Creating a system that works

A learning curve

When we first started out, we manually inventoried our devices and installed updates on each device. For a start-up, that's not exactly an issue. But what happens when you have 1,000 employees? 5,000? A traditional inventory system is time-consuming and labor-intensive. As our organization grew, there were too many devices and not enough people to handle them. We decided to switch to a unified system before things got out of hand. Having an effective plan helps you save time and money. Zoho Corp's Sysadmin team handles internal processes from employee onboarding to software updates efficiently. Being able to do all those things (and more) in a uniform manner helps reduce redundant tasks. The administrative team can then focus on other important incidents.

Each device has to go through a number of teams before approval, including:

Help desk:

Monitors requests raised by employees, conducts asset availability checks to issue devices, and periodically updates records


Ensures device compliance with organizational and international security policies


Conducts performance evaluations, hardware selection, cost and vendor analysis, and vendor purchase negotiations

Pit stop:

Installs the latest security updates on devices before handover to the Sysadmin team

Device request management workflow
Device life cycle management

An umbrella approach

Mobile device management - Umbrella approach

UEM encompasses a broader aspect of device management where instead of just addressing the mobile device, it caters to any endpoint, like laptops, desktops, servers, phones, and single-purpose devices like displays. It might sound complicated, but really it’s just a combination of EMM and preexisting client management tools. UEM wasn’t really a thing until 2018, when tech research giant Gartner released its first-ever Magic Quadrant for UEM. Gartner evaluated popular UEM vendors based on their EMM capabilities.

UEM has been in place at ManageEngine for two years now. If you’ve spent time researching UEM, you’ve come across the phrase a “bird’seye view” on every blog, website, and product description—and rightly so! UEM allows you to manage, control, configure, and monitor macOS, Android, iOS, Windows, and Linux devices from one console. This single-handed approach towards application management, device management, data security, and compliance is perfect for organizations with a constantly growing number of endpoints. It offers a number of benefits, including enhanced visibility over network devices with end-user support, improved SLA resolution time, and boosted productivity when integrated with ITSM tools.

In July 2018, only 11 percent of organizations adopted UEM. By November, that number had jumped to 18 percent, and by April 2019, it reached 25 percent. That means over the course of nine months, UEM adoption in the enterprise more than doubled!

UEM is a boon if your company has legacy apps. It acts as a bridge between modern and legacy management, encouraging technological diversity. A big drawback when you rely solely on EMM is organizational fragmentation. UEM overcomes that drawback and provides administrative privileges control.

By the time we had a full-fledged endpoint management system, we learned what worked best for us. After multiple rounds of revisions, testing, and additions, we had a large-scale application that could handle a significant number of devices and scale up as needed. Our UEM tool is now one of the biggest players in the market. From the business point of view, UEM turned out to be the major requirement for evaluators, customers, and analysts alike. We are capable of managing multiple connections to mobile devices, IoT devices, and desktops from a single platform through APIs on desktop and mobile operating systems. Clients are more than happy to invest in a plan that has been tested in-house with over 9,000 employees.

Behind the scenes

What is data security without laws? Rightfully, each country has its set of rules and regulations, protecting citizens' personal information. From Singapore's PDPA to California's CCPA, maneuvering through these laws can be tricky. While the PDPA is regarded as relatively business-friendly, there's one mega law dictating the rules of the game worldwide: the GDPR. This is one of the strictest laws of data protection and privacy that a company must abide by. Although it's an EU mandate, the GDPR impacts most organizations worldwide. Regardless of whether your company deals with clients or employees in the EU or not, it's advised to be proactive and be compliant with their laws. If you have to take on employees or customers from the EU tomorrow, you shouldn't have to make drastic changes to company policies last minute. A PwC survey showed that 92 percent of US companies consider the GDPR a top data protection priority.

GDPR compliance

In our book A CIO’s guide to rethinking compliance, we discussed Zoho’s approach to tackling the GDPR.

Some of the changes we have made include:

  • Standardized policies and procedures for all operations.
  • Increased audits to ensure compliance.
  • Data protection impact assessments: Privacy reviews for new products and processes.
  • Internal data protection scores to monitor teams and their data practices.
  • Privacy awareness sessions for all employees.
GDPR comic / cartoon

Following x number of principles is not a one-time change. It takes weeks to implement and requires consistent monitoring. The GDPR might seem like an inconvenience, but it pushes organizations to the understanding that the data they collect is not just a random collection of words and numbers—it is sensitive information belonging to real people. Not treating that information with the utmost care and privacy can result in an equally real threat. As a company, ManageEngine has always taken privacy very seriously. To further demonstrate our continuing commitment to privacy, we extended the GDPR data usage rights to users worldwide.

GDPR - Pillars of security

Time and tide crime wait for none

Non-compliance can lead to hefty fines. In the first half of 2020, European supervisory authorities issued at least 114 administrative fines totaling over €50 million. In 2019, Google made headlines when it was slapped with a whopping €50 million fine in France for insufficient transparency, control, and consent over the processing of personal data. That wasn't the tech giant's last negative encounter with the GDPR. In 2020, it was fined (twice!) for violating EU citizens' right to be forgotten.



Severe violation

Infringements of articles:

  • 5 (data processing principles)
  • 6 (lawfulness of processing)
  • 7 (conditions for consent)
  • 9 (processing of special categories of data)
  • 12 – 22 (data subjects’ rights)
  • 44 – 49 (data transfers to third countries or international organizations)

Fine up to €20 million or, in the case of an undertaking, up to four percent of the total global turnover of the preceding fiscal year, whichever is higher

Less severe violations

Infringements of articles:

  • 8 (conditions for children’s consent)
  • 11 (processing that doesn’t require identification)
  • 25 – 39 (general obligations of processors and controllers)
  • 42 (certification)
  • 43 (certification bodies)

Fine of up to €10 million or, in the case of an undertaking, up to two percent of the entire global turnover of the preceding fiscal year, whichever is higher

Likely infringement

  • Warning notice
  • Temporary or permanent ban on data processing
  • Data protection inspections directed by the EU commission

Get fresh content in your inbox

By clicking 'keep me in the loop', you agree to processing of personal data according to the Privacy Policy.