Guest Bloggers - All Comments

re: Citrix CEO Mark Templeton says Citrix is not planning to lead with open MAM standards

Colin Steele — Thu, 23 May 2013 00:01:50 GMT

I don't know if you'd call what XenMobile does MIM. It does limit where information can go, but it does so through policies applied at the app level, not at the information level. For what it's worth, I don't think that distinction is important, as long as the data is protected.

re: Citrix CEO Mark Templeton says Citrix is not planning to lead with open MAM standards

vgernyc — Wed, 22 May 2013 23:32:26 GMT

I couldn't see a few segments of the video as Chrome or the video stream flaked out on me but it seemed that Citrix was going a step further and implementing Mobile Information Management as well by keeping company data within Sharefile and restricting the clipboard, etc? How do BlackBerry and VMware handle MIM?

I'm new to this space but searching for a way to tie various cloud services at my University together.

The more I read and experience first hand, the more it seems the various vendors are against standards or sabotage them in some way just to thumb their nose at their rivals or just carelessness.

In 5 years the cloud wars will die down and everyone will integrate into whoever remains standing. Like Adobe should license their stuff to Google or Microsoft cloud services but still collect a fee for anyone using their premium cloud app addins.

Perhaps Samdroid will take over as the Windows OS of the phone world and we'll finally have a "MAM Standard" finally.

re: Citrix CEO Mark Templeton: "We'll support MAM standards, but..."

Brian Madden — Wed, 22 May 2013 22:04:15 GMT

Oh, and Scott Davis saying that VMware will lead the charge to create open MAM standards? You mean after Mobile Iron said they want to do this and Jack wrote about the idea months ago? I think Scott means that VMware will "join," not "lead."

re: Citrix CEO: We'll support MAM standards, but...

Brian Madden — Wed, 22 May 2013 22:01:11 GMT

It's funny how Templeton talks about how great open is for segments of the industry that they're not #1 in, but here if they think they have a good product, they don't want to be open at all. :(

re: Why hasn't BlackBerry gone all-in for enterprise mobility yet?

Brian Madden — Wed, 22 May 2013 13:57:01 GMT

Man, really good points about the stuff they *could* be doing versus the stuff they are doing. I totally agree that they're trying to be all consumer and sexy, and they will never, ever win that battle. Never. So why not just focus on being the most awesome enterprise platform and let people carry two devices?

The other issue they have on the consumer side is that no matter how sexy their devices are, there just aren't any apps for them. Sure, they have a built in twitter client or whatever, but there are 20 apps I use on a fairly regular basis, and only 2 of those are available on BB10 for me. (I checked!) So for me it's a non-starter, along with many others. (Though I know Jack just got a Z10, so I'm curious to know what he thinks.)

I'm looking forward to your Blackberry super podcast!

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

Sunil Agrawal — Fri, 03 May 2013 18:27:29 GMT

Thanks Shawn for the shout out to Armor5 and great post Harry. Good work Workspot team!

I will like to add that, in addition to everything Harry mentioned that should in a true BYOD solution, Armor5 takes simplicity to the next level.

1. Provides all the functionality without requiring any software install on the device. It's available today for iOS/Android/Blackberry/Amazon Kindle/... where ever you can find a HTML5 browser.

2. Users can view files on Network drives.

3. Editing will be provided irrespective of whether enterprise uses Sharepoint or not, files stored on Network drive or even Box/Dropbox.

4. Can seamlessly move content from Intranet to Cloud providers with complete IT control and visibility.

Feel free to give it a try at http://www.armor5.com/register.

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

Srini Gurrapu — Thu, 02 May 2013 19:30:07 GMT

And one more thing if the world is going back to IPSec for app-to-server or user-to-server secure remote access, then I think all the previous years of building SSL VPNs is a wasted effort. Maybe with IPV6 and/or IPSec combined with more app and L7 traffic intelligence - the latter is hard.

just curios with the back-and-forth on the technology discussions..

