Blog Post

Security, Compliance, and Identity Blog
5 MIN READ

Success with Enterprise Mobility: The Evolution of Enterprise Mobility

Brad Anderson's avatar
Brad Anderson
Iron Contributor
Sep 08, 2018
First published on CloudBlogs on May, 09 2014

As we try to predict where the needs of Enterprise Mobility will go next, it’s important to consider how the industry evolved to its current status.

One could say this segment of the industry really started in 1991 when Microsoft announced a new project that was code-named Hermes . Hermes was first version of System Management Server (SMS) and its release created the industry segment known today as Desktop Management.

As PCs proliferated across businesses in those early years, a centralized solution to manage all these devices quickly became necessary. Throughout the 90’s and the last decade, the Desktop Management segment grew into a solution that nearly every organization in the world eventually adopted. Today, Desktop Management use cases are very well understood and System Center’s 70% market share is the industry standard.

In the late 90’s , employees began to bring Personal Data Assistants into the workplace and Smart Phones began to appear soon thereafter. I can certainly remember my first Palm Pilot , my Compaq iPAQ, and, my first smartphone, the Siemens SX56 – the phone I was using when I started at Microsoft in 2003. I loved that phone even with the big antennae and its weight (almost 7 ounces!).

As employees like me began to bring these devices into work, they wanted to have the flexibility to access corporate e-mail, and the industry needed a solution to enable secure access. At this early stage, a way to manage e-mail and contacts was the “killer” app that drove the corporate use of these devices. Exchange Active Sync (EAS) was created to deliver a sync protocol for e-mail, contacts, and calendaring. Later, EAS was expanded to provide the ability to manage selective settings on devices, e.g. the ability to require a power-on password before corporate e-mail would be permitted to flow to the device. The EAS settings could be managed from either Exchange or System Center, and end-users were willing to accept the power-on password requirement from IT in order to do their corporate e-mail from outside the office. Today, EAS is by far the most common policy management solution used by commercial organizations to enable mobile, secure access to e-mail.

When Apple released iOS 4 they introduced the Mobile Device Management (MDM) protocol into the Operating System. MDM is like EAS++ as it provides a native set of APIs on iOS that enable a number of settings on the device for IT to manage. The MDM protocol enabled IT to manage the wireless settings, certificates, access to iCloud, and other hardware settings (i.e. turning off the camera).

The Mobility Industry Today

Today, the major device OS’s (iOS, Android, Windows) have included either protocols or specific device APIs for agents that enable IT to apply configuration settings on the device. In Windows and Windows Phone, the MDM capabilities that ship in the OS were actually written by the Intune team. On iOS, Windows Phone, and Windows RT devices the settings that can be managed are strictly defined and not extensible. In other words, the devices are self-protecting and do not allow IT to apply polices which will increase boot time or drain the battery.

The industry segment that has been created to manage mobile devices is referred to as Mobile Device Management (MDM) . A number of startups (as well as most of the traditional Desktop Management vendors) all participate in this segment.

Within MDM, the pace of innovation has been fast and furious . As MDM matured, and as customers articulated their growing mobility requirements, the segment expanded to include Mobile Application Management (MAM) .

To put both these segments in perspective, consider it like this:

  • MDM focuses on securing corporate assets that are used on mobile devices by enforcing settings on the devices.
  • MAM focuses on securing the corporate assets by protecting the applications and data .

The market now refers to the combination of these capabilities as Enterprise Mobility Management (EMM) . In my opinion, the way that EMM is defined today is still just a subset of what is needed to enable users to access all the apps and data they need from any device. Throughout this series , I’ll make the case that what Microsoft has brought to the market in the Enterprise Mobility Suite and Office 365 is the industry’s best, broadest solution.

Currently Available Solutions

Right now, the first and most common application/data that IT wants to protect is e-mail. Many vendors have created their own e-mail applications that enable IT to enforce policy on how the data that flows through e-mail can be used, where attachments can be saved, rules around copy/paste, and what apps are authorized to open attachments.

The OS/Device vendors have been doing some nice work in this area. Take for example the native e-mail application in iOS7: Apple now enables IT to enforce policy on the corporate e-mail account in the native e-mail app while leaving the personal e-mail accounts untouched. Samsung has also been doing some great work with the creation of an OS-level container called SAFE which holds the corporate apps and data. With SAFE, only apps signed and authorized by Samsung can execute in the container, and their data cannot easily move between the corporate container and the personal space on the device.

This, in large part, is where the industry is as of today. There are currently some good point solutions in market today, but, in my view, these point solutions are not delivering the best possible experience for end-users or IT – and they’re not delivering a complete solution because they are… well, point solutions.

The shortcoming of point solutions can be seen in the MDM/MAM offerings available today. These point solutions may do a good job managing mobile devices, but they fall far short when it comes to managing PC’s. These point solutions are also not delivering the identity management capabilities that enterprises need. These incomplete solutions means that end-users have a different and fragmented experience whenever they move between their PC and mobile devices. In addition to the management limitations, another common complaint I hear is that end-users do not like the custom e-mail app they are forced to use from these vendors. On the IT side, these incomplete solutions mean that IT teams must implement multiple products/services from multiple partners – which makes their life more complicated and their day-to-day operations more expensive.

The Next Step: What Does the Solution Look Like?

Organizations are in search of a simple and consistent way to enable their users to be productive on the devices they love while ensuring their corporate assets are secure and protected. They want to leverage the tools they already own and the investments they have already made and extend those things to provide common capabilities across all the devices their users own – PCs, Macs, and mobile devices built on Windows, iOS, and Android. These organizations also want to deliver a compelling and rich work environment/UX that is consistent and familiar across all form factors.

As noted above, this is where the Enterprise Mobility Suite and Office 365 make a huge impact.

This series will comprehensively examine the work we are doing to really help organizations enable their users to be productive on the devices they love, while protecting the company.

Published Sep 08, 2018
Version 1.0
No CommentsBe the first to comment