Last week during the Citrix Synergy keynote, Citrix announced that CloudGateway v2 will do mobile application management and app wrapping. During that same keynote, they also briefly showed a native mobile mail client. While it was glossed over pretty quickly in the keynote, we’ve been wondering: could this be a competitor to Good Technology’s sandboxed email client?
What did Citrix announce around mobile app management at Synergy?
Citrix announced CloudGateway Version 2, to be released sometime in July. If you’re not familiar with CloudGateway, it’s a solution that aggregates all of a user’s Windows, web, and now mobile apps into one interface.
As I wrote a few weeks ago on BrianMadden.com, one of the big missing features of CloudGateway was that it didn’t deliver native mobile apps. (In other words, it didn’t deliver iOS and Android apps.)
CloudGateway 2 will change that, with some new technology that Citrix is developing to “wrap” native iOS and Android apps in a secure management layer. (“App wrapping” is a method of taking existing mobile application binaries (.ipa files for iOS and .apk files for Android) and adding a layer of extra code around them to add features or change their behavior. Different solutions have slightly different approaches, but generally they perform some basic tests to make sure the apps are secure, and they can add common features around the apps like encryption, passcodes, app-specific VPNs, etc. The idea is that even if a mobile device isn’t encrypted or doesn’t have a password, the individual apps will.) Citrix was the second company making app wrapping news last week—AppSense announced an app wrapping acquisition a day earlier. Other MAM companies like Mocana and Nukona (recently acquired by Symantec) have similar capabilities.
Beyond the app wrapping stuff, Citrix also talked about their larger mobility strategy. For example, Citrix Receiver with ShareFile allows users to open files, in a remote XenApp session or the native local app of their choice, using the “Open In...” feature. The problem is that this isn’t very secure, because a user could choose to open an important corporate document via whatever insecure backwater app they choose. (And the only current controls for admins are simply to disable the “Open In...” feature altogether.)
Moving forward, Citrix Receiver will allow more granular filetype association and “Open In..” controls. For example, admins will be able to specify that certain file types in ShareFile can only be opened via other secure mobile apps that are wrapped, managed, and delivered via CloudGateway.
All these features show that Citrix is really making a serious push in the mobility space. While before their way of addressing the issue was with remote Windows applications, now Citrix can provide managed native mobile apps (along with a much better user experience because the apps are actually built for small touch screens).
Citrix: a mobile email app provider?
There was one thing we saw last week that didn’t get much attention: In the demo section of the keynote, Brad Peterson showed an iPad with several native iOS apps that were delivered and managed by CloudGateway 2. One of those apps was called “Mail,” with an icon that looked like the Outlook 2010 icon. So while we know that Citrix was showing a native mail app, we don’t know whether it was something they built themselves, something they bought, or just a regular off-the-shelf app they were able to get to package for delivery via CloudGateway.
You might be thinking, “So what? It’s just an email client?!?” As it turns out, email clients on mobile devices are especially interesting, and an email client that’s sandboxed (thanks to CloudGateway 2’s app wrapping) solves one of the biggest issues with mobile device security today.
The reason is that almost all mobile devices (I’m looking at you first-gen Playbook!) feature a mail client built into the OS. This problem is that other random applications often access the mail client for various reasons (sending mails on behalf of the app, finding “friends,” siphoning contacts for spam, etc.). This poses obvious security risks, and one way to reduce them is to control what apps are allowed to be on a device using an MDM solution. Unfortunately, blacklisting and whitelisting specific apps is tricky—especially in BYOD solutions. The only other alternative is to completely lock down the device, but again users will revolt if you try that in a BYOD scenario.
So this is where this concept of just securing the mail application comes in. This is something Good Technology has been doing for years—their secure email solution involves users running the Good mail client instead of the device’s native mail client. As you can imagine, Citrix could achieve a similar result with their ability to “wrap” a mail client with their management layer.
Beyond mail clients
Where it gets really interesting for Citrix is if you think about what else they could wrap besides a mail client. With CloudGateway, you can wrap any app and make it a trusted part of a corporate environment. (Well, any app where the developer will share the package files with you.)
One final note: there’s one developer who we know will make their native mobile apps integrated: Citrix! Have you looked at how many native mobile apps Citrix has now? Receiver, ShareFile, Podio, GoToMeeting... and you know every one of those will be available to be plugged into the Citrix mobile environment. So it’s brilliant both for companies that want to wrap their own apps and also for Citrix’s apps!