The IT world is moving faster than ever. “Enterprise Mobility” is one of the biggest impacts for 2013 that we see today. IDC predicts 50 times more traffic through smartphones in the coming two years and 10 billion mobile devices by 2016. At the end of this decade they expect that one third of all internal enterprise IT services are replaced by cloud services.

A fact is that this journey started already some time ago. Today many business users have a better sense of what consumer products and services are feasible. Especially the younger generations demand that IT adapts these products and services to use in the enterprise. Business users want to use their iphones and ipads. As the momentum for change is with them, IT cannot longer resist!

Bring your own…

We see today two major paradigm shifts in IT. The first is “Bring your own”. Independent of the legal situation the IT world is out of control. Users already “bring their own” – Devices, Apps and Data – for the last two years. This simple fact is changing the world because it is impossible to reverse it. The situation is impossible to ignore, especially if the demanding business users have to be considered in a modern service provider role, as the customer of the IT department. This fact creates a huge problem. IT has to deal with IPADs, Android phones and Dropbox solutions. Business users forward their corporate emails to private email accounts to use them on their mobile devices. End of last year there was an event around Mobile Device Management organized by the Amcham in Luxembourg. Many participants have been busy during the event working on their mobile devices to take notes or answer business emails. They weren’t attending the event for private reasons! Ignoring or denying the existence of Enterprise Mobility is not sufficient strategy anymore.

The 2nd paradigm shift is cloud services. Building and consuming new cloud services becomes too easy. Many business users can do it and started to do it. They bypass IT by subscribing to a cloud service. It might be hard to believe but it happens daily: Dropbox, Office365, Facebook… Most companies have a Facebook page today. In most cases this is a marketing project where IT is not involved. The IT management impact is noticed months later. Modern desktop operating systems and business applications are closely linked to facebook. If business users wanted to run their own parallel IT, in the past they needed to find massive hardware budgets to do so. Today solutions like Amazon Cloud or Microsoft Azure provide easy access. Technically business users could do everything on their own with one single click, if they wanted to bypass IT.

Mobile? Security is key!

The first question is, what did IT miss initially because IT and the entire IT industry did not have a valid solution when the demand was there? The basic question two years ago was: How do I get a secure access to corporate emails, contacts and calendar on any kind of mobile device? In the last couple of years some niche players in the IT industry started to address this question that came suddenly out of the blue. Gartner recognized it a year ago and did build a magic quadrant around it. In the upper right corner we could find only 5 startups with names like Good Technologies, Mobile Iron or Zenprise known in Luxembourg. Now, this is where it started and it explained the initial need, but it is not where it ends! If a device is used for business purposes then it was logical that it could not only provide access to emails, contacts and calendar, but it should also provide access to other corporate applications and data!

In the context of Enterprise Mobility the industry invented the BYOD (Bring your own Device) approach. BYOD is by no means an IT project. Such a project is much more ambitious than even the industry who invented it could imagine. Beside IT and IT security – the lines of business, HR, Legal and many other departments would have to be involved in such a project. Things like the reimbursement approach, the service desk for broken private devices or legal aspects like tax issues if an employee is using his private device for business purposes outside Luxembourg, are often killing real BYOD projects during the assessment phase. The advice is to stay away from real BYOD and look for an hybrid model where corporate provides the device but accepts that the user does use it for private purposes. This often is the way to an improved end-user satisfaction and an improvement in their job. A structured Mobility Policy is mandatory for such an Enterprise Mobility project. There are plenty of frameworks to develop such a policy. The context would blow this article but things like handling of lost and stolen devices or antivirus responsibility are defined in this policy.

Now let’s have a look at the different kinds of apps that are used on mobile devices. First of all we have classical Windows apps. These are corporate apps that can run securely in the corporate datacenter or even offline on the mobile device, if the mobile device supports this kind of applications. Secondary we have web apps. These are applications like salesforce, yammer or SharePoint that need basically a secure Internet browser on the mobile device. Finally we have native mobile applications. These applications run on the mobile device and might need access to backend applications in the datacenter or corporate data. Corporate applications are mixed with non-corporate applications in a totally insecure context.

Next we take a look at the two existing basic MDM approaches. First there is the device approach. This approach comes from the past. It was used to secure notebooks for traveling users. With a lot of efforts and costs notebooks with business data and business applications have been fully encrypted and locked down to prevent data leakage, if the device was outside the secure corporate environment. Locking down the end device is very limited – especially on mobile devices, which are never fully under corporate control, it often becomes a nightmare to fully secure and control them.

