Key Requirements of Enterprise Mobility Management Solutions



Similar documents
Implement Mobile Device Management to Deploy HCSS Mobile Apps

MDM and beyond: Rethinking mobile security in a BYOD world

Choosing an MDM Platform

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

Solve BYOD with! Workspace as a Service!

What We Do: Simplify Enterprise Mobility

CHOOSING AN MDM PLATFORM

When enterprise mobility strategies are discussed, security is usually one of the first topics

AirWatch Pricing EUR. Effective May 15 th, 2013 Expires September 30 th, 2013

Mobile App Containers: Product Or Feature?

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Kony Mobile Application Management (MAM)

MAM - Mobile Application Management

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

How To Support Bring Your Own Device (Byod)

Enabling a Mobile Enterprise. Mark Holobach Senior Systems Engineer Citrix Mobility

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Jack Madden. Edition. Everything you need to know about MDM, MAM, & BYOD. Now with over 25 acronyms! This book has been provided compliments of

PULSE APPCONNECT. A Micro VPN That Allows Specific Applications on Mobile Devices to Independently Leverage the Connect Secure Gateway.

Brief History of Enterprise Mobility. Existing Stuff

Roadmap to Solving Enterprise Mobility

BYOD How-To Guide. Securely deliver business applications and data to BYOD using Workspace as a Service

Enterprise Mobility Management

Symantec Mobile Management Suite

Cisco Mobile Collaboration Management Service

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

Total Enterprise Mobility

Five Steps to Android Readiness

Securing Office 365 with MobileIron

Comprehensive Enterprise Mobile Management for ios 8

Welcome! Thank you! mobco about mobile samsung about devices mobileiron about mobile IT accellion on mobile documents hands-on devices and race karts

How To Manage A Mobile Device Management (Mdm) Solution

The top five enterprise mobility management vendors: product focus and financials

E-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Enterprise Mobility Security Solution. Date: 20 th November 2014 Presented By: Ng Yaw Choo Product Management Security & End User Computing

White Paper. The Value Add of Citrix Enterprise Mobility Management over App Configuration for the Enterprise. citrix.com

How To Protect Your Mobile Device From Attack

BYOD Guidance: BlackBerry Secure Work Space

How To Secure Your Mobile Device

Vodafone Total Managed Mobility

IT Resource Management & Mobile Data Protection vs. User Empowerment

The User is Evolving. July 12, 2011

ShareFile for enterprises

IT Self Service and BYOD Markku A Suistola

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

Mobile Security: Threats and Countermeasures

White Paper. Securing Mobile Applications and Data with Citrix XenMobile EMM. citrix.com

Sophos Mobile Control

Citrix Enterprise Mobility Management Solutions

The fastest, most secure path to mobile employee productivity

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

Five Best Practices for Secure Enterprise Content Mobility

Storage Made Easy. Cloud File Server Overview

Mobile First Government

IT Resource Management vs. User Empowerment

The Maximum Security Marriage:

ios Enterprise Deployment Overview

mobilecho: 5-Step Deployment Plan for Mobile File Management

AirWatch Solution Overview

Introduction to the Mobile Access Gateway

A guide to enterprise mobile device management.

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags)

BENEFITS OF MOBILE DEVICE MANAGEMENT

Windows Phone 8.1 in the Enterprise

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Ensuring the security of your mobile business intelligence

MobileIron. Hendrik Van De Velde Exclusive Mobile Eco-system

Okta Mobility Management

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

JUNOS PULSE APPCONNECT

Enterprise Mobility Management Smackdown

Secure, Centralized, Simple

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

Securing Mobile Apps in a BYOD World

Transcription:

Key Requirements of Enterprise Mobility Management Solutions By Jack Madden, BrianMadden.com Contents Introduction. 1 Understanding the EMM World. 1 Critical EMM Capabilities. 3 A Note about BYOD. 8 Conclusion: Where s the EMM Space Headed?. 8 About the Author. 8 Brought to you compliments of Introduction The enterprise mobility management (EMM) space has evolved rapidly during the past few years, and mobility has become a critical area for IT. This white paper will discuss some of the key requirements for EMM solutions. Because many of these concepts are so new, I ll start by setting a baseline for the conversation. From there, I ll go into several features and concepts in more detail, and cover why they re important and how different vendors approach them. Understanding the EMM World Enterprise mobility management used to be easy: It was just phones, with BlackBerrys being managed through the vertically integrated BlackBerry Enterprise Server. But then iphones and Android devices came along, and they were difficult or impossible to manage. All this changed in 2010 with the introduction of over-the-air configuration profiles for ios and the Device Administration API for Android. Modern mobile device management (MDM) had arrived, and finally these new devices could be locked down just like any other corporate asset. 2013 AppSense 2013 AppSense

