Would Citrix + Mobilisafe be the match Jack is looking for?

Earlier this week, Jack speculated about which Mobile Application Management (MAM) companies might be ripe for the picking by Citrix. With such a focus on delivering apps to any device, it seems to make sense that Citrix formally enters that space.

Earlier this week, Jack speculated about which Mobile Application Management (MAM) companies might be ripe for the picking by Citrix. With such a focus on delivering apps to any device, it seems to make sense that Citrix formally enters that space. I say formally because, in a way, Citrix Receiver already provides some features of MAM platforms, with the isolation of corporate apps and data from the device itself. As the application landscape evolves beyond Windows to include more SaaS and device-native applications, it would make sense for Citrix to get on board.

In the article Jack wrote, he listed a few MAM/MDM vendors that I hadn't heard of, and the consensus in the comments was that they were weak or immature solutions (granted, there were only two comments about that). The recent acquisitions by Dell (Wyse) and Symantec (Nukona) have left the market looking for a leader. Good is arguably the biggest name in the MDM space, but the cream has yet to rise to the top of the MAM space. 

With that in mind, we started speculating what else could be good for Citrix, and it occurred to me that since Citrix already has Receiver to deliver apps and ShareFile for Follow Me Data, maybe they want to have a bit more insight into the devices that are connecting to the systems on the inside. Since you can consider Receiver to be an agent to gather data, what if they had technology like Mobilisafe's that could interpret that information and policy network access to applications based on device type, software version, patch level, etc…?

Mobilisafe, if you're not familiar, is a two-part system that currently only works with Exchange (read Jack Madden's overview of Mobilisafe here). The first part sits on the Exchange front end server (or the OWA server or anywhere Exchange bits and IIS bits come together). This part watches traffic coming in from devices that want access to email. Mobilisafe has spent a lot of time learning the nuances of this traffic, and can use what it sees in network traffic to classify and assign devices. That's the second part, which takes place in the cloud. Information is uploaded to Mobilisafe, where the data is crunched, viewed, and administered. MobiliSafe allows you to create policies based on all the information it's collected right down to the user and device OS version, and you can apply these policies from the web interface so that the agent running on IIS can enforce them.

With that in mind, I started thinking about the fact that Mobilisafe's IIS component is probably not their bread and butter IP. Rather, it's probably the reporting engine, policy engine, and the ability to glean so much information out of nothing but network data. Imagine if their technology had an agent to work with…how granular those policies can then get in terms of which applications are allowed to do which things, and how much detail would be in the reports! (Check out what the reporting interface looks like on Mobilisafe's site, and remember, this is all from watching network traffic).

So where does it fit with Citrix? Citrix Receiver, if they wanted, could report back everything anyone ever needed to know about the device that it's installed on. What they can't do with it is manage applications and their access to data when they fall outside of Citrix Receiver. So, imagine if Mobilisafe's policy and device information engine were brought in to work with the data provided by Citrix Receiver? Then, we're talking about massive insight into what apps users are using, how they access the data in the datacenter, and who they are. 

As for enforcing the policy (or collecting data on devices without the Citrix Receiver), Citrix already has devices on the edge of the network that can collect that information. Branch Repeater or Cloud Gateway could be modified to collect that information and enforce the policies. Then we can policy the users' access to that information without ever actually managing the device. That's the key, and that's why I think MAM is more interesting than MDM. Citrix + Mobilisafe could deliver that kind of technology as part of an overall "follow-me everything" kind of solution while still adding an element of security to the Wild West of consumer devices, especially if they took it another step further by including an enterprise app store in Citrix Receiver (which is almost certainly coming).

So what do you think? I went back and forth on this as I was planning, because maybe Citrix doesn't want to get into this space. They have Receiver, so maybe all they need to do is add the enterprise app store. In my mind, this would add another dimension by giving them a way to deal with native applications that the user installs, which could be an answer to Horizon Mobile from VMware. 


Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

@Gabe I don't think this would address at least my needs in the enterprise. The amount and how the policy needs to be applied needs to be more granular. I need policy on apps and data at rest and transport.

Getting greater insight if it can be tied into something a lot more comprehensive is potentially useful though and would be welcome.

However what leaves me struggling with most of solutions out here today is that they are either too heavy MDM, or like Good Dynamics require customizing apps. I'm ok to customize some apps, but the reality is its too much work, even if you try to use SDK approaches to reskin subset of features in existing apps.

So I think frameworks that can also secure native apps which seem to be lacking in focus are also a gap needed solutions.

This for sure is a space that is very early and I hope to see a lot more action here .


The thinking is that if Citrix adds an enterprise app store to Receiver, then they can have some oversight on the corporate apps running on the device. The ShareFile integration with Receiver gives them oversight on the corporate data. Mobilisafe would operate outside that to classify and policy things that Citrix can't with Receiver, although there would be no control over local data.

It does leave the whole "securing native apps" thing out, and you're right - the ones that are out there are immature.

This is one of those really interesting times in our space, and it'll be interesting to see it shake out. It's fun to throw ideas out there and see what people think, so thanks for commenting because that's the exact discussion I wanted to have.