Just like with the end of life of Windows XP, once the end of life period hits, Microsoft will NOT release patches and updates for the operating system. That creates a signficiant security hole for enterprises as they need to start planning NOW to put a roadmap together to methodically perform updates before the Summer of 2015.
Supporting Multiplatform Mobile Endpoints: No doubt in enterprises these days, Windows systems only make up a portion of the endpoints with Apple Macs showing up in the enterprise but also now with heavy use of mobile phones and tablets like iPads, iPhones, Samsung phones and tablets, Android devices, etc throughout organizations. And these endpoint devices don't just simply grab emails, but are now devices where users are synchronizing data for offline editing, running core line of business applications, and storing regulated data and confidential content.
As such, enterprises are continuing to implement endpoint management solutions, but a shift this year is moving away from the lockdown management of endpoints to the enablement of endpoints as valuable enduser devices. Organiztions are no longer blocking access to content, but working to contain and protect sensitive business information, effectively providing employees the access to information that they want and need to access in a safe and secure manner
As part of this process, Data Leakage Protection (DLP) technology like what Microsoft recently released in their Azure Rights Management enforces data encryption policies on content tied to user Active Directory accounts so that instead of the organization chasing devices, the organization merely protects the data content. That way content can be stored on any of a number of managed or unmanaged devices, uploaded to public cloud file storage systems (ie: Box, DropBox, OneDrive, etc) yet maintain encryption based on policies. If the employee leaves the organization, any information sitiing on devices or file storage systems is inaccessible to the former employee because their Active Directory credentials used to decrypt the content is no longer valid. This is a major shift away from device management and heavy handed device management, to data management and employee enablement strategies being undertaken by enterprises.
Single Sign-on / Identity: Seems that as organizations are extending their applications beyond their traditional datacenters to include cloud properties like Box.net, Salesforce.com, Office 365, Workday, etc, that there's more and more of a need to integrate the traditional authoratative Active Directory to applications both on-premise and in the cloud. The authentication process can be integrated with something as simple (and free) as Microsoft's Active Directory Federation Service (ADFS), or organizations may choose to create a Web-portal access to applications or direct application access integrating Okta, Ping, or OneLogin.
The overall goal is one that provides a single use identity so that if an employee is terminated and their Active Directory credentials are disabled or removed, that the former employee no longer has access to other integrated applications and the associated data with those applications.
Sign up for CIO Asia eNewsletters.