Enterprise App-etite
November 9, 2011
M1, our first MobileIron user conference, was last month. One of the most popular sessions was the M1 App Contest, at which attendees presented the best internal mobile apps their companies had deployed, while the audience voted over SMS on potential business impact. “American Idol” for mobile enterprise apps, if you will. There was a ton of variety in the submissions, from mobile apps for catching criminals, to making coal mining safer, to designing trucks on the fly.
This is the tipping point, when mobile becomes a true computing platform instead of just an easier way to get email. But it is a fundamental mindset shift for both IT and user to conclude that mobile should be the primary interaction point for the most important business processes. Users believe this implicitly and will gravitate toward well-designed mobile apps. Now the more forward-thinking IT teams are also starting to view this shift as feasible in the near-term vs. only in a “who-knows-when” future. This moves the mobile apps program in a company from a hobby or interesting side-project to a strategic investment.
Another discussion at M1 was how to leverage the broad set of apps already available in the commercial app stores and markets. There is no need to reinvent what has already been built. The most common interest was in collaboration, from information and document sharing to enterprise social networking. Box (with whom MobileIron also has a promotion running currently) was a solution that came up frequently, and the corresponding discussion reinforced my view of the role of MDM in this shift toward apps.
MDM is the enabler for the cool stuff. Done right, it paves the way for companies to more rapidly adopt mobile as their core computing platform. MDM lets IT whet the enterprise “app-etite” easily and securely and sets the stage for the new world, when mobile becomes each user’s primary window into his or her enterprise.
Can’t wait to see what folks come up with for next year’s App Contest!
The Escalating Arms Race of the Captive Browser
September 12, 2011
Someone asked me today whether a captive browser might be a good way to give their users secure web access on iOS. Sounds good on paper but the reality is more complicated. Let’s look at the sequence of events that follow:
- IT decides VPN plus Safari is not secure enough on iOS because the user can turn off VPN
- IT mandates that all users must use a 3rd party captive browser for web access
- However, users love the Safari experience and keep using Safari
- IT turns off Safari on each iOS device in response
- Users go to the App Store and download Opera, Skyfire, or another browser they like
- IT turns off the App Store on each device in response
- Users unenroll from the iOS MDM profile
- Users once again have access to Safari, but now on unmanaged and unsecured devices
This is an example of the well-intentioned user being forced to go rogue. Security policy that damages mobile user experience will encourage even the best-intentioned user to look for ways to bypass. In the best case, you have unhappy and less productive users. In the worst case, you have devices that are less secure than even where you started.
I’ve seen this not only with captive browser mandates but also email sandboxes and heavy lockdown security models for mobile.
This same escalating arms race between user and IT happened in the Wi-Fi world. Not too long ago, enterprises weren’t deploying Wi-Fi infrastructure because it wasn’t 100% secure yet. But users wanted Wi-Fi. They started bringing their own access points from home and broadcasting completely unsecured network access out into the company parking lot. So the desire to eliminate Wi-Fi risk ended up increasing Wi-Fi risk.
Unfortunately, a security policy that is not sustainable is also not secure. And the surest way to reduce sustainability is to compromise user experience. How will your users respond to a captive browser? Will it meet their needs? If not, what will they do and how will you react? If the reactions are likely to escalate then you may end up with a security reality worse than your starting point.
Is Mobile Security Sustainable?
June 13, 2011
(Thanks to Aman Kumar for putting structure around these ideas)
Half the products in my garage and pantry at home now claim to be “green” and “clean” and “sustainable.” Is it true? I hope so. Am I susceptible to marketing? Clearly.
Last week, I had a very interesting conversation about a different kind of sustainability with Craig Shumard and Serge Beaulieu, who headed up information security at CIGNA for the past several years. Craig was Chief Information Security Officer and Serge was Director Technical Security Strategy for the company.
They brought up the notion of “sustainable risk management” for enterprise mobility.
Traditionally, every corporate IT organization carefully assesses its information risks and then clamps down hard and as completely as possible on those it is not willing to bear.
What happens in the mobile world? The approach is similar but the pace of change in mobile is so rapid, that another variable becomes fundamental in the development of mobile risk policy: sustainability.
Sustainability is deceptively easy to quantify and measure: in X months from now, is technique or policy Y still appropriate, effective, and respected?
A completely sustainable policy would be adopted immediately, be relevant indefinitely, and never be circumvented.
