Uniting the digital enterprise

Enterprise mobility management isn’t just for mobile devices and applications anymore.

mobile business
Thinkstock

It hasn’t been all that long since people first started using their own mobile devices for work. It was a big deal at the time, presenting a challenge for management and IT departments. How would they keep the network and data safe with employees introducing external mobile access points to IT infrastructures whose security is built on the assumption of a closed system? Denying employees their devices wasn’t an option — in part because top executives also wanted mobile access.

Now, mobile access is a given. What’s more, the tools and concepts developed to secure and enable mobile devices are now used for all devices connected to the network, including desktops. This in effect creates a single approach for deploying and managing access to software and data, and for provisioning systems. Today’s largely cloud-based enterprise mobility management (EMM) tools can perform those tasks securely and much more easily and cheaply than earlier systems could. That’s having a profound effect on business processes and the role of IT.

“BlackBerry doing email was the killer app” that started the mobile trend, says Ojas Rege, chief strategy officer at EMM vendor MobileIron. Rege breaks the timeline for enterprise mobility into three phases: “2009 was the starting point, when the first encrypted iPhone came out,” he says. “It was the first post-BlackBerry device, and IT knew nothing about it.” During this time, IT was in a reactionary mode, focused on getting email on iOS and Android devices in response to requests from employees and management. (BlackBerry, itself now a significant provider of EMM solutions, acquired EMM vendor Good Software in 2015.)

It was during that first stage that mobile device management (MDM) software came into play. MDM was a predecessor to EMM, and it was used primarily for administration of mobile devices in terms of security and user management. Today, an EMM suite typically includes MDM functionality along with systems for managing content, security, applications, carriers and containers.

“Some people thought mobile was just a passing fad,” says Paul Troisi, chief customer officer at mobility solutions provider Troy Mobility. “But the early adopters said no. They saw opportunities for employees to be more productive in the office. Within three to four years, those early adopters were saying, ‘Great! What’s next?’”

That sentiment ushered in the second mobility phase, which lasted from 2012 to 2015. People realized they could do more than just email on their devices: They could share files, use productivity apps or have meetings. At the enterprise level, users and IT experienced what Rege calls “little aha! moments” around the use mobile apps. For example, salespeople could present their collateral materials on tablets. “It wasn’t transformational,” Rege says, “just simple things that help drive the business.”

The third phase, which started last year, according to Rege, represents mobile going from a productivity-booster to a means of transforming the way businesses work. “The most important change was incorporating workflow with mobile,” he says. “That fundamentally changes the things I can do.” As an example, he cites retail, where every employee could use a mobile device to scan payment cards and bar codes, making stationary point-of-sale systems obsolete. That frees up store employees so they can have more face time with shoppers, and it makes for a better customer experience.

It’s still early in this third phase. “Companies are still trying to stitch together [mobile apps] with old-school processes,” says Troisi. “But we’re seeing more processes re-engineered to be mobile-first versus client-server.”

“What we’re seeing is a transition in emphasis to the lines of business,” says John Herrema, senior vice president of enterprise product management at BlackBerry. “[Executives] are asking, ‘What am I trying to accomplish with my business? How do I align with my partners?’” Those executives, he says, realize that they have “the fabric in place” to do more with their businesses.

By “fabric,” Herrema is referring to EMM platforms and the fact that businesses can count on their partners and customers to use mobile devices in their work. “In a B2B environment, all contractors, partners and extended enterprise workers have the same tools I do,” he says, “and that allows me to engage with them better.”

Mobile supplants desktop models

Once you start changing business processes to accommodate mobile applications, it no longer makes sense to have separate ways for securing mobile and desktop devices, or different processes for deploying, provisioning and managing software. The architectures of the leading mobile operating systems —Apple’s iOS, Google’s Android and Microsoft’s Windows 10 — have inherent advantages over their desktop-oriented counterparts in terms of security and software life-cycle management.

This trend influenced virtualization software vendor VMware’s decision to acquire the AirWatch EMM platform more than two years ago. Blake Brannon, VMware’s vice president of product marketing, recalls mobile’s transition from a messaging tool to its position in today’s IT landscape. “As the space matured, [companies asked] ‘What’s the difference between mobile and desktop?’ [EMM] delivers a unified solution that enables the digital workplace,” he says. “Software can be pushed out and updated for both mobile and desktop systems. You can only do that with EMM.”

