Enterprise IT departments have always had to juggle legacy infrastructure with innovative technology. According to one Gartner analyst, however, the move from PC-based computing to mobile devices may actually makes IT’s job easier.

Flash back to the year 1999. For most in the enterprise workplace, the “endpoint” of choice was a PC desktop computer outfitted with Microsoft Windows. “Enterprise mobility” meant you could access your email, calendar, and (if you were lucky) contacts on your not-so-smart flip phone. Office Space, anyone?

In 1999, if you had told people about the significant decline of Windows, they might not believe you. According to Gartner senior analyst Terrence Cosgrove, in 2015 only 35% of applications require Windows, compared to over 90% in 1996. And it wasn’t because Linux or Macintosh took over. Behold: the rise of smartphones and browser-based or OS-neutral applications.

To bring this into context: Today there is a 1:20 applications-to-user ratio versus 1:2,000 in the PC era. That is, corporate end users have an ever-widening application diversity.

That’s great for end users. But it causes new challenges for IT.

Every IT organization has to juggle its legacy PC environment with the new classes of mobile devices. By straddling two eras while addressing device security, explains Cosgrove, these IT teams expose themselves to inconsistent security and complexity, and an increasing and alarming risk of data breach and information leakage.

A strong crux of the dilemma of how to protect endpoints is the notion of trust, said Cosgrove in his talk, “The Future of Endpoint Management,” at last year’s Gartner Data Center conference.

In the PC era, trust meant “locking down” the desktop; a central IT management structure was in control. In the mobile app-centric world, conversely, IT must learn how to manage “when all endpoint devices are inherently untrusted,” said Cosgrove. As he explained, in many cases devices are owned by the employee or the mobile apps are self-provisioned by the employee as a right of ownership. With the rise of smartphones and tablets, this business change shifted endpoint management to today’s persona-based approach, with containerized protection as the primary scheme.

According to Cosgrove, the next wave of mobile device management will be built for an environment of distributed apps based on contextual trust. In the new world, he posited, IT manages the access to apps, devices, and files based on context: by user, by geography, by type, across desktops and mobile devices.

It may be that endpoint security in a highly diversified app environment may be easier than it was in the PC era. With smartphones and tablets, there is less control by management. Yet vulnerabilities can be contained to an app, a smaller field of damage; you remove the rogue app without exposing your underlying network. Devices and apps are then separate and independent from the IT plumbing and management, Cosgrove said.

This shift challenges IT’s current people, processes, and technologies, which today are characterized by app package installs, large-scale software rollouts, and patches. According to Cosgrove, the future will include even more unplanned app updates, OS releases, device types, and he expects IT to rely more on certifications and file- and app-based permissions. Understanding this transition to “contextual trust” for endpoints allows IT departments to ready themselves for the convergence of desktop and mobile device management in the digital business world.

For more insights on the future of endpoint management, follow Terry Cosgrove on Twitter.

For more on this topic, see the IDC Report 2015 Trend Report: Why CIOs Should Rethink Endpoint Data Protection in the Age of Mobility.