[Note: This article was originally published on September 13, 2016. We’re republishing it today because we’ll be taking Thursday and Friday off for the Thanksgiving holiday.]
Over the summer I wrote a series of articles about the state of EMM in 2016:
First, I wrote that many of the tools and concepts for enterprise mobility are actually becoming quite mature. This includes the devices themselves, EMM platforms, options for making apps, and the ways we think about enterprise mobility.
Second, I wrote about the stages of enterprise mobility adoption. These include organizations that feel they have to use EMM for compliance or scale reasons; organizations that are actually strategic about devices and apps; and the largest group, organizations that are doing mobility on an ad hoc basis.
Third, I wrote about when we’ll achieve widespread mobility and what it will look like. When enterprise mobility ceases to be a huge talking point and instead becomes as fundamental and as taken for granted as the Internet is today, then it will truly have arrived.
Most recently, I wrote about why organizations might want to start getting serious about enterprise mobility. There are a lot of good reasons, but the most important is that now EUC involves a lot more than just Windows desktops, and mobile devices and cloud apps are here to stay.
Today I’m going to write about some of the biggest issues we face in enterprise mobility. We already cover these frequently at BrianMadden.com, but I’m outlining them here to have everything in one place and round out my 2016 state of EMM series.
Mobile app management is still hard
There’s always been a degree of confusion around different MAM techniques, and occasionally various parties have declared one technique or another to be the winner. The reality is that there are tradeoffs, and all techniques (including app wrapping, SDKs, device-based frameworks, and the AppConfig approach) have their own strengths and weaknesses. And unfortunately, there are some use cases today that are still challenging, such as managing public apps on devices that can’t be enrolled on MDM.
The good news is that many vendors and customers are now thinking about MAM in more nuanced ways; plus Apple and Google are getting more public about their involvement with the AppConfig Community. For more on the present MAM landscape, check out this article and this presentation.
We’re still unsure about mobile security
There’s a lot to be said about the security benefits of sandboxed mobile apps and curated app stores. On the other hand, there’s no shortage of reports (sometimes filled with FUD) about the increasing rates of mobile malware. What’s the reality?
Earlier this year, the Verizon Data Breach Investigation Report did not find significant real-world data about mobility as a vector of attack on organizations. However, more recently we had the Trident/Pegasus attack and it was indeed alarming. It was highly targeted, though, and iOS has since been patched. Phishing and stolen credentials are important issues, and companies continue to be concerned about apps that could potentially leak data.
Regardless of your level of optimism or pessimism about mobile security, there are industry improvements that can help. Identity management is spreading and can do a lot of smart things to protect and control access to resources. Many third-party mobile security products can be integrated with EMM platforms, which makes it easier to deploy agents and enforce policies. (Even Microsoft EMS is getting in on this, with their partnership with Lookout.)
The BYOD experience still needs refinement
Amid debates about whether BYOD will become the norm or be less popular, most organizations have become comfortable with personal devices and some form of mixed work and personal usage. Newer refinements might involve split calling, split billing, and privacy.
Some users don’t want to give out their personal phone numbers to work contacts, and text messages could be a compliance issue. To help solve this, there are many dual phone number options, which can normal PSTN phone calls (without requiring dual SIM cards) or VoIP. (The new iOS CallKit API will make VoIP apps more user friendly, too.)
EMM vendors have been making extra efforts to reassure users about privacy, including more user education, and as previously mentioned, more nuanced uses of MAM and MDM techniques.
We need to take advantage of new app concepts
There are many options for sourcing and creating enterprise mobile apps these days, but the key is the concepts behind the apps. Compared to legacy apps, mobile apps are smaller, more numerous, more targeted, and evolve faster. It’s also important to think of ways to take advantage of all the unique attributes brought by mobile devices: They’re not just small and portable—they have location services, image sensors, push notifications, and many other easily-integrated sensors and data sources. These will enable new brand business opportunities.
We need to figure out Windows 10 and unified endpoint management
Windows 10 MDM APIs and other mobile-style features are getting a lot of attention, but of course it’s going to take a long time to move enterprise desktops to a new management model. The good news is that newer features can be mixed and matched with established management techniques.
Unified endpoint management (UEM) combines EMM with laptop and desktop management. It’s an attractive idea, but the caveat is that not all UEM offerings are equal: some only support Windows 10 MDM APIs; some support traditional client lifecycle management; and some use newer technologies (like VMware with TrustPoint).
The bottom line is that Windows 10 and UEM bring a lot of new options for management, but we also have a lot of questions to answer and new best practices to learn. It’s going to be interesting!
“Workspace” management is coming
A well-managed Windows desktop used to provide users with everything they needed to get their jobs done, but now in the mobile and cloud era, we need a lot more tools—MDM, MAM, remote apps, SSO/federation, web apps, new types of security, EFSS, and more.
The workspace management concept uses identity to bring together as many of these tools as possible. Users should be able to easily access their data and apps anywhere from different types of devices, and administrators should have visibility and policies that cover as much as possible.
One question that comes up is whether workspace management will push customers towards large EUC suites, or if identity management standards will make it easy enough for customers to roll a “workspace” on their own.
Naturally this list isn’t exhaustive, and only covers a few of the top enterprise mobility issues today. If you’re facing other issues, feel free to leave a comment below.
If you’ve read this state of EMM series, you might also be interested in my annotated list of my favorite EMM resources and articles.