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

Srini Gurrapu — Thu, 02 May 2013 19:24:59 GMT

Re: the discussion about IPSec vs SSL VPN, I think we are discussing technology. Most of the apps today are built with http/https as the ubiquitous transport with integrated web sockets and/or html5. IPSec only make sense for UDP centric apps - I am not sure how man of today's apps only work with UDP.

For IPSec only connectivity, I think most people can run the app tunnels without actually doing much - leverage the native IPSec client or use one of the supported VPN clients with app specific Tunnel rules,

Anyways, we should fully support customers leveraging existing technologies and infrastructure and providing a value-add.

It is great to see so many smart people focused on mobile; let us hope for the market adoption..

Srini

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

Shawn Bass — Thu, 02 May 2013 15:41:10 GMT

"We don't know of any solution out there doing a secure app-only tunnel to existing VPNs"

Armor5 is doing this today, though it's arguably not app only tunnels without some additional filtering and such on the VPN ACLs. One cool thing about the Armor5 approach is that they are creating an HTML5 proxy (essentially) so that the data is streamed to the endpoint device but not actually stored on the device (aside from browser cache which can be wiped). This approach is sort of the best of both worlds between display remoting and full document download as you get more instant document viewing without waiting for the whole thing to download. Try pulling a 200MB PDF/PPT down on a traditional solution and you'll wish you had display remoting. Armor5 also has built in document watermarking which can make for some nice ways of knowing who leaked a document, etc.

I have to say I'm a little freaked out about the whole cloud hosting VPN'ing into corp data center model, but the experience is quite good so if you can get over that hump, then it seems compelling. I think between them and Armor5 this new model is shaping up to be yet another model that we'll have to slap a name too. It sort of fits MIM, not not exactly.

Congrats to Amitabh, Puneet and Ty on their official launch. What happens with your old URL now? Decom or is that a parent company name or the corporate/commercial side of the freemium model?

Shawn

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

yesmam — Thu, 02 May 2013 00:50:27 GMT

Brian/Puneet/Jack, try Aruba's Workspace for app-specific IKE/IPSec VPN tunnels to any VPN gateway. Yes, IPSec VPN and not a simple SSL reverse proxy support. They also support each Workspace app going to a different VPN gateway, which nobody supports. And guess what, Apple has already approved their approach, so it's not just for the in-house apps. And, the third-party app support is not based on a code-time SDK.

Here are a few more points to know about the Aruba Workspace, in the context of this discussion:

1. The browser running in their Workspace easily, and automatically, supports all the features that Workspot supports (which is basically running web apps on a secure browser) and more (try intercepting UDP traffic from a secure browser).

2. Easily supports native apps through its app-wrapping technology.

3. Data protection for Workspace apps even on a jailbroken device.

A couple of additional issues with the secure browser approach:

1. Any exploited vulnerability that compromises the browser, compromises the data of all the enterprise apps. But in the case of MAM, only that native app's data is compromised in case of a remote attack. Furthermore, each native app running in the workspace could be locked down by URL/hostname/IP blacklists, or tied down to a whitelist, so the threat could be mitigated.

2. The secure browser solutions do require their customers to upgrade their infrastructure, and of course pay for it, by installing Office Web Apps Server 2013 on-perm for the fancy HTML5 UI.

3. How do you support AD-based user authentication for enterprises that don't want to run an AD-plugin (for communicating with their cloud) on their AD server?

Still can't tell I am a fan of MAM? :)

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

Jack Madden — Wed, 01 May 2013 21:18:59 GMT

@AppDetective I agree email in iOS is a sore spot. Here I was referring to native email apps in general, whether it's Apple's or a 3rd party app. As for the issues with third-party email apps, that's another conversation. (And of course ub\nless apple budges, we have to deal with some sort of compromise no matter what.) For offline editing, I use Google drive every now and then, and I know there are people that swear by Quick Office.