Did this new MDM solve all the problems with iphones and Android? No way! Thanks to the consumerization of IT, users today have a totally different relationship with their mobile devices than they did with their old BlackBerrys. The old style of management no longer works. Today, we have to accommodate users desire to do both work and personal tasks on a single device. The term I use to refer to this is dual persona. Unfortunately, mobile devices aren t so good at dealing with this. Apple s ios and the Android platform were designed to allow apps to easily share certain types data with one another and, of course, sharing is really just leaking when the data is corporate. The only way that MDM can prevent this is if the devices are locked down so much that there are no personal apps that could possibly leak corporate data. But, like I mentioned, that s not going to be acceptable to users. The other problem is that users want to do real work on their devices these days, and really the only app that MDM can deliver is email. One of the first ways proposed to solve these problems was using remote Windows desktops. Users could access all of their existing applications, and all that corporate data was safely isolated. But while this technically worked, the experience was terrible, prompting users to just go around IT and figure out how to do work on their own. (This was bad.) Web apps and virtualized mobile operating systems are other possible mobility solutions, but these have fundamental flaws, too. The most promising way to deal with dual persona and enable enterprise access is mobile app management (MAM). Many of the management concepts for MAM are quite similar to MDM you just apply policies at a more granular level (on individual apps instead of the whole device). The added benefit is that now you can also control how apps interact with one another. So remember all that data sharing that was so bad? With third-party MAM, you can build apps that share data only in the ways that you want them to now you can keep personal apps from accessing and leaking corporate data. The difficult part is that with most third-party MAM solutions you can t just manage any random app from a public app store. Instead, apps have to be specially created or modified to work with the specific MAM platform you choose. More recently, ios 7 and certain specialized versions of Android have been introducing some new options for platform-enabled MAM. In these cases, certain granular management features are available directly through the operating system. We ll look more at both third-party and platform-enabled MAM later on. Today, many EMM solutions include both MDM and MAM, have a variety of ways to obtain compatible apps, incorporate mobile file syncing, and can be incorporated into larger enterprise application delivery and systems management tools. One final note before we dig into individual EMM components: At BrianMadden.com, sometimes people ask us, Why are you writing so many articles about iphones? We just deal with delivering Windows applications. That may be fine for now, but the reality is users want to work from non-windows platforms. Without a doubt, the future of delivering work to users means dealing with native mobile apps. The time to learn how to manage mobile apps, data and devices is now. 2

Critical EMM Capabilities The rest of this paper is going to go down a list of important EMM topics and features, including: MDM capabilities MAM capabilities Third-party MAM Platform-enabled MAM Email security Secure file sync and share Combining MDM and MAM Desktop management integration User experience Deployment and licensing As we go through these details, I m going to mention a few particular tools when relevant, including AirWatch, AppSense MobileNow, Citrix XenMobile, Good Technology and MobileIron. MDM Capabilities When it comes to actual device-level management options, many vendors offer very similar capabilities, as they re all limited by the application programming interfaces (APIs) provided by mobile OSes. Some of the basic MDM checkboxes are encryption, password policy enforcement and remote wiping. Beyond these, there are many other options for configuring various settings like email, Wi-Fi and virtual private networks (VPNs), and even installing apps. Apart from support for ios and Android, vendors differentiate themselves through their level of support for other OSes and the custom management APIs that device manufacturers sometimes add to Android. Samsung SAFE is one example of a custom Android API; AirWatch, AppSense, Citrix and MobileIron all provide support for it. Windows Phone 8 support is slightly less widespread, offered by just AirWatch, Citrix and MobileIron. MAM Capabilities MAM features are typically similar to MDM for example, encryption, password policies and remote wiping except they re applied to individual apps, instead of the whole device. Controls over how apps share data with other apps (both corporate and personal) are especially important as well. There are other areas where MAM solutions differ more, such as modifying policies after apps are deployed, per-app VPNs and different encryption techniques (for data at rest, in motion and in memory). It can be somewhat difficult to compare all of the MAM capabilities of different vendors. With third-party MAM, each vendor is essentially building their own complete solution from the ground up, and there are no standard APIs, like there are with MDM. The result is that while 3