Finally we have the application approach: Here the app becomes the endpoint and not the device! The device is considered as insecure as the Internet. Obviously policies can prevent access, if the device is not updated with an antivirus or the device is jail-broken, but these are just additional management features. By design it has to be accepted that the device is insecure! If the abstraction that the app becomes the endpoint is accepted, things suddenly become much easier and also more secure, because the application management is now able to fix the overall problem. This approach was introduced with what was called “Secure Container” Model.

Enterprise Mobility, the new MDM

Lets take a look at the MDM market. Some of the companies that invented that market have already been mentioned earlier in this article. Good Technologies did consider themselves as the market leader. Good was very strong initially when a container based approach was required for emails, contacts and calendar to replace BlackBerry services, while companies started to recognize iPhones in a corporate IT. Good supports Notes and Exchange and has more than 4000 Enterprise customers. They just took over AppCentral who owns a cloud based, customized app storefront. Mobile Iron is another player that is very strong in Luxembourg. Different partners push them on the local market. They are strong on the MDM part but weak when it comes to a solid container approach. They have been ignoring that part for a long time and are now just starting with the basics in that direction. Zenprise is another player. They had a very similar offering to Mobile Iron. Gardner saw them in the upper right corner as the company with the most complete vision. The focus of Zenprise was primarity the mobile device management part where they probably had the most complete offering. They very recently did introduce container technology in the version 2.0.

Horizon and GoldenGate

As MDM became one of the most interesting markets for 2013, many big IT companies without a real offering are currently looking at taking over these niche players. Companies like IBM or DELL are expected to announce acquisitions in the near future. VMware is working on their ambitious Horizon platform that is currently still more a promise than a real offering.

One of the most impressive players in the application delivery market is Citrix. Citrix did show the first container based email application (code name “GoldenGate”) in the MDM scope in Berlin more than 2 years ago. Their own Enterprise Mobility platform is on the market since 6 month. The Citrix approach benefits from their application delivery solution that has been operating for ages and is very mature. By simply extending this platform with a container based approach they can keep up to their promise to deliver any application, anywhere and to any device.

The clever strategy that Citrix did invented already years ago becomes clear by analyzing the development of Citrix Receiver. It is available on the broadest range of desktops, laptops, tablets and smartphones. It was first developed with the vision of an Enterprise appstore in mind. Receiver became the “virtual device” on any platform. It has the same look and feel on each device. A Windows application like Excel runs securely online in the datacenter and smooth rooming allows the user to access it seamlessly from a PC, move it over in the actual state to an IPAD and further to a Samsung phone. On X86 PCs, Notebooks or tablets the application can even run offline while the device has no network connectivity. Webapps, the 2nd application category runs on pure mobile devices in a secure bowser called “@workweb”. This allows secure access to applications like Salesforce or SharePoint. Here Citrix uses the known secure container approach. A native mobile app called “@workmail” offers in the same way secure access to emails, contacts and calendar. Tasks and Notes are on the roadmap for this quarter. Every MDM provider that comes with a container-based solution offers a fully encrypted, isolated container for each mobile app. This isolated app connects to the datacenter via a Micro VPN. In the Citrix case RSA soft tokens are implemented and managed in the receiver. StoreFront- and Gateway services are combined in CloudGateway. A corporate mobile application that is installed on a mobile device via the Citrix receiver has exactly the same look and feel as any other mobile application, as it uses the native mobile APIs. The same look of the corporate and private email application leads to a high end-user satisfaction. The solution does not only offer container apps, but via an extension called Sharefile it also offers “follow me data” and “enterprise dropbox” functionalities.

To prepare mobile apps and offer them container based via the corporate appstore an app preparation process is required. The app gets a special treatment via an app preparation tool. After uploading the prepared app to CloudGateway it becomes available as a secure, managed app and can be downloaded by the end user via the receiver.

Citrix was missing the entire management of the devices. For most companies, this is initially not the most important issue. A mobile device should be stateless by design. If an end-user has an issue with his device the cheapest solution is to replace it with a fresh device. With a growing number of devices, device management can become a nightmare.

The big news is that Citrix acquired Zenprise for 355 Mio $ in December. It enhances the Citrix offering with one of the most competitive device management solutions on the market. The joined offering is called Xen-Mobile. The result is clearly a leading player in a new and matured MDM market.

The 2nd strength of Citrix is their close relationship with Microsoft. Today most business applications are today running on Windows. Citrix opens this entire portfolio to the mobile world with the full support from Microsoft. Since the release of Windows 8 the receiver is available with full touch screen support on all new Windows devices. It is jointly developed with Microsoft in Redmond and it is bundled with any Windows RT device or downloadable by the Windows store.

By Michael Mossal
michael@mossal.eu
Independent columnist for ITnation