Uniting the digital enterprise

It hasn’t been all that long since people first started using their own mobile devices for work. It was a big deal at the time, presenting a challenge for management and IT departments. How would they keep the network and data safe with employees introducing external mobile access points to IT infrastructures whose security is built on the assumption of a closed system? Denying employees their devices wasn’t an option — in part because top executives also wanted mobile access.

Now, mobile access is a given. What’s more, the tools and concepts developed to secure and enable mobile devices are now used for all devices connected to the network, including desktops. This in effect creates a single approach for deploying and managing access to software and data, and for provisioning systems. Today’s largely cloud-based enterprise mobility management (EMM) tools can perform those tasks securely and much more easily and cheaply than earlier systems could. That’s having a profound effect on business processes and the role of IT.

“BlackBerry doing email was the killer app” that started the mobile trend, says Ojas Rege, chief strategy officer at EMM vendor MobileIron. Rege breaks the timeline for enterprise mobility into three phases: “2009 was the starting point, when the first encrypted iPhone came out,” he says. “It was the first post-BlackBerry device, and IT knew nothing about it.” During this time, IT was in a reactionary mode, focused on getting email on iOS and Android devices in response to requests from employees and management. (BlackBerry, itself now a significant provider of EMM solutions, acquired EMM vendor Good Software in 2015.)

It was during that first stage that mobile device management (MDM) software came into play. MDM was a predecessor to EMM, and it was used primarily for administration of mobile devices in terms of security and user management. Today, an EMM suite typically includes MDM functionality along with systems for managing content, security, applications, carriers and containers.

“Some people thought mobile was just a passing fad,” says Paul Troisi, chief customer officer at mobility solutions provider Troy Mobility. “But the early adopters said no. They saw opportunities for employees to be more productive in the office. Within three to four years, those early adopters were saying, ‘Great! What’s next?’”

That sentiment ushered in the second mobility phase, which lasted from 2012 to 2015. People realized they could do more than just email on their devices: They could share files, use productivity apps or have meetings. At the enterprise level, users and IT experienced what Rege calls “little aha! moments” around the use mobile apps. For example, salespeople could present their collateral materials on tablets. “It wasn’t transformational,” Rege says, “just simple things that help drive the business.”

The third phase, which started last year, according to Rege, represents mobile going from a productivity-booster to a means of transforming the way businesses work. “The most important change was incorporating workflow with mobile,” he says. “That fundamentally changes the things I can do.” As an example, he cites retail, where every employee could use a mobile device to scan payment cards and bar codes, making stationary point-of-sale systems obsolete. That frees up store employees so they can have more face time with shoppers, and it makes for a better customer experience.

It’s still early in this third phase. “Companies are still trying to stitch together [mobile apps] with old-school processes,” says Troisi. “But we’re seeing more processes re-engineered to be mobile-first versus client-server.”

“What we’re seeing is a transition in emphasis to the lines of business,” says John Herrema, senior vice president of enterprise product management at BlackBerry. “[Executives] are asking, ‘What am I trying to accomplish with my business? How do I align with my partners?’” Those executives, he says, realize that they have “the fabric in place” to do more with their businesses.

By “fabric,” Herrema is referring to EMM platforms and the fact that businesses can count on their partners and customers to use mobile devices in their work. “In a B2B environment, all contractors, partners and extended enterprise workers have the same tools I do,” he says, “and that allows me to engage with them better.”

Mobile supplants desktop models

Once you start changing business processes to accommodate mobile applications, it no longer makes sense to have separate ways for securing mobile and desktop devices, or different processes for deploying, provisioning and managing software. The architectures of the leading mobile operating systems —Apple’s iOS, Google’s Android and Microsoft’s Windows 10 — have inherent advantages over their desktop-oriented counterparts in terms of security and software life-cycle management.

This trend influenced virtualization software vendor VMware’s decision to acquire the AirWatch EMM platform more than two years ago. Blake Brannon, VMware’s vice president of product marketing, recalls mobile’s transition from a messaging tool to its position in today’s IT landscape. “As the space matured, [companies asked] ‘What’s the difference between mobile and desktop?’ [EMM] delivers a unified solution that enables the digital workplace,” he says. “Software can be pushed out and updated for both mobile and desktop systems. You can only do that with EMM.”

A mobile applications stack and architecture applied across an entire IT infrastructure opens interesting possibilities. Security for architectures based on the traditional client-server model involves creating a system image that’s installed on a desktop or laptop so IT can lock computers down. That approach has proven to be easy to compromise.

In 2007, Apple changed that approach essentially by putting applications in a sandbox. All iOS applications had their own memory and storage, isolating them from the system and other applications. “Apple put a hard line between the operating system and applications,” says Rege. “It’s why traditional viruses don’t exist on iOS.” Apple’s approach also allows for system upgrades that don’t break applications.

