Citrix acquires Zenprise to add mobile device management (MDM) to its mobile offerings.

Yesterday afternoon Citrix announced that they will be acquiring mobile device management vendor Zenprise. This means that aside from managing mobile apps-a capability that Citrix announced this year with CloudGateway MDX and the Me@Work apps-Citrix will be able to go a level lower to manage mobile devices as well.


Yesterday afternoon Citrix announced that they will be acquiring mobile device management vendor Zenprise. This means that aside from managing mobile apps—a capability that Citrix announced this year with CloudGateway MDX and the Me@Work apps—Citrix will be able to go a level lower to manage mobile devices as well. Citrix says that this will let them accommodate more use cases, while I’ve argued in the past that they shouldn’t bother with device management. Let’s dig in.


Having been around since 2003, Zenprise is one of the well-established MDM vendors,  and they’re well-funded too. Things have been changing in the MDM world though, and Zenprise saw the need to add mobile application management (MAM) to their existing MDM capabilities. Less than a month ago they built a brand new MAM offering called Zensuite. Zensuite was huge win for them, and if they had stayed a standalone company the MAM industry would have had another major player along the likes of Good Technology or MobileIron.

The mobile management spectrum

Zenprise’s new Zensuite product takes a middle-of-the-road approach to MAM. While most corporate resources are managed at the app level, email is still delivered to devices’ native, built-in clients. Email attachments, however, are encrypted before they’re delivered to the device where they can only be opened with corporate-managed applications. So while you’re forced to use MDM to secure the email, because the attachments are encrypted you don’t have to worry about policing users’ personal apps for potential security risks.

In addition to this new technique, Citrix will also gain the more traditional MDM approach from Zenprise: secure everything at the device level (and possibly manage some apps as needed). Email, apps, and attachments all live together on the same device, with no internal isolation (by mobile standards). But since random apps that users install could potentially leak corporate data, IT has to keep track of them in order to keep everything safe. Most users are uncomfortable with this idea, so it’s pretty much a non-starter for BYOD. And since many users treat corporate phones the same as personal phones, (an iPhone is an iPhone no matter who bought it, right?) policing user apps is unwelcome there, too.

At the other end of the spectrum is what Citrix CloudGateway MDX has been doing, which is only focusing on apps and not bothering to manage the device at all. All the work stuff—including email—goes into secure, managed apps. The work apps can communicate with each other, but IT can restrict how much they can talk to personal apps. (For more on this, check out Defining dual-persona mobile app management.)

What does Citrix get?

Earlier this year Citrix came onto the dual-persona MAM scene in a big way—first with basic MAM and then with all of the Me@Work apps—which has been very impressive. Now, besides picking up MDM and the encrypted email attachment thing, Citrix is also getting Zenprise’s Sharepoint integration app and cloud-based MDM option (Zencloud). Most important, though, is Zenprise’s customer base and visibility, since Citrix has only been in the mobility management space for a few months now.

I talked to Scott Schwarzhoff, VP of product marketing at Citrix, and while he couldn’t share very much about what the Zenprise integration will look like, he did emphasize that everything will be combined into a single product. So no matter where a company wants to sit on the spectrum of device versus app management, they’ll be able to dial it in from one place.

While this is convenient, it doesn’t change my belief that device management is unnecessary for many users. I had hoped that by staying out of device management, Citrix customers would be forced to avoid the knee-jerk reaction of slapping some MDM on their devices. Citrix had the chance to force customers to more carefully consider what they really need to secure.

Why is putting MDM on your users without considering MAM bad? First of all, without any app level tools, there’s no way you can MDM your way into separating work and personal worlds on a single device without annoying users. When when your enterprise mobility solution is apps only, it makes adding all those extra personal devices easy. There’s no need to worry about changing settings, installing profiles, deleting blacklisted apps, or privacy issues—just install the work apps and you’re ready to use the iPad that you picked up because it was closer than your work phone.

So it’s disappointing that Citrix didn’t take the opportunity to say “Okay, mobility means working with apps only, don’t worry about the  devices.” Citrix will be able to cast a wider net for customers, though, and once those customers are in and once they’re ready, then they’ll be able to dial their environment away from managing users’ devices and towards simply managing corporate apps.

Citrix versus other MAM/MDM

One interesting quote (from this New York Times article) came from Amit Pandey, the CEO of Zenprise: “We didn’t really know Citrix had moved as far ahead in mobile management apps as they had.” Over the last year, I’ve talked to more than a few mobile-centric vendors that have been surprised to learn that virtualization-related vendors like Citrix, AppSense, and VMware have gotten into MAM.

By adding device management, Citrix now has complete feature parity with the other top MAM players—remember, both Good Technology and MobileIron offer device management, too. And let’s not forget that Zenprise is a top vendor in the MDM space, too, so Citrix will now be competing with AirWatch, Fiberlink, and others.


Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I do disagree with you on the "Citrix shouldn't bother with MDM" or "don't worry about devices"... Like in FlexCast for desktop virtualization there is flavor that suite any needs, you will need MDM as some business/type of users require to get control of the device while others will not... This is Pareto rule... Now, are your business the one where 80% need MDM or MAM for BYO ?



As an employee at Citrix I thought the same way for a little while but soon realized customers were just not ready to adopt that mind set.  I work in Public Sector at Citrix and although most of my customers like the idea of a MAM only framework the Security Officers and specific federal guideline's do not agree.  Whatever their reasoning may be many agencies need app inventory, device inventory, asset tracking, geo-fencing, device level wipe, etc.  I also think it depends on the scenario.  For example, some agencies want to offer some sort of BYO program and for that offering they may be okay with MAM. Problem is, many agencies are not ready for true BYO and may never be.  Many of them offer Government Furnished Equipment (GFE) programs and need an enterprise MDM solution along with MAM to distribute the thousands of phones and tablets.  Other verticals fall into this mindset as well like Healthcare, Banking, Wall Street, etc.  In the end many customers will only need Receiver & MAM, but the MDM choice for some customers will be the key to our success in the Enterprise Mobility market.


@Scott - The only reason why those customers want a full blown MDM approach instead of MAM is because they don't understand the MAM space.  Pure play BYOD doesn't work well with MDM.  If a customer CISO/CTO/CIO truly understands BYOD they would only do an encrypted container approach and not try to mess with device level management.  There are a small number of customers (primarily military/government) that are not trying to handle BYOD, but are rather trying to enable corporate owned device management and really don't care about the personally enabled side of COPE.  For those people, MDM is a perfect fit.  So is there no reason to own an MDM solution, of course not.  If you're one of those companies trying to ensure strict standards on company owned devices, then MDM is perfect.  If you're really trying to enable BYOD, then MAM/MIM is the only way to go.



@Shawn I'm pretty sure we said the same exact thing lol


@Jack @Shawn,

BYOD is a growing and attractive target and MAM/MIM is great for that.. but its not the only use case. We want to provide organizations full EMM ( Enterprise Mobile Management ) which includes BYOD as well as corporate liable/owned devises.


In fact we see many situations where a BYOD executive recognizes the productivity benefits of an iPad and then buys them for the entire organization. Some may be COPE for knowledge workers, and others may be locked down shared devices for specific tasks. These devises need MDM.  

Another example .. "Enterprises buying iPhones in droves "

good post and comments.


MDM is nothing more than a feature of MAM. MAM has MDM capabilities that can be applied in the application context, full device if you want.


The world of enterprise mobility has significant and seemingly intractable challenges as the new wave in the management of data devices is neither individual nor enterprise.Data and applications in a device are allocated for either personal or professional use. Hence different layers of security are assigned along with the access rights within the organization.