Over the last several months, I’ve had the opportunity to advise entrepreneurs across several technology segments. What’s common amongst the ones I respect is that they have a deep appreciation of how their target users behave in their lives. This allows them to filter out a lot of industry noise, assumptions, and opinions that can distract from the fundamental exercise of immersing yourself in the user experience before building a product. This enables the formulation of data-driven hypotheses, which leads to product prototypes that better empathize with the needs of the end-user. I especially like that this approach encourages all to ask the Columbo questions. And of course, it’s always fun to take part when one is invited to do so!
My observation of the various industry discussions on Bring Your Own Device (BYOD) is that they all to hold similar assumptions about technology approaches. There's sparse discussion about how the products are actually “used” vs. opinion. (Such as, "users don’t like technology approach X," or arcane feature debates).
Let’s take the case of Mobile Device Management (MDM). Money (Airwatch raises $200M) is being thrown at it and consolidation (Citrix acquires Zenprise) is taking place. This is happening despite ample sentiment that MDM is a commodity and users don’t want it. I’ve even heard opinions such as, “The MDM vendors are hiring $12 per/hour sales armies just to flood the market with seats priced as low as $0.60 per user/per month so they can upsell into this customer base with future wares.”
So MDM is heading to free, users hate it because it provides no personal freedom, and it’s not clear for what it's actually used. What do users actually do with an MDM managed device beyond corporate controlled email, browsing, calendar and contacts? Is it really that different to a Blackberry Enterprise Server on a non-RIM device? How much additional productivity does MDM really enable?
The incumbent vendors know this and are tweaking their MDM messaging to now say something along the lines of: MDM is a foundational piece of a larger macro trend called Enterprise Mobility Management (EMM). A classic case of, if you can’t win, you create a new category instead that pushes you into the position of looking like an industry leader.
While vendors are busy positioning themselves, we’re seeing the evolution of the market towards Mobile Application Management (MAM), file synching solutions such as from Box/Citrix’s ShareFile and nascent talk of MIM (Mobile Information Management). We’re also seeing the emergence of SaaS aggregation services such as Citrix Cloud Gateway and VMware Horizon. Have no doubt that these types of solutions, as they mature, will all be leveraged to strengthen the EMM category as analyst’s arms are also twisted to hasten the process to explain to you what EMM is. That’s all business as usual and I have no issue with it. However...
All this innovation is great, but again I have to ask to do what? How? Why?
I’m a big fan of the nascent MAM market, but it’s still unclear beyond email/browser what mobile apps people actually care about for work. I’ve even suggested to Gabe that there should be a place on BM.com where people register what mobile apps they want to be MAM ready for work. When we understand that, we can have a meaningful discussion about what standards should evolve based on market demand.
MIM falls into the realm of "theory" for most, although there are various content protection approaches, (which are still evolving). The file sync vendors gloss over the costs of process and governance that have already been sunk into on premises storage, regulation, and migration costs. They're getting better, but new approaches will be required and need to mature for true enterprise enablement. But even here, thinking of data alone and applying user-based policy to it only partially addresses the end users' need to be productive.
Then there are the aggregators—who are still nascent—trying to figure out how to integrate content and data and apps into their MDM/mobile strategy. These are definitely not simple to use yet—especially if they also have to serve the dual purpose of replacing legacy functionality such as Citrix Web Interface.
With so many options, many end users and IT buyers become confused. As a result, many take a "wait and see" approach, simply trying the lowest common denominator approaches like MDM for now. But it still leaves me wondering, "Does this make the end user more productive?" Even when I try really hard to rationalize it, it’s marginal value at best.
Of course, I’m just one person, so I decided to test assumptions and asked friends and family not in the tech industry how they actually work. Their opinions are summarized below:
- The reality for them is that the “stuff” they care about is still mostly at work.
- They care about getting access to some of their “stuff” on devices they want.