feature lists may look the same, the execution can vary widely (even for apps that are designed to work with the same MAM platform). Sorting out all the differences is a huge task that s beyond our scope here. Third-party MAM Third-party MAM involves creating or modifying apps so that management features are incorporated directly into the apps themselves. There are several different ways to acquire apps that are compatible with third-party MAM: In-house enterprise apps or custom-built apps can be built to work with a specific MAM platform. MAM vendors can provide their own versions of apps. App wrapping can be used to modify pre-existing apps. MAM vendors and independent software vendors (ISVs) can partner to make MAM-compatible apps available in public app stores. It s also important to know that there are no standard APIs for third-party MAM, so an app can be managed only by the specific vendors management products for which it was intended. In-house apps: No matter what technique is used, if you re developing an in-house app (or having someone build it for you), it should be no problem to make sure it s compatible with your MAM platform. Some vendors provide a software development kit (SDK), while others contend that it s easier to use app wrapping, as there s less of a burden on the developer. Sometimes there can be differences between the capabilities of an SDK and app wrapping, even when they come from the same vendor. Again, this is a place where you really have to take a close look at each individual solution. Who offers what? AirWatch, Citrix, Good Technology and MobileIron all offer app wrapping and SDKs. AppSense is unique, however, as it s going all-in for app wrapping only. Apps from MAM vendors: MAM vendors usually offer a few basic apps on their own. This can be a double-edged sword, though. While it can be a good opportunity to show off and value-add with extra features, it can be risky. Since users might have to use these apps on a daily basis, they re subject to intense scrutiny. Sometimes it s safer for vendors to pass that scrutiny on to partner apps instead of subjecting their own apps to it. As a result, there are significant variations in what apps vendors offer (though they all offer at least a basic MDM agent app). AirWatch offers an MDM agent/app catalogue app, a content management/file syncing client, a secure browser and an email client. AppSense offers an MDM agent/app catalog app, an attachment viewer app and a file syncing client. Citrix offers an MDM agent/app catalog app, a remote desktop client, an email client, a secure browser and a file syncing client. 4

Good Technology offers an MDM agent/email/browser/app catalog app, an instant messaging app and a file syncing app. MobileIron provides an MDM agent/file syncing/attachment viewer app and a secure browser. App wrapping for pre-existing apps: When the EMM industry first started talking about app wrapping, there was an idea floating around that corporate IT departments could obtain app binaries directly from ISVs, modify them with app wrapping tools and distribute them internally as enterprise-signed apps. There are a lot of questions around this, though. How willing are ISVs to give out copies of their apps? And if the apps are already in public app stores, do app store rules even allow this? Clearly there are many unresolved issues. A better approach is for ISVs and MAM vendors to create apps through partnerships. Read on for this. Partner apps in public stores: The emerging trend in MAM-compatible apps is for MAM vendors to create partnerships with ISVs. The ISVs incorporate the MAM SDK or use an app wrapping tool, and the resulting apps are then distributed in public app stores. Sometimes there s a special MAM Edition of an app, while in other cases, the MAM functionality lies dormant until activated in the regular version of an app. But there are still issues here, too. Remember that MAM protocols are different for every vendor. That could mean that if an ISV wants its app to work with multiple MAM solutions, then they have to create multiple editions of the app. But the word is that Apple doesn t really like this (yet, typical of Apple, they haven t given much clear guidance). It could be feasible for a single version of an app to incorporate MAM hooks from multiple developers, but this can get pretty complicated, too. There are several MAM vendors that are building competing ecosystems apps: Good Technology was one of the first MAM ecosystems; it currently has more than 35 partner apps. Citrix s program has more than 25 apps live, with more than 50 soon to be verified. MobileIron has 15 partner apps, and another 30 coming soon. AppSense has 22 partner apps, with more on the way. Platform-enabled MAM Apple s ios 7 offers several MAM features built directly into the operating system. The primary advantage is that now any app can be managed, not just specific MAM-compatible apps. The MAM features are controlled through the same MDM protocol that s used to manage the device itself, so there s no way to do MAM alone (unlike third-party MAM, which can be deployed without using MDM). Currently, ios 7 offers fewer MAM features than are offered by third-party MAM vendors, but in many cases the basic features may be adequate. 5

Because ios 7 MAM uses the existing MDM protocol, these capabilities will be available to all vendors that support MDM. Vendors simply have to update their platforms to interface with the new APIs in available in ios 7. Email Security The technique chosen to secure email will have a large impact on user experience for EMM deployments. Why? First of all, email is still the killer app for most users. But remember that mobile devices, despite their sandboxed architecture, can easily share certain types of data between apps. When email is synced to the built-in client for ios or Android, any other app on the device can easily access the contacts, calendar items and attachments. The potential for leaking data is obvious. As we know, MDM isn t that great at keeping users personal apps from accessing all that data. The only possible solution with MDM is to blacklist apps that are deemed dangerous. (And this is pretty difficult, too. The actual mechanics of blacklisting using MDM aren t very smooth, and how are you supposed to know which apps are bad? One person s malware is another person s favorite app!) The logical alternative is to use a third-party email client, so you can seal in all the corporate data and keep it away from users personal apps. (This technique has been around for years for devices that don t support device-level management policies.) The problem with third-party email clients is that the user experience can be pretty bad compared with the built-in clients. Good Technology, Citrix and AirWatch all offer their own email clients, and all MAM vendors can integrate email clients from various partners. As with any MAM versions of apps, third-party email clients face intense scrutiny from users. Many EMM vendors simply choose to not take the potential hit of putting their name on an app that has inherent limitations, and instead recommend apps from partners ISVs. There is a middle ground for the email problem: You can intercept and encrypt attachments before they re delivered to the device so that only corporate-managed apps can open them. While attachments are protected, contacts, calendars and email text are still at risk (and need to be protected with device-level policies), but this is an acceptable tradeoff for many organizations. AirWatch, AppSense, Citrix and MobileIron all offer this attachment encryption technique. ios 7 also offers the ability to protect email attachments. It s possible to restrict the Open in functionality, so that attachments from managed email accounts can be opened with only managed apps, and not users personal apps. Secure File Sync and Share Since mobile devices don t offer any built-in way to browse enterprise file shares, mobile file syncing solutions are a critical part of any EMM deployment. Ideally, these can be plugged directly into existing on-premises storage, so there s no need to reformat any storage or move 6

