side, said Jack Gold, principal and founder of J. Gold Associates LLC, a mobile analyst firm in Northborough, Mass. 

"They are antivirus first and trying to spread their wings in the EMM area," Gold said.

You have cross-platform intelligence, so your firewall talks to all your endpoints, including your mobile devices.
Doug Grosfieldpresident and CEO of Five Nines IT Solutions

With Sophos Mobile 7 in the Sophos Central management platform, IT can't set the same policies on PCs as they can on mobile devices, but they can access these different policies from the same software platform.

There are plenty of advantages to having one platform cover all of an organization's endpoints. For example, if a breach occurs and Sophos Central detects it, the endpoints that are affected will be cut off from the network, limiting the spread of the issue.

"You have cross-platform intelligence, so your firewall talks to all your endpoints, including your mobile devices," said Doug Grosfield, president and CEO of Five Nines IT Solutions, an IT consultancy and Sophos partner in Kitchener, Ont. "They make decisions as a collective unit, so a firewall can disable a mobile device and you aren't relying on separate endpoint protection software to make a decision about what's happening on the computers."

There is also an advantage in having your desktop and mobile security support through the same vendor, Grosfield said.

"There's just one throat to choke," he said. "Inevitably, when you have multiple vendors involved, they will say, 'It's not us, it's them,' blaming the other vendor for your issue. If there is only one, then you can get to the bottom of the issue quicker."

Next Steps

Know the top EMM vendors in the market

Is UEM the key to desktop management?

What to look for when selecting EMM software

Dig Deeper on Enterprise mobility strategy and policy