In mobile, we see some hard and fast policies being applied. But many times they quickly break, because they are not sustainable for a myriad of reasons:
- Users don’t see the benefit or necessity (e.g. third-party email apps)
- Users can’t easily understand or remember the policy (e.g. long list of forbidden apps)
- User requirements are far ahead of IT readiness (e.g. no smartphone allowed other than Blackberry)
- Social norms have changed (e.g. no social networking during work)
- User can’t get the value they expect from mobile (e.g. no apps, no browser, many features locked down)
The more enterprise security compromises the mobile user experience, the less sustainable is the underlying policy.
Or to put it a different way, as a CIO in the Federal system told us when he visited MobileIron: “The more the CIO says ‘no’, the less secure the organization becomes.”
Sustainability is influenced by technical trends, social norms, and human nature. End-users will do what they need to do in order to get their job done. If security policy stands in the way, they will find a way to circumvent it. And in mobile, where user experience is paramount, the little annoyances users may have been willing to put up with on the desktop now become major frustrations they are unwilling to accept.
An unsustainable policy will be expensive and onerous to maintain, will change often, will demand exceptions, and will eventually fail.
So the challenge is: How do I develop a sustainable AND effective mobile security policy? In my experience, in these early days of enterprise mobility, many organizations have been spending a lot of time implementing what feels effective but far too little time designing what will be sustainable.
Ask yourself:
- Am I starting with the mobile user experience and then defining security policy?
- Or am I starting with the security policy and then defining mobile user experience?
If the answer is #2, there is a good chance sustainability will become a painful exercise in the near future.
Mobile Hospitality
June 10, 2011
There’s Southern hospitality and there’s Mobile hospitality. One means nice people and good food, the other means … nice people and good food. I had an interesting conversation today with one of the publications covering the Hospitality market. We were taking about whether security issues for mobile were different or consistent between Hospitality and other industries.
There are at least three categories of unique mobile apps in the Hospitality industry, with the basic goals of:
- Maintaining the property (e.g. room cleaning or service ticket mgmt)
- Keeping the guest moving (e.g. point of sale in restaurant or pool; line busting at check-in or check-out)
- Enhancing the guest experience (e.g. concierge kiosk; mobile guide)
The big security advantage in Hospitality is that these apps are generally within the four walls. Wi-Fi is the transport of choice and if the property already has secure connectivity infrastructure then data in motion is not an issue. Configure Wi-Fi and VPN remotely through your management platform, secure with certs if you need, and you are ready to go.
Data at rest is always a consideration, but this is where app design comes into play. Sensitive data stays on the server while less sensitive data and all UI interactions are managed locally in the native app. With reliable high-speed WLAN connectivity and minimal dependency on the operator network, the app performance will be acceptable without incurring additional data risk.
So, with secure Wi-Fi and good app design, Hospitality can overcome many of the security hurdles other industries face. There is still the danger of misuse and loss/theft, perhaps greater than in other industries but, here again, good app design will limit exposure.
Keep your eye especially on the Las Vegas hotels. Many are on the leading edge here and when mobile technology becomes as prevalent as neon in Vegas, we’ll know Mobile Hospitality has arrived.
Additional notes: After I wrote the first version of this, I got some great feedback from Alistair Mutch about possible mobile use cases:
- Real-time translation apps to help serve int’l guests
- Higher accuracy in table-side ordering
- Single device replacement of walkie-talkies and pagers
- “Bring your own device” for temporary staff – reduce cost without impacting efficiency
- … and my favorite – guest’s mobile device as on-property loyalty card – with discounts, promos, guidebooks for their experience, all provided within a mobile app
New Wave of Enterprise Application Deployments – Secure Android and iOS Apps
April 13, 2011
We recently met with a leading global retailer around their need to build a public and private enterprise mobile application strategy. Beyond the need to securely manage multi-OS application rollouts, policies and updates what struck me as interesting was the sheer diversity. To work within their supply chain they need a warehousing tablet app for matching manufacturer samples. To have the latest catalog at the store counters, they will develop a web-based catalog again using a tablet at the point of sale to replace paper copies. And, to manage their growing online shopper base, a new customer relationship (CRM) database application is underway including buying habit customization to meet the needs of clients with personal shoppers.
Yes, mobile applications are everywhere! I use them for business travel, sporting events, retailer coupons, managing my 401k, overseas Internet telephony, prospect web conferencing, customer CRM and even departmental applications like marketing automation. The average smartphone owner spends more than 650 minutes a month using apps – no wonder my kids tell me to put down the ^*!@$ on weekends. That is more time spent with apps than spent talking on a device or using it to browse the Web.
