Earlier this week, Jack speculated about which Mobile Application Management (MAM) companies might be ripe for the picking by Citrix. With such a focus on delivering apps to any device, it seems to make sense that Citrix formally enters that space. I say formally because, in a way, Citrix Receiver already provides some features of MAM platforms, with the isolation of corporate apps and data from the device itself. As the application landscape evolves beyond Windows to include more SaaS and device-native applications, it would make sense for Citrix to get on board.
In the article Jack wrote, he listed a few MAM/MDM vendors that I hadn't heard of, and the consensus in the comments was that they were weak or immature solutions (granted, there were only two comments about that). The recent acquisitions by Dell (Wyse) and Symantec (Nukona) have left the market looking for a leader. Good is arguably the biggest name in the MDM space, but the cream has yet to rise to the top of the MAM space.
With that in mind, we started speculating what else could be good for Citrix, and it occurred to me that since Citrix already has Receiver to deliver apps and ShareFile for Follow Me Data, maybe they want to have a bit more insight into the devices that are connecting to the systems on the inside. Since you can consider Receiver to be an agent to gather data, what if they had technology like Mobilisafe's that could interpret that information and policy network access to applications based on device type, software version, patch level, etc…?
Mobilisafe, if you're not familiar, is a two-part system that currently only works with Exchange (read Jack Madden's overview of Mobilisafe here). The first part sits on the Exchange front end server (or the OWA server or anywhere Exchange bits and IIS bits come together). This part watches traffic coming in from devices that want access to email. Mobilisafe has spent a lot of time learning the nuances of this traffic, and can use what it sees in network traffic to classify and assign devices. That's the second part, which takes place in the cloud. Information is uploaded to Mobilisafe, where the data is crunched, viewed, and administered. MobiliSafe allows you to create policies based on all the information it's collected right down to the user and device OS version, and you can apply these policies from the web interface so that the agent running on IIS can enforce them.
With that in mind, I started thinking about the fact that Mobilisafe's IIS component is probably not their bread and butter IP. Rather, it's probably the reporting engine, policy engine, and the ability to glean so much information out of nothing but network data. Imagine if their technology had an agent to work with…how granular those policies can then get in terms of which applications are allowed to do which things, and how much detail would be in the reports! (Check out what the reporting interface looks like on Mobilisafe's site, and remember, this is all from watching network traffic).
So where does it fit with Citrix? Citrix Receiver, if they wanted, could report back everything anyone ever needed to know about the device that it's installed on. What they can't do with it is manage applications and their access to data when they fall outside of Citrix Receiver. So, imagine if Mobilisafe's policy and device information engine were brought in to work with the data provided by Citrix Receiver? Then, we're talking about massive insight into what apps users are using, how they access the data in the datacenter, and who they are.
As for enforcing the policy (or collecting data on devices without the Citrix Receiver), Citrix already has devices on the edge of the network that can collect that information. Branch Repeater or Cloud Gateway could be modified to collect that information and enforce the policies. Then we can policy the users' access to that information without ever actually managing the device. That's the key, and that's why I think MAM is more interesting than MDM. Citrix + Mobilisafe could deliver that kind of technology as part of an overall "follow-me everything" kind of solution while still adding an element of security to the Wild West of consumer devices, especially if they took it another step further by including an enterprise app store in Citrix Receiver (which is almost certainly coming).
So what do you think? I went back and forth on this as I was planning, because maybe Citrix doesn't want to get into this space. They have Receiver, so maybe all they need to do is add the enterprise app store. In my mind, this would add another dimension by giving them a way to deal with native applications that the user installs, which could be an answer to Horizon Mobile from VMware.