anything to the cloud. On the client side, just about all enterprise-grade mobile file syncing solutions have plenty of policies for passwords, encryption, sharing, caching, off-line use and remote wiping. AirWatch s file syncing solution can connect to existing on-premises file servers, SharePoint, network drives, or AirWatch s cloud service. The solution also includes desktop syncing, and the mobile client app will soon include document editing. AppSense DataNow can connect to on-premises SharePoint, file servers, WebDAV servers and commodity cloud storage. It does full desktop file syncing, as well. Citrix ShareFile can connect to on-premises file servers and SharePoint, as well as a proprietary cloud service. Desktop syncing is offered as well. Some editions offer the ability to edit documents directly in the mobile file sync client. Good Technology provides online content management and can be connected to SharePoint, file servers and desktops. MobileIron provides access to email attachments and SharePoint. Combining MDM and MAM In the past, MDM and MAM vendors sometimes fought for mind share of how to approach mobility. Fortunately, today most EMM vendors offer both MDM and MAM, and there are many ways to combine these technologies as needed. Desktop Management Integration After MDM, MAM, apps and file sync capabilities, one of the significant differentiators among EMM vendors is how well their solutions can be integrated with other enterprise systems. Just about every EMM solution can integrate with Microsoft Active Directory, and there are many products that integrate MDM with System Center Configuration Manager. However, one of the more interesting directions for some EMM vendors is integration with other end-user application management systems, enabling what s called workspace aggregation. These products can enable the management of desktop, Web and mobile applications; data; and devices (when necessary), all from a single unified system. This is a case where vendors that already have desktop-related products have a clear advantage over the mobile-only vendors. AppSense and Citrix are both clearly headed in the direction of providing workspace aggregation products. This will be an interesting space to watch. User Experience The end-user experience will ultimately depend on which apps are offered by IT and how and when MDM policies are used. One of the best options is to give users a choice between different email techniques. Some might prefer to have work and email be just an app (or a few apps) and keep the rest of their device unmanaged, while others might be willing to let IT manage their devices in return for a native email experience. 7

Deployment and Licensing A key consideration for many companies evaluating EMM is the method of deployment on-premises or cloud. Cloud offerings are certainly easier to get up and running, but the security posture of some organizations absolutely requires an on-premises solution. Most EMM vendors offer both, though on-premises offerings will vary widely between simple drop-in virtual appliances and extensive, multicomponent requirements. Good Technology does not offer a cloud deployment option, and traffic must be routed through its network operations center. Citrix requires on-premises components (including a NetScaler appliance) to do MAM. Licensing is another key issue. Users will invariably want to use multiple devices a personal tablet in addition to a corporate phone, for example and a per-user licensing model can accommodate this better than a per-device model. A Note about BYOD You ll notice that I haven t talked about the bring-your-own-device trend in this paper. While it s certainly an important consideration for any EMM deployment, all the technical details covered here apply equally to corporate and personal devices. After all, an iphone is an iphone no matter who bought it. Conclusion: Where s the EMM space headed? As more users want to do real work from mobile devices, enterprise mobility management is becoming a critical area to address. Apple s ios 7 has brought additional management options, and, at the same time, third-party MAM ecosystems continue to expand. While preferred management techniques may shift over time, EMM will continue to be important. About the Author Jack Madden writes about everything related to enterprise mobility management at BrianMadden.com. He was the editor of ConsumerizeIT.com and has contributed to SearchVirtualDesktop.com. Madden is the co-creator of the Consumerization Nation podcast, and has spoken at BriForum, Citrix Synergy and other events throughout the U.S. and Europe. He also co-authored the book The VDI Delusion, and is the author of Enterprise Mobility Management: Everything you need to know about MDM, MAM, & BYOD. To contact Jack Madden: Email: jmadden@techtarget.com Twitter: @JackMadden Brought to you compliments of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information