A mobile applications stack and architecture applied across an entire IT infrastructure opens interesting possibilities. Security for architectures based on the traditional client-server model involves creating a system image that’s installed on a desktop or laptop so IT can lock computers down. That approach has proven to be easy to compromise.

In 2007, Apple changed that approach essentially by putting applications in a sandbox. All iOS applications had their own memory and storage, isolating them from the system and other applications. “Apple put a hard line between the operating system and applications,” says Rege. “It’s why traditional viruses don’t exist on iOS.” Apple’s approach also allows for system upgrades that don’t break applications.

Then, with the introduction of iOS 4 in 2010, Apple made some changes that paved the way for mobile to become more deeply entrenched in the enterprise: iOS 4 allowed the creation of cryptographic primitives that only a single service of high privilege could access. “This provided one single point of trust,” says Rege. “No app has the authority to take system-level action. Only IT can.”

Also built into iOS 4 was a mobile management framework. Apple’s decision not to build its own enterprise management server gave rise to the EMM market as other vendors stepped in. “That’s what created MobileIron,” says Rege. This model has since been adopted by both Google, in Android, and Microsoft, in Windows 10.

These characteristics of mobile architecture are IT-friendly, especially combined with a strong EMM platform. IT can minimize time spent on setting up and managing security concerns. “[EMM] provides a much lighter, more agile approach to security,” says Rege. “IT won’t have to touch the device as much.”

As mobile becomes more entrenched in the enterprise, it’s also having an effect on the way applications are built, particularly their user interfaces. Mobile apps are consumer-centric — typically single-purpose and highly intuitive to use. Applying those characteristics to enterprise software improves productivity, reduces training requirements and minimizes user resistance.

Enterprise software leader SAP has adopted this approach across its offerings. “Our focus is on making it simple for our customers to consume SAP content,” says Senthil Krishnapillai, global vice president and head of development for digital experience services at SAP. The company sells its own EMM product suite under the SAP Mobile Secure brand.

EMM also enables the consumer app model in terms of app delivery. Typically, users have access to a menu of secure, approved apps, from which they can select what they need for their work at will. If they use an app for both personal and professional use — Dropbox, for example — that app can be configured in the EMM platform to keep content separate. If a user leaves the company, IT can easily cut off access to work-related content while the user retains access to anything personal.

“We want to give the customer the best user experience,” says Krishnapillai. “Mobile is no longer limited to [mobile] technology. It’s made a pivot. Saying mobile is like saying everything.” SAP has built its technology stack and products so they can be consumed on mobile.

With EMM, there’s less hassle related to approval processes, data or software integration, provisioning, or configuring for things like connectivity. Nor does IT have to worry about training users. It’s all set up once, and users quickly teach themselves how to use the software. “Users are well educated, and they’re all accustomed to the mobile model,” says Rege.

The EMM model also enables IT to guard against bad user behavior. “Risky files or messages can be blacklisted in MobileIron,” says Rege. “If they are downloaded, the device is quarantined until the file is uninstalled.”

Despite their relative newness, EMM platforms are considered mature and stable. “Most EMM vendors have a robust ecosystem,” says Troisi. He also cites the AppConfig Community, a consortium of EMM providers that has established a standard approach to app configuration and management. This makes it easier for developers and IT administrators to implement and manage EMM deployments.

Most EMM vendors also have app stores where their customers can download tools that are ready to work with their platforms and vetted for security. SAP, for example, puts apps through a four-week scanning process for security issues. “Every app has an encrypted store, single sign-on — all the things you need to do to release the app,” says Krishnapillai. Those apps might be developed by SAP or a third party. Such app stores make it easy to find ready-made systems, relieving customers of the need to reinvent the wheel.

Self-service access to apps does present a challenge to IT, but it’s a manageable one. The key is having good criteria for evaluating which apps to make available. “The demand to build new proprietary applications and expose third-party applications through the [VMware] AirWatch platform continues to grow,” says Nicole O’Hagan, senior manager for digital security, operations and enterprise mobility as Australia’s ANZ Bank. “At ANZ, we assess new demand for mobility solutions against three key principles: Is the request technically feasible? Is it commercially viable? And will it offer a great customer or employee experience? If the answer is yes on all fronts, we will continue to invest in this space.”

1 2 Page 1
Page 1 of 2
SUBSCRIBE! Get the best of CIO delivered to your email inbox.