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

Srini Gurrapu — Wed, 01 May 2013 21:02:12 GMT

To me, Workspot looks like Twingo (Secure browser cache) for Mobile. Twingo was acquired by Cisco in the age of SSL VPNs. Re: native mail being solved, unfortunately, this is not the case. In fact, for most native apps, the mantra has been to use a new browser, new mail client etc. It would be so great if Apple has built-in container for all apps and/or key management for all apps. We do not see this coming.

Companies like us (Wheel Innovationz) have taken a network approach to enabling native apps like email with all the management and security. If only the closed platforms like IOS respect the HTTP headers properly, then we would not have this mess. Any existing proxy or cache csn take care of data-at-rest problem for web apps with the right cache-control header. However, RFCs do not enforce compliance -- so it will always be mess and hacky. I do agree with the simplicity and finally the customer traction are the important success criteria. Workspot resonance in the markertplace suggests that they are doing several things right.

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

appdetective — Wed, 01 May 2013 20:26:11 GMT

Puneet, I actually need a private app store to deliver in house mobile apps that are slowly but surely growing. It also allows me to have a higher level of trust that the source I am using is not compromised, plus all the benefits of MAM like controls in the app development teams want them, or more likely mandated by info sec in order to be mobile.

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

puneetchawla — Wed, 01 May 2013 20:03:17 GMT

We don't know of any solution out there doing a secure app-only tunnel to existing VPNs. If you see one, do let us know. MAM vendors do libc hooking for security. The hooking is not approved by Apple and therefore all the MAM apps are only deployed via private app stores. Can you please do a poll and ask how many customers want to deploy private app stores?

Re: Apple email and APIs

Wait for a few months. Jack posted a good article on "Who says Apple isn't enterprise focused".. and there are some good updates coming in 2013.

re: Could Workspot's freemium approach to BYOD shift focus from "access and control" to "big data?"

appdetective — Wed, 01 May 2013 20:00:17 GMT

@Jack @Brian I don't think MAM will give you access to things like Sharepoint or LOB apps in a simple integrated way. I assume that's the "stuff"/existing workflow point being made in the post coupled with Puneet's point about simplicity. Actually LMAO at the Citrix architecture link, case and point. But:

I don't buy Apple will solve native email. They may add some capabilities to make it more secure, but it's just not what they do. Would love to be proven wrong. The whole bet as far as I can tell to date is on LOB (sunk cost infrastructure) web apps which users know how to use already. Native apps simply can't be ignored. This goes beyond email. The whole HTML 5 vs. native app debate is moot, as in the real world we'll need to deal with both. I don't believe the OWA client will work offline, so that would be a major user experience ding. When I look at your pricing model, it seems to me that your target is small customers for now, so this may matter less, although I still believe everyone wants native email that works offline. Also @Brian today's MAM solutions don't solve native email. They only strip attachments. That's why third party clients are still in vogue.

Your virtualization technology is a container. Those can all be broken, just like MDM can, so it's a question of how much we trust your container vs. Good etc. More details on how secure it is, things it does etc. I assume will be available at some point. I have no doubt that initially you will fail security audits in bigger enterprises as they will require many more security wares. However, your collected data may actually turn into some useful security telemetry that may enable me to trust things more as I can report after the fact. Zero day/malware still a problem though, but I guess that's a pretty level playing field on iOS and not much you can do. Other user experience data your collect could be useful. We've seen things like Citrix Edgesight though, that collected so much data and it's hard to act upon and easy to be led down rat holes. But with modern analytics I'm open to this becoming a lot more than cool reports. Actionable insight please!

@Jack agree, don't like no offline editing. Are their any editors out there that you think are ok? Personally I don't edit docs on my Tablet, but that's my workflow. But if there's a decent editor I should try it.

I see no reason to not be able to use this side by side with MAM to manage the native apps you care about until Workspot has a solution. What I am sure about is that if you blindly pay for MDM you are an idiot outside of niche use cases where you have to own the device. For that I like the free approach. @harry I agree, people need to think more and ignore the marketing BS.

Anyway @puneet good luck, I agree simplicity is goodness that is hard to appreciate until you experience it. Hope to hear about your progress in the coming months.