Mobility is no longer about OS preferences, what matters most going forward are secure public and private Mobile Applications. Millions of business professionals use smart devices because always-on application connectivity is a huge productivity boost. And the OS vendors are quickly catching on. For example, late last year relative new-comer Windows Phone 7 quietly reached 5,000 apps and will quickly double in 2011. Impressive but still trailing Android and iOS. The average Android and iOS user depends on 15 applications each month, BlackBerry users about 8 applications each month.
Third-party developers are also publishing enterprise applications for more than one platform. And there is no right (write?) or wrong way to enable these applications. Analyst firm Gartner went on record lately advising customers that “no organization should standardize wholly on either native or Web applications.” The analyst outfit also encourages IT groups to establish guidelines to assist mobile architects and business users in choosing the most appropriate architecture.
Organizations will always want to manage public and private mobile applications — with the same level of control, security, and compliance monitoring they enjoyed in previous generations of computing. What’s changed is that many leading organizations are taking a “trust and verify” model that gives IT control while opening up new application and device “greenfields” to the users. MobileIron’s CEO Bob Tinker highlighted the latest user trend of allowing employees to “Bring Your Own Devices (BYOD)” with Bloomberg last week. Since these devices are now dual-purpose personal/business computers users should not be forced to work with locked-down applications and essentially useless smartphones and tablets on the job. And, using an intelligent MDM solution ensures business IT will not simply have to open the flood gates and accept an application free-for-all.
Everyone wins.
100 years later, Unified Computing is here again …
February 14, 2011
100 years ago a small computing outfit named Computing Tabulation Recording Company operated in a small town near New York City. 13 years later the firm rebranded itself to International Business Machines and later named IBM – now with 400,000+ employees. Like many large enterprises, IBM not only develops the next generation of computing but its employees use powerful mobile computers of their very own – Smart Devices. Moore’s Law changed IBM’s computing paradigm and put powerful smart devices into 100’s of millions of business user’s hands. These modern computing smart devices now outpace traditional computer deployments in many large enterprises and deliver 1,000% or more application and data processing horsepower than computers produced only 10 years ago.
And, a funny thing happened on the road to this next generation of computing. Businesses are eager again to centrally and securely manage this wave of employee computing mobility, applications and data. IBM addressed this need for generations of computing with a secure and centralized computing approach. But, computing had far fewer IT and user variables vs. today’s mobile computers. The mounting cascade of user’s mobile application and data consumption through today’s generation of smart device, phone and tablet computers presents a very tangible cost and added complexity for IT. Many of our customers ask us “How do I manage this wide range of Android, iOS, Windows and BlackBerry smart devices?” And, taking a cue from what Enterprises want across nearly every industry, the solution has businesses delivering a centralized management security model that meets staffer’s needs for managing these computers.
IBM changed the computing game years ago through client/application integration with a centralized computing back end. Mobile device management is embracing the same model but with a twist. Departmental level applications and a growing variety of device OS, device model, operator, data plans and end user self governance make a new intelligent mobile management paradigm essential. Just as IBM led the market for computing innovation, customers today are learning that competitors trying to repurpose existing architectures or reposition adjacent products will rarely be successful e.g. repurposing wireless LAN controller management. Instead, a new architecture is required to leverage the smart device’s native advanced computing capabilities and provide IT management and visibility.
The multivendor computing ecosystem IBM built was impressive but perhaps too soon for its time. Today, smart device mobile computing is ready for unified management and already quickly moving down the highway IBM first built 100 years ago.
Gretzky on Mobile Security
November 21, 2010
“You miss 100% of the shots you don’t take.” Wayne Gretzky
I grew up in Canada, which means hockey was #1, #2, and #4 on the priority list (#3 was eating, #5 was sleeping). Wayne Gretzky wasn’t talking about enterprise mobility, of course, when he said the above line, but he could have been.
Too often, security is an excuse for not innovating. Up until about 18 months ago, the easy answer when someone in your company wanted to use a new smartphones or go mobile with enterprise apps was “no”. As one of my favorite analysts said a few months ago, if you want the world’s most secure smartphone, take out the SIM, put it in your filing cabinet, and lock it. Fantastic security. Zero productivity.