Then, with the introduction of iOS 4 in 2010, Apple made some changes that paved the way for mobile to become more deeply entrenched in the enterprise: iOS 4 allowed the creation of cryptographic primitives that only a single service of high privilege could access. “This provided one single point of trust,” says Rege. “No app has the authority to take system-level action. Only IT can.”

Also built into iOS 4 was a mobile management framework. Apple’s decision not to build its own enterprise management server gave rise to the EMM market as other vendors stepped in. “That’s what created MobileIron,” says Rege. This model has since been adopted by both Google, in Android, and Microsoft, in Windows 10.

These characteristics of mobile architecture are IT-friendly, especially combined with a strong EMM platform. IT can minimize time spent on setting up and managing security concerns. “[EMM] provides a much lighter, more agile approach to security,” says Rege. “IT won’t have to touch the device as much.”

As mobile becomes more entrenched in the enterprise, it’s also having an effect on the way applications are built, particularly their user interfaces. Mobile apps are consumer-centric — typically single-purpose and highly intuitive to use. Applying those characteristics to enterprise software improves productivity, reduces training requirements and minimizes user resistance.

Enterprise software leader SAP has adopted this approach across its offerings. “Our focus is on making it simple for our customers to consume SAP content,” says Senthil Krishnapillai, global vice president and head of development for digital experience services at SAP. The company sells its own EMM product suite under the SAP Mobile Secure brand.

EMM also enables the consumer app model in terms of app delivery. Typically, users have access to a menu of secure, approved apps, from which they can select what they need for their work at will. If they use an app for both personal and professional use — Dropbox, for example — that app can be configured in the EMM platform to keep content separate. If a user leaves the company, IT can easily cut off access to work-related content while the user retains access to anything personal.

“We want to give the customer the best user experience,” says Krishnapillai. “Mobile is no longer limited to [mobile] technology. It’s made a pivot. Saying mobile is like saying everything.” SAP has built its technology stack and products so they can be consumed on mobile.

With EMM, there’s less hassle related to approval processes, data or software integration, provisioning, or configuring for things like connectivity. Nor does IT have to worry about training users. It’s all set up once, and users quickly teach themselves how to use the software. “Users are well educated, and they’re all accustomed to the mobile model,” says Rege.

The EMM model also enables IT to guard against bad user behavior. “Risky files or messages can be blacklisted in MobileIron,” says Rege. “If they are downloaded, the device is quarantined until the file is uninstalled.”

Despite their relative newness, EMM platforms are considered mature and stable. “Most EMM vendors have a robust ecosystem,” says Troisi. He also cites the AppConfig Community, a consortium of EMM providers that has established a standard approach to app configuration and management. This makes it easier for developers and IT administrators to implement and manage EMM deployments.

Most EMM vendors also have app stores where their customers can download tools that are ready to work with their platforms and vetted for security. SAP, for example, puts apps through a four-week scanning process for security issues. “Every app has an encrypted store, single sign-on — all the things you need to do to release the app,” says Krishnapillai. Those apps might be developed by SAP or a third party. Such app stores make it easy to find ready-made systems, relieving customers of the need to reinvent the wheel.

Self-service access to apps does present a challenge to IT, but it’s a manageable one. The key is having good criteria for evaluating which apps to make available. “The demand to build new proprietary applications and expose third-party applications through the [VMware] AirWatch platform continues to grow,” says Nicole O’Hagan, senior manager for digital security, operations and enterprise mobility as Australia’s ANZ Bank. “At ANZ, we assess new demand for mobility solutions against three key principles: Is the request technically feasible? Is it commercially viable? And will it offer a great customer or employee experience? If the answer is yes on all fronts, we will continue to invest in this space.”

All this translates to lower total cost of ownership for managing enterprise software and users. Rege estimates that the mobile model costs about 80 percent less than the desktop PC management model. “With user self-service,” he says, “the load on IT is dramatically lower.”

“We want to do what we did for mobile on the desktop. The traditional way of PC management is horrible,” says VMware’s Brannon. He estimates that it costs a company $100 to $150 to set up a single desktop PC — a process that involves installing a system image, layering in security, installing antivirus software and so on. “With EMM, one [employee] can support tens of thousands of devices,” he says.

EMM will set IT free

What will IT do with all that free time? The consensus is that it should build apps, delivered through an EMM platform, that solve problems or boost productivity. In essence, that means adding value instead of spending time on tasks that contribute to overhead costs.

