Yesterday afternoon Citrix announced that they will be acquiring mobile device management vendor Zenprise. This means that aside from managing mobile apps—a capability that Citrix announced this year with CloudGateway MDX and the Me@Work apps—Citrix will be able to go a level lower to manage mobile devices as well. Citrix says that this will let them accommodate more use cases, while I’ve argued in the past that they shouldn’t bother with device management. Let’s dig in.
Having been around since 2003, Zenprise is one of the well-established MDM vendors, and they’re well-funded too. Things have been changing in the MDM world though, and Zenprise saw the need to add mobile application management (MAM) to their existing MDM capabilities. Less than a month ago they built a brand new MAM offering called Zensuite. Zensuite was huge win for them, and if they had stayed a standalone company the MAM industry would have had another major player along the likes of Good Technology or MobileIron.
The mobile management spectrum
Zenprise’s new Zensuite product takes a middle-of-the-road approach to MAM. While most corporate resources are managed at the app level, email is still delivered to devices’ native, built-in clients. Email attachments, however, are encrypted before they’re delivered to the device where they can only be opened with corporate-managed applications. So while you’re forced to use MDM to secure the email, because the attachments are encrypted you don’t have to worry about policing users’ personal apps for potential security risks.
In addition to this new technique, Citrix will also gain the more traditional MDM approach from Zenprise: secure everything at the device level (and possibly manage some apps as needed). Email, apps, and attachments all live together on the same device, with no internal isolation (by mobile standards). But since random apps that users install could potentially leak corporate data, IT has to keep track of them in order to keep everything safe. Most users are uncomfortable with this idea, so it’s pretty much a non-starter for BYOD. And since many users treat corporate phones the same as personal phones, (an iPhone is an iPhone no matter who bought it, right?) policing user apps is unwelcome there, too.
At the other end of the spectrum is what Citrix CloudGateway MDX has been doing, which is only focusing on apps and not bothering to manage the device at all. All the work stuff—including email—goes into secure, managed apps. The work apps can communicate with each other, but IT can restrict how much they can talk to personal apps. (For more on this, check out Defining dual-persona mobile app management.)
What does Citrix get?
Earlier this year Citrix came onto the dual-persona MAM scene in a big way—first with basic MAM and then with all of the Me@Work apps—which has been very impressive. Now, besides picking up MDM and the encrypted email attachment thing, Citrix is also getting Zenprise’s Sharepoint integration app and cloud-based MDM option (Zencloud). Most important, though, is Zenprise’s customer base and visibility, since Citrix has only been in the mobility management space for a few months now.
I talked to Scott Schwarzhoff, VP of product marketing at Citrix, and while he couldn’t share very much about what the Zenprise integration will look like, he did emphasize that everything will be combined into a single product. So no matter where a company wants to sit on the spectrum of device versus app management, they’ll be able to dial it in from one place.
While this is convenient, it doesn’t change my belief that device management is unnecessary for many users. I had hoped that by staying out of device management, Citrix customers would be forced to avoid the knee-jerk reaction of slapping some MDM on their devices. Citrix had the chance to force customers to more carefully consider what they really need to secure.
Why is putting MDM on your users without considering MAM bad? First of all, without any app level tools, there’s no way you can MDM your way into separating work and personal worlds on a single device without annoying users. When when your enterprise mobility solution is apps only, it makes adding all those extra personal devices easy. There’s no need to worry about changing settings, installing profiles, deleting blacklisted apps, or privacy issues—just install the work apps and you’re ready to use the iPad that you picked up because it was closer than your work phone.
So it’s disappointing that Citrix didn’t take the opportunity to say “Okay, mobility means working with apps only, don’t worry about the devices.” Citrix will be able to cast a wider net for customers, though, and once those customers are in and once they’re ready, then they’ll be able to dial their environment away from managing users’ devices and towards simply managing corporate apps.
Citrix versus other MAM/MDM
One interesting quote (from this New York Times article) came from Amit Pandey, the CEO of Zenprise: “We didn’t really know Citrix had moved as far ahead in mobile management apps as they had.” Over the last year, I’ve talked to more than a few mobile-centric vendors that have been surprised to learn that virtualization-related vendors like Citrix, AppSense, and VMware have gotten into MAM.
By adding device management, Citrix now has complete feature parity with the other top MAM players—remember, both Good Technology and MobileIron offer device management, too. And let’s not forget that Zenprise is a top vendor in the MDM space, too, so Citrix will now be competing with AirWatch, Fiberlink, and others.