The Vision of DevOps for Devices, Part 2: Drift Management and Remediation

Sudhir Reddy
Try Esper for Free
Learn about Esper mobile device management software for Android and iOS

In the first post of our DevOps for Devices series, we talked about using Esper Blueprints to manage by exception. But that’s just the first step to a unified, systematic approach to optimizing your company hardware. In this post, we’ll focus on the next phase of managing by exception: drift management and automated remediation. 

Those two go together like peanut butter and jelly. Sure, they’re both great on their own. But when you combine them, you get something truly extraordinary!

What is Drift? 

Let’s start with a couple of quick definitions.

When you configure a device precisely how you want it to be, that’s called the desired state — it’s an all encompassing term that covers applications and versions, screen configurations, security settings, and everything in between. It’s precisely how you want your device to be set up and function. With Esper, you encode your desired state into an artifact called a blueprint.

Now, when the device deviates from this desired state — whether it's a small change in volume or a severe change, such as improper application configuration or connection to an unauthorized Wi-Fi point, we call that drift.

There are various reasons why a device can drift from its desired state — software updates, a malicious actor tampering with a device, or an application causing an undesired change on the device are just a few examples. While some of these changes introduce mere inconveniences, others can dramatically affect security settings, the end user’s experience, or business operations (think a broken point of sale, health monitoring device, or an ATM)! That is anywhere from “yuck”  to “that's a serious incident — wake everyone up!!!”

Fortunately, there’s a solution here, too — converging is the act of bringing a device that is in drift back to its desired state.

Now, let's see why good drift detection and remediation are crucial to enforcing critical policies. 

A Glimpse Into the Future of Drift Detection and Automated Remediation

Imagine a tool that constantly monitors your fleet, detects every tiny change on each device, determines if the device has drifted from its desired state (while ignoring things you don't consider meaningful changes), and alerts you when the device is indeed in drift. 

Now, that is what you need in your tool chest! Without such a tool, policy enforcement and managing device fleets becomes a laborious and manual effort. Detecting drift isn’t something you should do passively, but rather have it be part of your overall fleet management strategy. The absence of this only makes managing by exception a manual hunt-and-seek effort.

But wait! We can take this a step further. We can remediate this drift!

    Let’s say you have a device fleet with 200 tablets. They’re spread out across various locations and have different purposes. But each location has a specific desired state, and drifting from that state hurts the business, breaks security compliance, or both. With a manual drift management strategy, you might get notified if any of those devices are in drift. You sign on to your device management platform, click a converge button, and bring it back to the desired state. The day is saved!

However, if good drift management relies on notifications and reactive solutions, better drift management is automated and proactive. That’s exactly what automated remediation is about — it removes all the manual elements associated with drift management, virtually eliminating the need for manual oversight. That’s next-level managing by exception! That's having your desired state cake and eating it too!

Sticking with our example above, now imagine if everything after the notification just automagically happened! The system detects a device went into drift, and then applies the correct desired state to bring it back up to snuff. You wake up from a good night’s sleep and see a notification from your robot friend letting you know, “Howdy! I noticed things were broken, but I fixed them according to your specifications. Here are all the details. And … You’re welcome” Bam!!! Day saved! Now, you can worry about that new project that's been sitting for a while. 

Keep in mind that this isn't where the industry is as a whole right now, but it's the direction we're going in. But these aren't theoretical examples, either — this is practical, tangible, and in the features are in the works right now.

Let's Bring All This Together

Drift remediation is necessary — not a luxury — as you scale. The more devices you have, the harder it is to keep them all aligned with their desired state(s). Drift detection and remediation fixes that. Period. 

    In the above scenario, you “only” have 200 devices to manage. But what happens when that number starts to grow? When you have 2000, 20,000, or more devices to manage? A reliable, repeatable, scalable drift management strategy is critical.

Consider the security implications here. The longer a device is in drift, the more of a security risk it becomes. And the more devices you have to manage, the higher the odds are that a device stays in drift longer than it should. In the future, automated remediation will fix problems almost in real-time, these threats are suddenly nullified before they can even become threats. Until then, dependable drift detection is a great start!

Additionally, what happens if your security settings, application versions, or user experiences change? The best thing about an integrated desired state, drift management, and remediation solution is that all you have to do is update the desired state! The tool enforces that new state and automatically converges your entire fleet to the new desired state!

In my previous article, I said, “Set it and forget it.” Now, it's also “update it and forget it!” — in a single operation!

Enabling Managing by Exception Across Device Fleets of All Sizes 

As your device fleet scales and needs change, the importance of drift monitoring ensures security, compliance, and operational efficiency. It simplifies device management strategies, allowing teams to maintain control over assets in a streamlined manner, meaning they have more time to focus on strategic initiatives instead of being loaded with repetitive management duties (or worse, putting out fires). 

This is yet another foundational example of managing by exception. I wouldn’t go as far as saying your fleet can manage itself (we’ll get there soon), but advanced drift management tools really make it feel that way. 

The good news is that, with Esper, you can already do most of this! We continue to evolve our platform to achieve this vision. 

Exciting times! Join me on this journey! Let's get that fleet management streamlined!

Continuous Delivery and Automation at the Edge

Predictable, repeatable software deployment to edge devices is possible, and we have the solution. Read Sudhir's next post on continuous deployment and automation.

Read the Article


No items found.
No items found.
Sudhir Reddy
Sudhir Reddy

Sudhir is Esper's Chief Technology Officer. He's a hands-on technologist that brings a unique blend of business acumen, product innovation, development of large-scale DevOps platforms, and execution capabilities to Esper.

Sudhir Reddy
Learn about Esper mobile device management software for Android and iOS
Featured resource
Read more
Featured resource

Esper is Modern Device Management

For tablets, smartphones, kiosks, point of sale, IoT, and other business-critical edge devices.
MDM Software
Kiosk mode icon as a feature in mobile device management software

Kiosk mode

Hardened device lockdown for all devices (not just kiosks)
App management icon as a feature in mobile device management software

App management

Google Play, Apple App Store, private apps, or a mix of all three
Devices groups icon as a feature in mobile device management software

Device groups

Manage devices individually, in user-defined groups, or all at once
Remote tools icon as a feature in mobile device management software

Remote tools

Monitor, troubleshoot, and update devices without leaving your desk
Touchless provisioning as a feature in mobile device management software

Touchless provisioning

Turn it on and walk away — let your devices provision themselves
Reporting and alerts as a feature in mobile device management software

Reporting and alerts

Custom reports and granular device alerts for managing by exception