Lots of us in the industry talk about mobile security – how it is advancing, and how companies can legitimately “go mobile” without sacrificing enterprise data. While it’s true we’ve come a long way, there is an elephant in the room that needs to be recognized: Mobile will not be as secure as the desktop.
Or let me rephrase. If you focus on restrictive lockdown in an attempt to make mobile as secure as the desktop, you don’t have a mobile strategy. You have a desktop strategy on a smaller screen.
Should the focus of IT be prevention or productivity? Of course both are important, but which is primary? That is an important distinction because the decisions you make will be fundamentally different.
So let’s accept the fact that if I want to leverage the innovation and productivity of mobility, I am going to HAVE to deal with a different risk profile than I’m used to. So instead of trying to force fit desktop security onto mobile, which either doesn’t work technically across devices or isn’t accepted behaviorally by users, start with the productivity goals.
- What is the value of mobility to my users?
- How will it let them do their jobs better?
- How will it increase their satisfaction?
- How will it give me business advantage?
And then put in place reasonable protections and policies that give you confidence while achieving the goal of smarter tools for a smarter workforce. Back to hockey, you can’t score that goal without taking a great shot. Being bounded by traditional approaches while your employees race past you is a recipe for IT obsolescence.
On the Road Again
November 8, 2010
I’ve recently returned from a weeklong trip to Europe, highlighted by our annual MobileIron Partner Summit. Over the course of the trip I came to a sobering personal realization: My name is Sean and I am addicted to apps.
As I often do when I travel, I took my iPhone with me. Normally, I leave international data roaming turned off, but this trip I found myself using mobile data more than ever while abroad because using apps on my iPhone has become a critical part of my day-to-day life. In Germany, I was forced to confront just how dependent I had become. I decided to walk from my hotel to a meeting about a mile away. In an effort to be cost conscious, I obtained the directions to my meeting using my iPhone over the hotel’s free Wi-Fi, then turned off the data connection and left the hotel. This would work brilliantly I thought.
En route, I periodically opened my iPhone and used Google Maps’ cached data to ensure I was on the correct course. However, about halfway to my meeting, I accidentally clicked a button that sent my once-clear directions into oblivion. The cached map data was still there, but I no longer had the helpful purple line showing me where to go. What was I to do?
Reluctantly, I turned on international roaming on my phone to re-obtain the walking directions. While cost was a concern, I couldn’t avoid the thought: ” Am I so lame that I can’t remember a simple set of directions? Am I this dependent on my phone now? What would have I done a few short years ago when I didn’t have a smartphone?”
In short, yes, I am that dependent on my phone and my apps. A bad sense of direction has left me at the mercy of Google Maps and Mapquest (free, voice guided, turn-by-turn directions!) not only when I travel but even when I’m at home going to new destinations. I travel a fair amount for work and I often find myself turning to Yelp! on my phone when I need a suggestion on where to eat. LinkedIn is my app of choice before or after meetings so I can get background on who I’m having discussions with. And Genius Scan is always by my side, taking a digital record of all my expenses, in case I ever lose hard copies of receipts.
My experience with apps has made me wonder about what the future will be as more enterprises turn toward mobile applications to improve productivity. At our Partner Summit, I asked our partners from across Europe how many had customers who were actively developing applications. While there were few large scale efforts, applications were a top-of-mind concern across our partners’ customer base. My view is that as more enterprise applications are developed within organizations their use will become as intertwined with daily business life as commercial apps are today. Think of it this way: Why would I ever leverage Oracle or SAP to enter in sales call data if I have a purpose-built micro application that I can use immediately after a call, that is easier to use and whose use is targeted toward that process?
This trend is only positive for enterprises. As we’ve seen from customers like RehabCare, mobile applications have the potential to truly streamline and transform the way organizations do business. That said, enterprises will need to change their focus and think about mobility and mobile security more broadly. Today, e-mail has been the primary focus, however, with applications, the scope for protecting data-at-rest expands, transport-layer concerns move from e-mail synchronization to VPN, and there are the open questions on how end-users will discover, deploy and maintain apps on their device. As they move forward with mobile technologies, organizations will need to consider applications in order to take advantage of the true benefits posed by enterprise mobility and then they need to figure out how to manage and secure them.
The Enterprise Smartphone is Dead
October 17, 2010
Today, I was watching my son trying to figure out why touching the screen on a BlackBerry Bold does nothing.
