At Mobile World Congress (MWC) this year, VMware announced an initiative called App Configuration for Enterprise (ACE). VMware has been marketing ACE as a standards body for simplifying the deployment of apps in the enterprise. At MobileIron, we know from experience that a standards body is not practical for this purpose.
We are very supportive of making it as easy as possible for developers to easily secure their mobile apps. In 2013, MobileIron originally developed the concept of a standards body to accelerate app development by not requiring app developers to integrate with SDKs from multiple EMM providers. Here is an overview of our Open App Alliance.
However, we didn't launch Open App Alliance because it became very clear that the OS environment is too dynamic for a standards body to be effective. An open standard was appealing but impractical for two reasons:
- The OS vendors were not involved.
- The OS vendors were rapidly expanding native app security and configuration capabilities.
For a standards body to be successful, it must be able to develop specifications that have long-term value in moving an industry forward.
In our industry, app security and configuration interfaces are evolving rapidly. iOS 7, iOS 8, Android for Work, and Windows 10 are good examples. EMM SDKs and wrappers, like our MobileIron AppConnect, constantly evolve to fill the gap between what the OS does natively and what users require. So today that gap might be a container passcode, secondary encryption, and finer-grained DLP controls, but tomorrow that gap will undoubtedly be different as each OS matures. However, because that gap is dynamic and shifts with every OS release, a standards body to create an industry-wide “AppConnect spec” isn’t practical unless the OS vendors are involved.
VMware’s intent for ACE is unclear. The marketing suggests a standards body, but the ACE website does not define, or even propose to define, a specification to replace SDKs. Instead, it shares best practices and recommended configuration variables around how to use the native app security capabilities of iOS and Android. These best practices are already supported by MobileIron and other [1218:EMM vendors] for their developers and customers, and they do not require an SDK even today.
Is ACE a standards body or a best practices website? Is it an ongoing effort or primarily a press release for Mobile World Congress?
Accelerating app development is a topic of great interest to MobileIron and, while a standards body is impractical without the involvement of an OS vendor, we will track the progress of ACE to see if it will evolve to provide value for our developer community in the future.