First, let me explain what I mean when I talk about workspace management suites: Today, EUC means dealing with mobile devices and cloud and SaaS apps, and EMM and identity management are some of the main tools we have for dealing with these. “Workspace” management is simply the next stage of evolution, where all these tools get linked together. The result is that users can easily access their data and apps and do their job from any device, and IT can have visibility and apply policies across everything. Basically, it’s what VMware Workspace One does.
Anyway, as I was writing about Oktane last week I couldn’t help but think about how Okta’s identity and EMM products compare to VMware Workspace One. There are a lot of similarities: They both have identity and access management at the core; they both link identity and mobility; and that link enables them both to make contextual access decisions.
Of course there are significant differences, too: Okta is a pure-play identity vendor with a large catalogue of provisioning integrations and support for a wider variety of scenarios; while VMware has a much broader EMM product and does desktop virtualization.
This brings me to a bigger question that I’ve been thinking about for a while: As we’re creating “workspaces” for the mobile and cloud era, how do we evaluate the new crop of broad management options?
Do we do a huge feature comparison among the larger suites, like the EUC options from VMware, Citrix, Microsoft, and IBM? This seems hard when they’re so broad, plus there are plenty of non-technical reasons for a customer to choose one over another.
Or another line of thinking is that since identity management can be used to coordinate most aspects of EUC now, how much does picking one big suite matter? Look at all these things that are common to most identity management products these days:
- They sync with customers’ existing Active Directory, so they can bridge the new “workspace” world with the on-premises Windows world.
- SAML for web apps is spreading; and so are provisioning integrations. Native mobile app SSO is improving, too.
- A lot of EMM platforms have APIs that identity platforms can use to check device compliance, enabling contextual access policies.
- Identity platforms can hook into virtual desktops, too. This year at Synergy, Citrix announced a Federated Authentication Service for XenApp and XenDesktop 7.9, which means that any SAML identity provider can be used to control access.
The result is that even as large, all-encompassing EUC suites are emerging, there’s also a lot that you can do by wiring all your apps and users into a standalone best of breed identity and access management product on your own.
Still, there are certain advantages that come with large suites. For one thing, they can just as easily take advantage of standards to coordinate differeent components, and on top of that they can more easily add extra integrations where identity standards may fall short. They can also offer price advantages through bundles.
This conversation will likely come down to a lot of the standard suite versus best of breed arguments. Overall though, the good news is that the spread of identity management standards enables us all to take advantage of "workspace" concepts, no matter what angle our vendors are coming from.