- They are not anticipating a giant move away from PC/Laptop anytime soon but hate the experience IT has created. (Locked down, not personal, clumsy VPN, multi-factor authentication and so on.)
- Some of the more technically minded also stated weak CIOs who won’t challenge their CSO or invent anything except status quo, etc.
- As a result, they are much more open at the very least to using mobile devices as an additional device, and want to be able to do some work on them, as long as it is relatively simple and painless.
- The most insightful mobile productivity use case I heard was. “I want to be able to collaborate outside the firewall with everybody I connect with for work.”
- They have virtually zero in-house mobile apps that IT has developed for them. They see this as something that will happen slowly. They expect that business leaders will need to drive this, as IT doesn’t have the business insight to know what to build in many cases. Large IT shops more in touch with business.
- Friends working at smaller organizations have far less legacy and feel much more confident and open to tablet workflows.
- Universally they have no interest in using remote protocols on tablets on a regular basis for work.
A company called Workspot has just launched with an approach to solving these types of use cases. The solution summary at a high level is a simple-to-use, secured workspace (not dual persona) on a personal user tablet. The tablet acts as a springboard for enterprise applications, and provides frictionless access to applications and data secured behind firewalls leveraging existing infrastructure.
Available from the app store, the Workspot client application at a technical level is a virtual encrypted file system and network stack on top of which various security, data collection and HMTL5 application viewer services are built. Workspot is calling this their unique approach to mobile virtualization.
It’s clear to me that mobile clients are becoming the new rich client. I find too many people still apply a thin client mindset to mobile devices. i.e. "Devices don’t do much and everything is in the cloud." This results in niche solutions that don’t work offline, resulting in a poor user experience. Services and content will be consumed close to where the user performs the execution. As this happens, the security perimeter must move closer to the user/content. We’d be foolish not to take advantage of all the power that devices offer in ever increasing permutations. You can no longer assume your enterprise firewall is your current DMZ perimeter. Your DMZ must extend to the device in a mobile world to enable user experience. To enable this, new mobile client security approaches are required.
The Workspot client is configured from Workspot Control, which is a free SaaS service. The setup is a two-step process: enter the existing VPN address and URLs for applications. Once configured, the client communicates with your existing enterprise infrastructure. Workspot supports enterprise infrastructure products including Cisco Adaptive Security Appliances (ASA), Dell SonicWALL Secure Remote Access (SRA), Juniper SA Series SSL-VPN, F5 SSL-VPN, RSA SecureID, and Microsoft Active Directory.
One thing I really like about the approach is that the data plane is back to the enterprise. So this makes the scalability of the solution as scalable as your existing infrastructure, and avoids high data costs flowing to and from a SaaS service. Additionally your corporate data does not flow through their SaaS service. I’ve learned from experience that many enterprises (due to security and regulatory reasons) will reject your SaaS solution when corporate data does not flow through existing trusted infrastructure.
Once connected, users have access to on-premise applications and SaaS applications. Also, by virtue of being a SaaS service, various analytics can then be collected and insight into the end user experience reported on.
The overall experience is simple. You set up your company at www.workspot.com and then add your users. Once complete you can add various apps and policies. Users authenticate directly against your VPN appliance and its Active Directory + SecureID setup. The Workspot client only authenticates when the user is successful in unlocking the application with their PIN.
Once the company, apps, policies and users are set up, the user simply downloads the Workspot client from a public app store and provides their email address. The Workspot client talks to the Workspot service and determines the configuration for that user. The Workspot client then prompts the user for their usual credentials, most likely Active Directory for most enterprises. These credentials are authenticated directly against the VPN appliance. The user then has access to corporate email using Outlook Web Access, Intranet, content and SaaS applications. The user can browse their work content.
That content can then also be edited or viewed using one of the viewers. Additionally, Microsoft has embedded web versions of Office into all their repositories (Skydrive, SharePoint etc.). For editing, Workspot is enabling Microsoft Office Web Edit that is bundled into SharePoint 2010 and above. This allows online editing in place and offline viewing if policy permits. Support for network file shares will be added in a future release, which will support viewing.