The biggest challenge is making apps intuitive to use, but that’s the kind of challenge that most IT developers would welcome. Indeed, at SAP, Krishnapillai says, “our developers love to build apps and distribute to their peers.” These apps might simply disseminate news about SAP internally or help arrange carpools, but developers can distribute and vet them through the EMM platform without negatively affecting the business as long as they follow certain policies and protocols.

“Customers customize [applications] to the nth degree,” says Krishnapillai. “We have enabled our customers to customize the user interface [and extend the business logic].” Customization has allowed companies to fine-tune enterprise applications to their purposes, but often at the price of creating problems during upgrades or when integrating with other applications. Confining that customization with proper extensions leaves the core code intact while achieving the same benefits.

Transformation requires a strategy

Changing or improving workflow requires a strategy that leverages what mobile can bring to both the business and IT. Most companies have yet to adopt such a strategy, according to Rege. “If you ask if a company has a mobile strategy, all will say yes, but most are still just doing email,” he says.

Creating a successful mobile strategy requires executive buy-in and a sponsor, probably a line-of-business manager. “Someone has to say, ‘I can gain a competitive advantage if I can reinvent this process,’” says Rege. The strategy also needs to account for the IT competencies required. Specifically, the IT team needs to understand the security and application stack for the iOS, Android and Windows 10 architectures. Companies that have high security requirements or are heavily regulated will need to have a clear understanding of what it will take for their mobile applications to be in compliance.

Execution of a strategy often requires collaboration among multiple internal — and sometimes external — groups. “Mobility is not something that one team can own,” says ANZ’s O’Hagan. “The success that we have had to date in the rollout — which will continue into mid next year — is the combined efforts of a number of people from across technology teams.” She says the initiative includes people who specialize in infrastructure, platform management, architecture, security, human resources (the executive sponsors), group communications, digital business and consumer digital delivery, as well as AirWatch.

O’Hagan recommends a divide-and-conquer approach. “Breaking the project into smaller more manageable components and then delivering those components as one team has allowed us to face what started as a difficult challenge with relative ease,” she says.

All aboard

Every stakeholder needs to know the ultimate goals of the project. “Give us a success statement and tie it to tangible results,” says Troisi. He also likes to see a maturity assessment that describes what the final deployment will look like. Such an assessment would, for example, describe a security policy, whether the rollout is global or local, whether there will be a dedicated mobile help desk and whether there will be a center of excellence around mobility.

Another key decision is whether to deploy EMM as a cloud-based, on-premises or hybrid system. Cloud-based EMM implementations are the most common, according to vendors. On-premises deployments tend to be favored by security-conscious organizations, such as financial institutions or government agencies.

Hybrid setups are usually the result of a compromise. “In our conversations [with clients] around hybrid cloud, we see auto updates [of the apps and data] done in the cloud, and client access controls taking place on-premises,” says Troisi. This approach keeps access control behind the company’s firewall while taking advantage of EMM’s capability to manage apps.

All EMM providers have cloud-based offerings, which makes it easy for companies to evaluate them before making a purchase decision. “The cloud reduces the time for customers to evaluate solutions,” says Krishnapillai. They can test each EMM solution depending on what they want in terms of capabilities and security.

Whether in the cloud or on-premises, EMM deployments are relatively fast and less stressful than most enterprisewide projects. “[Time to deploy] varies more due to the culture of the enterprise than its type or size,” says Herrema. “Some of our largest customers have deployed solutions going from zero to 100,000 users in a six-month period. I’ve seen others take that long to get to 500 users.” A company’s attitude toward risk and processes for establishing requirements and policies are key determinants for how long an EMM deployment will take.

Beyond mobile and desktop devices

When you ask experts what other types of systems might benefit from the EMM model in terms of security, connectivity and provisioning services and software, the answer is the internet of things. “EMM is just as relevant to an X-ray machine or a connected car as it is to a smartphone,” says Rege.

Troisi says another “overwhelming trend” affecting EMM adoption is the rise in the number of organizations that are embracing cloud computing. Apps are rapidly supplanting browsers as the preferred means of accessing cloud-based platforms, and companies want to ensure that app-based access is confidential and secure. EMM systems provide a single point from which IT can set policies and manage access, regardless of what kinds of devices employees are using.

Brannon says that EMM can also enable the digitization of manual processes. Take the example of processing a paper form. Converting a form to a digital file is easy, but creating a process that uses digital forms is not. “EMM enables the use case to switch from a manual to digital process,” he says. “You need EMM to manage the scale of it.”

BlackBerry’s Herrema says that use of EMM systems can enable an organization to truly become an extended enterprise. With EMM, he says, “internal employees can take advantage of mobility and then extend the right apps and processes to external stakeholders. EMM provides one infrastructure you can count on for all partners and customers.”

Michael Nadeau is an analyst and writer in New Hampshire.