Last week, I saw a fantastic presentation from the most innovative IT organization in pharma talking about never building another enterprise app … instead building consumer apps for employees to use.
The week before, at CTIA, I saw some new Android “enterprise-class” phones and couldn’t help but think that design by committee never works.
Sure, there have been a ton of articles written about the consumerization of mobility and IT in general, in the enterprise. But it did strike me that many of us have been looking at this trend through an inverted lens.
The IT organization in most companies is still adamant about trying to put in place policies and restrictions to make smartphones and tablets feel more like laptops, at least from a security and management perspective. This is very understandable because the consequences of security failure are high and so we’re trying to keep the enterprise smartphone alive. But we can’t resuscitate the dead (employees don’t want to use the “old-gen” devices) so we’re dressing up the newcomers to look like the predictable and known.
But it’s no longer about IT. It’s about the user. And that user – that person - is a consumer 24 hours a day. Sometimes they consume personal services, and sometimes professional, but their expectations are equivalent for both.
There will be no more enterprise smartphones or tablets. There will only be fantastic consumer experiences that can be configured securely. So “enterprise” becomes a configuration option, not a design constraint. If I don’t want to use a particular phone or tablet on the weekend, I also don’t want to use it during the week.
Instead of IT telling me “Here is the device you will use for wireless email“, I will now ask IT “How will you give me a mobile work experience I love?”
Command-and-control will fracture and move to cooperation. The enterprise risk increases, without a doubt, but so does the value. That’s a scary equation for most companies because it feels uncertain. But it is inevitable and I’ll write in an upcoming blog about how some IT teams are taking on this challenge one step at a time.
My iPad Experiment
August 31, 2010
A funny moment happened to me while traveling in the UK a few weeks back. I was at a bar and had my iPad out to catch up on e-mail which piled up during my trip. Two gentlemen sat down next to me. One had an iPhone and was reading something on it. One gentleman looked at me, then to the other with the iPhone and said, “You know, his is bigger”.
It’s true that many view the iPad as a much bigger version of the iPhone and iPod Touch. However, its capabilities extend beyond what one might think of with the iPad’s smaller cousins. For instance, a colleague of mine, who travels at least a week out of every month, has begun an experiment to see if he can use his iPad as his primary device instead of his laptop. I’m not sure if I’m personally ready to cut the cord completely from my own laptop, but there are definitely cases where my iPad can fill some business critical roles:
- E-mail: I’ve got my iPad hooked up to Exchange and have found it to be the ultimate tool for catching up on e-mail while on the road. The larger screen real estate makes it easier to scan through long e-mails and, when in landscape mode, I find that I can type responses almost as quickly as on my laptop. Would I want to write a 30 page essay? Probably not without a real keyboard. But, e-mails aren’t the place for long diatribes anyway.
- Content Consumption: The mobility world is consistently changing, so it’s important to keep up with the latest events. The iPad is tremendous for reading everything from Requests for Proposal (RFPs) and other corporate docs to articles from the web. And while this point is often made, I find the form factor of the iPad to be one of its most powerful features: While I can read on my laptop, the iPad is easier as I can lie down with it on a couch and actually read in portrait mode like I’m viewing a magazine.
- Apps: The last time I checked on my iPad, there were over 700 apps available in the “Business” category of the App Store. Many of these apps are great; I routinely use the WebEx app while on the road and have found it really powerful to use the iPad as a simple, digital whiteboard to outline a quick concept with customers or peers. Ultimately, I think the iPad will prove a strong form factor for enterprises to build their own line-of-business apps on as well. We’ve seen tremendous interest in this from our customers and it’s only a matter of time before the enterprise application floodgate opens for the iPad.
These are just a few of the ways I find the iPad taking a role in my business life. But, the iPad takes a role in my personal life as well, whether it is for gaming, movies or simply for catching up on a book or magazine.
So, what does this mean? Whether you’re using the iPad as your primary computing device or whether it occupies a strong role in your business toolkit, the challenges IT has in managing the iPad will mirror those of the iPhone. iPads will have a dual-personality and, likely, many will be employee-owned. Enterprises will have to thus make it easy for users to get connected to the right resources while at the same time segmenting enterprise-owned data from personal-owned data.
I was putting together a YouTube video on MobileIron as I was thinking about these things. With iOS 4 for iPad on the horizon, it’s going to be much easier to secure and provision all the iOS devices. You can check out the video here: http://www.youtube.com/watch?v=HTrQ-fMfJDs
Older Posts »