I asked the Workspot team if offline editing would be possible. Their opinion at the time was, that without access to the full fidelity document offline it made less sense to edit. They have also deliberately chosen not to enable other Office editing tools, because they feel that the quality of Office viewers/editors currently available on the iPad are really poor.
So overall my impression is that this approach is far simpler than MDM and workspace aggregation solutions on the market today. It get’s a user to the important work “stuff” that’s relevant today on personal devices, while also preserving the freedom to use devices for personal use. As a career enterprise guy, I also really like that the Workspot team is focused on user productivity, simplicity of experience, and low friction for IT, while also taking into account existing sunk cost of on-premise assets/services and avoiding the dual persona approach to BYOD which users don’t want.
I believe when all of this is considered in the context of the freemium business model described below, at the very least many will be compelled to consider this approach to enabling BYOD.
Freemium business model with a new value proposition
Most people are familiar with free products that get you to use their wares, which then upsell advanced features. So what’s different here?
The product is not crippled in terms of features that enable client security and application access. Workspot allows you to use the product for an unlimited number of users indefinitely (others solutions have time limits). In effect, this means that Workspot are trying to commoditize the access and control part of the value chain for a large segment of customers.
It’s a great answer to the $12 an hour sales guy knocking on your door trying to ram MDM down your throat. More importantly, I think this will incentivize many to ask better questions even if they still want to invest in MDM/MAM/other to cover additional application use cases. The conversation can now evolve to: Which approach better enables user productivity? How much of one particular approach do I need and what’s the respective value? The answers will be different depending upon each customer. But with 600 million people working within traditional enterprise today and an estimated 750 million tablets in 2015—representing more endpoints than desktops and laptops combined—there is a substantial segment of customers for whom a free product like this, that is aligned with existing enterprise workflows, will better increase user productivity vs. current alternatives.
That’s a lot of value to give away for free. You may wonder why Workspot would do such a thing. This is true, but it all depends on where you believe you are creating value and what the customer will pay for. For traditional BYOD solutions, the value has been created in access and control. Workspot believes the value will come from insights created via the data generated by users using their service. In other words, end user big data created on mobile devices. They plan to leverage big data techniques to convert massive quantities of end point session data records into greater visibility, security, and performance. The data collected from free access and control represents end point visibility and big data that can perhaps be monetized a la ArcSight and Splunk. I also envision future opportunities to add advanced access and control capabilities to meet additional enterprises needs.
Are they right? I don’t know, but one thing is for sure. It’s a bold move that I admire as something that could be very disruptive. There’s a good team in place. I worked with Workspot CEO Amitabh Sinha at Citrix when he was VP of product management for XenDesktop. So I can certainly attest to his understanding of the problem and am very impressed with progress to date. Early last year, this was just a discussion that we had.
At that time, there certainly was the question of does this cover all app use cases? Well clearly it doesn’t today, it doesn’t directly replace RDS/VDI or offer a solution for native mobile apps. However, the focus for Workspot is to address use cases for mobile that they believe people will use for work today. Other use cases such as mobile apps, can be added in a variety of ways in the future when its more clear what users will actually do. Despite this, what insights customers actually buy via analytic modules remains to be seen.
Perhaps there’s hope for frustrated systems admins as illustrated in this hilarious video, staring Brian Madden as a systems admin struggling to support users who have all just been give Tablets. Brian’s current answer is to return their laptops…
I’m fortunate to be privy to a number of emerging stealth ideas. The BYOD, mobile, consumerization, cloud access market is still young and much innovation is needed to enable user productivity. New ideas are emerging and the value chain is evolving. In such a dynamic market, there is no reason not to rethink everything and develop solutions that people actually want to use. Disrupting incumbent approaches and forcing the pace of change is great for the industry. So congratulations to the Workspot team on their launch. I wish them the very best of luck and encourage the community to not be shy, and ask the Columbo questions.