With a zillion different gadgets—and even more accounts—required for knowledge workers, it's a full-time job (and then some) to manage it all. But if you don't wrangle it all effectively, you run the risk of security issues—not to mention inefficiencies.
John Tian, co-founder of Mobitrix, and Alma Madsen, CTO of Workona, supervise team accounts and devices every day. I consulted them on the subject, and here were the tools they said everyone needs for account and device management.
First, assign devices
The types and number of devices and accounts you'll provide to employees will depend on your security needs and the nature of your work. You'll almost always want to assign a computer, but things like extra monitors, headsets, microphones, webcams, trackpads, and the like will be completely up to you. Some companies also assign smartphones.
And don't be afraid to get super-specific. John offered a whole slew of ideas for devices to assign, from interactive flat panel displays (IFPDs) and graphics cards to pointing sticks and light pens. Use your discretion: tracking every tablet stylus might keep you accountable if your team loses them often, but it's overkill for other workplaces.
If security is your primary motivation behind assigning devices, consider where you keep your company's data. Alma's team at Workona has pretty light requirements for assigning devices due to their reliance on cloud software.
"We're a small company that relies heavily (almost primarily) on cloud software and services. As such, there is very little sensitive data on our employee devices save for IP," Alma says. For that reason, Workona assigns only laptops and asks employees to register them with an endpoint security tool (more on that later).
Then, set up processes for installing software
When you have team members working on your hardware, establishing protocols for software setup will save you time and confusion. John offered two strategies to get your employees set up with the right software:
Provide installation links. When you onboard a new employee, provide them with all the installation links and software keys they need to set up. This approach primes the employee for regular updates in the future, but it can also lead to more back-and-forth with IT.
Install everything in advance. Set up all your software on a device before giving it to an employee. This strategy minimizes user error, but your team members might not know all the apps they have on their computers to update.
Since managing software is an ongoing process, you might end up using a combination of both strategies. You could provide employees with devices that already have software, then provide links any time they need to update or add a new app.
The 7 tools you need for device and account management
Device and account management are anything but simple. But if you have the right tools in place, you can let the robots sweat the small stuff while you think about big picture IT management.
1. Workplace administration software
You could use a trusty spreadsheet to track all your assigned devices, but there's also dedicated software for this purpose.
John suggests using Google Workspace Admin to manage computers and smartphones. "You sign up for enterprise management services, source the devices, enroll the devices, set device management policies, set app policies, and optionally set access control," he explains.
2. IT asset management software
You can also set up dedicated IT asset management software. These programs create an inventory of IT assets like devices and track their maintenance needs. Some popular apps in the category are SolarWinds, Reftab, and EZOfficeInventory.
Add new users in BambooHR as users in EZOfficeInventory
Add new assets created in SolarWinds Service Desk to Reftab
Zapier is a no-code automation tool that lets you connect your apps into automated workflows, so that every person and every business can move forward at growth speed. Learn more about how it works.
3. Enterprise mobility management software
Employee devices can provide some degree of data security risk, even when your team members mean well. Many of us have accidentally pasted our passwords in the group chat. (Me? Never.) Your best bet to protect your data is to integrate security methods into every stage of device ownership.
John and Alma recommended installing enterprise mobility management software, which handles and enforces security policies on mobile devices (and sometimes desktop, too). Popular enterprise mobility management apps include Jamf and Miradore.
Virtual private networks (VPNs) send your data through a private server to add a layer of network protection. They provide extra security when you have employees working outside of your workplace.
5. Endpoint security tools
Once you have your security protocols in place, you can use an endpoint security tool to keep everyone compliant. Alma uses Kolide, which helps everyone at Workona comply with their security measures. It even sends Slack messages instructing individual employees what they need to do to comply.
"Most of my recommendations for securing employee devices come as sensible defaults with Kolide—things like making sure the application firewall is turned on, making sure disk encryption is turned on, requiring a password to access the computer once the screen has been locked, monitoring application installation, browser extension installation, and so on.
Really, the folks over at Kolide have done a great job in this space and made it a real delight for both me as an IT admin and for our employees when they need to make a system change, install an update, and so forth."
6. Password managers
Password managers create strong passwords for your employees and keep them all in one secure place, so you can be sure folks aren't using their pet's name for everything. At Workona, Alma and his colleagues use LastPass, but 1Password is another popular option (we compared them to each other here), and there are lots of other great password managers, depending on your needs.
While you're at it, make sure your employees are all using multi-factor or two-factor authorization (MFA/2FA), which help protect accounts with compromised passwords. You can even set up MFA/2FA from within your password manager.
7. Identity and access management (IAM) software
Identity and access management (IAM) software monitors, enables, revokes, and restricts employee access to company data and accounts. These apps allow you to add employees to different privilege levels with unique access profiles. Examples of IAM apps include Okta and OneLogin.
Some more generalized security apps also have IAM features. Alma uses Tugboat Logic, which is primarily an information security app, but it also has features that function like IAM software.
"We use Tugboat to manage what applications we are using as a company and which employees have access as well as for keeping a central audit trail for access requests, additions, and removals. While Tugboat doesn't automatically provision or de-provision accounts with the services we use, it does provide a central repository or record for our IT team to review application access on a regular basis as well as make sure we are adding and removing employee access appropriately during onboarding and offboarding."
Protect, but don't overstep
As you secure and manage your team members' devices and accounts, stick to strictly necessary protocols. Going overboard with security and account management can overstep boundaries and impact employee trust.