A few weeks ago I was asked to give a 20-minute overview of enterprise mobility management (EMM) for a Dell Software-sponsored event here in San Francisco. This was a pretty interesting challenge because I had to think, “Wait a second, what are the most important things I would tell someone about EMM in 20 minutes?”
This post is a written version of that talk. Frequent readers will probably familiar with the material, but I thought it would be a good way to cover all of my most recent thinking in one place, or be useful as an introduction for those who are new to EMM.
The most important things you need to know about Enterprise Mobility Management
We all acknowledge how great, powerful, and transformative mobility is in many aspects of our life. There’s not too much to say about this, and no need to waste any time on it—we get it, mobility is awesome!
Naturally we want to take advantage of all this awesome stuff in the workplace, too. But mobility in the enterprise end-user computing space has extra challenges. Let’s take a look at why this is.
It used to be easy. Our end-user applications ran on Windows, or they were web apps designed to be used with a large screen, a mouse, and a keyboard. Mobile devices were essentially dedicated to one task—email—and they were corporate devices with little space for personalization. (Okay, maybe we could do some custom ring tones and a fancy belt clip...) IT had the appropriate tools to manage these devices, and could do so without bothering users.
iOS and Android are much more difficult to deal with. They’re more powerful and run many apps, not just email. That means there’s room for a lot of customization and personal apps and data, and users have close relationships with these devices. From an enterprise perspective, in the very beginning these devices were completely missing the management capabilities that IT was used to having on the previous generation of mobile devices.
At the same time, users were becoming much more empowered thanks to the whole “consumerization of IT” thing. They expected powerful, modern, and mobile tools. If IT didn’t provide them, users could go find them on their own. That, along with BYOD, meant that IT could not ignore iOS and Android.
Soon enough we got the first generation of enterprise features, like support for Exchange ActiveSync, device password and encryption enforcement, secure connectivity, remote lock and wipe, and basic mobile device management (MDM). Ostensibly these made iOS and Android much more “enterprise-ready.”
But were these early tools really the right tools to solve all our problems? Device-level management worked for older phones, so can’t we do the same thing for iOS and Android?
The answer is “not quite.” The reality is these devices are very different, making old-style tools inadequate. Users have a lot of expectations about what they should be able to do on their devices, they often buy them with their own money, and they’re concerned about privacy. On top of all of this, remember we still have to deal with the consumerization of IT. If users don’t like corporate controls, they can figure out ways around them. Things were hard for IT, too, since first generation iOS and Android management tools were often immature, and Android management is a fragmented mess.
Another way to put it is that iOS and Android are challenging to the enterprise because they are multi-tenant phones. There are two stakeholders on every device: the enterprise and the user. As IT, we can’t mess with the user experience, but we still have to secure and manage corporate apps and data. This is especially challenging because mobile devices make it easy to share data back and forth between apps. We could try to prevent this by using device-level controls to lock down devices so no risky data-leaking personal apps present, but this isn’t really solving the multi-tenancy issue—it’s just ignoring it! Users will expect and demand to be able to personalize their devices, no matter what.
I don’t want to give the wrong impression of these device-level management features, though—we’ll see later how they are still the foundation of many different enterprise mobility management scenarios. And these device-wide features are also well-suited for devices used in vertical industries—think point of sale devices, factory floor devices, kiosks, and so on. These are actually easier to deal with—since there’s no expectation of personalization, there are no multi-tenancy issues to solve.
As a result of all the challenges with mobility in the enterprise, we have our new management requirements: We need granular management controls that work at the app or data levels, in order to successfully navigate the multi-tenant device landscape. We need to leave the personal user experience unaffected, while making sure data stays where it should.
One way to get this granular management is by building special “enterprise” versions of apps that have all the necessary management features, sharing controls, and security built-in directly as part of the app’s functionality. Aside from providing granularity, these special apps can also make up for inadequate management capabilities at the device level (think early Android), or just make it so that we don’t have to be as concerned about the device in general. These special apps started out mostly as email clients, but now we have many apps that function this way. We can get them directly from EMM vendors; we can build this functionality into our own apps using SDKs or “app wrapping” tools; and there are many ISVs that partner with EMM vendors to create versions of their client apps with these features.
An alternative to building special apps is to uses specific devices that have granular, per-app policies built into the operating system. iOS already has a few options for this, and the next version of Android will have some, too. There are also other options, like Samsung Knox-enabled devices, to get these features. When granular management features are built into the OS, then they can be applied to any app, not just special enterprise apps. However, this technique generally requires that IT is managing the device.
Now enough with the abstract talk of multi-tenancy and granular management—it’s time to look at how we can use enterprise mobility management to actually enable our users.
First, there’s email. For most of us this is probably already enabled on iOS and Android. There’s nothing more we have to do on that side. But if we want better control, there are a few options. In addition to enforcing more security policies and preventing data loss, many companies want to get more granular so that if they have to wipe email off a user’s device, they don’t have to wipe the whole device (possibly erasing some of the user’s personal data). There are a few approaches here: IT can take the built-in email client and use MDM to provision and de-provision email accounts and credentials, or you could use a third-party app and then just wipe the app if needed. Both techniques are valid, depending on your situation.
Second, we need to enable file access. This is crucial because iOS and Android don’t really have any way to do this natively, yet there are a ton of third-party consumer file syncing apps that users can find on their own. Fortunately, there are just as many enterprise-oriented file syncing products available.
After enabling the basics, the next step is the wide, diverse world of enterprise applications. Some applications or SaaS services you use will already have readily-available mobile clients in the public app stores. Of course many won’t—and building native mobile apps is a challenge that many companies are not ready to take on. There are many alternatives, though—mobile app development platforms, simple code-less app creation tools, mobile backend as a service offerings, remote desktops, remote desktop form factor transformation, web app transformation, and more. The key thing to remember is that “mobilizing” an application doesn’t mean just giving it a new touch-friendly UI. Instead, it’s a different state of mind. The functions may be paired down, different, or re-combined and presented in a new way that takes advantage of mobility’s unique characteristics.
Once you figure out granular management and enablement, dealing with BYOD and personal devices becomes much simpler. Why? The user is going to have the exact same needs and expectations no matter who bought the device and who’s paying the phone bill. (And remember the devices are exactly the same, too.) The real challenges come up for human resources and legal departments! From a management perspective, sure, maybe we’ll lean on app-level mobile app management for personal devices, and be sure to use MDM for corporate devices, but remember, most of what we do will be the same no matter whose device it is.
Finally, what’s your strategy to put this all together? A lot of people talk about big formal strategies, but it shouldn’t be so complicated that it slows down your mobile efforts. Addressing the various tactical issues covered here one by one—email, file syncing, looking at how to mobilize various apps, deciding how to handle personal devices, accommodating multi-tenancy—can add up to a fairly comprehensive strategy. If you want something more formal, one place to start would be to think about proactive mobile enablement, with an appropriate level of security and management.
The enterprise is ready to benefit from mobility just like so many other areas of our lives have. We have the tools to take advantage and get start, so have at it!