The Cloud-Device Convergence
Published Sep 08 2018 04:26 AM 9,032 Views
Iron Contributor
First published on CloudBlogs on Jun, 26 2014
Whenever a really disruptive technology has come along there have been functions, categories, and even entire market segments that merge as a result. Consider, for example, the impact of smartphones: Less than a decade ago we all owned a cellphone, laptop, PDA, mp3 player, and a GPS. Each of these devices represented a huge section of the consumer electronics market; today, with a few swipes on a smartphone you can replace all of these devices. Right now the cloud is about to tip the scales on a similar leap forward. The combination of strong identity management and layered protection of mobile devices (and the dozens of sub-topics related to these two things) are going to drive a convergence and consolidation in the enterprise mobility management industry. The real tipping point (to borrow a phrase from one of my favorite authors) of this phenomenon is the point where the volume of solutions that are cloud-based intersects with the spiking number of devices specifically built to consume cloud-based content. I believe we have already reached this point. The solution to profiting rather than floundering amidst this convergence is a solution that can consolidate the countless features and solutions and package them for IT and end-user use. Years ago, this exact kind of consolidation was a major benefit of Windows Server – it was a single product that shipped with a big bundle of solutions for a wide range of different workloads, e.g. File, Print, DNS, DHCP, Web, App Plat, etc. Amidst this convergence of cloud and devices, the Enterprise Mobility Suite (EMS) offers that same comprehensive, powerful consolidation. Here are four reasons why I believe the EMS offers enterprises the best option for managing the needs of the Cloud-Device Convergence:
  1. Managing devices where they live means you can keep pace with the needs of the devices and their users.
  2. When you get your identity management right, countless other things fall into place.
  3. Layered protection allows you to safeguard what you’ve built and what you manage no matter where the user, the device, or the data goes.
  4. Use your current investments alongside public cloud scale with a hybrid approach .

Manage Devices Where They Live

It’s a simple statement, but it really can’t be understated. Today’s devices – everything from smartphones up to laptops – are built with the intention of consuming massive amounts of cloud-based data and services. These devices spend all day every day pushing and pulling data from the cloud via optimized and secure connections; your management strategy should use this channel for more than just sending documents back and forth. These modern mobile devices live in the cloud and should be managed from the cloud. As noted previously , a cloud-based approach to device management allows you to manage and update devices anywhere on earth as long as they have an internet connection. These updates can be extended without the need to setup gateways that expose servers in your datacenters – other MDM vendors require this to happen every time. Also, delivering policy from the cloud does not mean all of your administration has to be from the cloud – instead, we think about Intune as the edge to your SCCM deployment. Intune provides a global, highly available solution for your mobile devices which is connected back to your on-prem SCCM deployment. When you calculate the value of setting policy in the cloud and then letting the cloud update all your devices, consider the speed at which devices, platforms, policies, and features are updated. It would easily take multiple people on any single IT team to keep track of these changes, master them, and then adjust the infrastructure to account for it. Intune is updated with all of these new features and platform updates whenever they are released which means you can keep working instead of hunting through forums or tech support for workarounds or patches. In his recent whitepaper (download it here ), Cameron Fuller discusses how the VCR and the microwave dramatically changed the way we consumed things (missed TV shows and leftovers, respectively) and how, shortly after having them in our life, we couldn’t imagine going back to a time before they existed. Fuller, a long-time System Center MVP, compares this to the way we’ll be talking about the cloud in the very near future.
Technology moves faster in the IT department than it does in the kitchen. We have every reason to expect that over the next few years the pace of integration of Cloud technologies will advance to a point where we will soon be looking back and wondering what we did before we had the Cloud. The key to this shift will be to determine where the Cloud has benefits for our particular organization.
Cloud-based device management is the precise type of area where IT Pros and CIO’s will be well served by being in front of a trend that will sweep past them if not addressed proactively.

Identity Management

This is a topic that’s been covered exhaustively on this blog in the past , but the key points bear repeating. When we look at the big trends and challenges the IT industry is navigating, identity management is the key element at play in all of them. For example, the device-based consumerization of IT would be impossible if we couldn’t quickly and easily verify and manage a user’s identity and their devices. Also, a move to a cloud-based or hybrid-cloud-based IT infrastructure would be DOA if there wasn’t a way to manage access – and all the carefully gathered data would be worthless if there wasn’t a simple way to identify who should (and should not) be able to access it. The simple solution is something Microsoft originally launched in 2000 (Active Directory) and which recently got a big, cloud-powered makeover ( Azure Active Directory ). AD is already the go-to source of identity management and access control for +95% of global enterprises, and AAD has been built to support the move of enterprises to the cloud. AAD has proven to be an indispensable tool for organizations who move to the cloud and need to maintain identity/access control, as well as proactively govern the SaaS apps used by their workforce. Microsoft was way out in front of the industry’s needs with AAD, but our investment has proven to be enormously beneficial for thousands of enterprises all over the world. AAD is a great fusion of AD’s proven capabilities and the flexibility and scalability of Azure. When you’re evaluating identity management solutions, be emphatic about getting something that can streamline processes like single sign-on and automate IT needs like a self-service company portal. To underscore our commitment to your success with identity management, we’ve staked the future of our own business on AAD – both Office 365 and Windows Intune authenticate every user and device with AAD. The day-to-day benefits are obvious:  If an employee leaves the company, EMS easily wipes corporate data from their device (via Intune), revokes access to SaaS apps, e.g. Concur (via AD Premium), revokes access to corporate servers (also via AD Premium), and removes their ability to access internal company docs (via AD-RMS), etc.  If you were using point solutions to do all of this the costs would be extraordinary, and you’d need a separate MDM/access control/rights management point solution for each functionality.  That many extra steps is simply not tenable.

Layered Protection

When we talk about how we define success in the enterprise mobility space, security is a major topic of that conversation. Any research you do about the elite management vendor of your future should demonstrate an enterprise-grade, enterprise-tested level of protection at the device level, the application level, and the file level. Earlier in this series I wrote about Azure RMS , a solution Microsoft has built to provide security and protection that travels with the file itself:  Azure RMS (which is included in the Enterprise Mobility Suite) makes access controls a natively saved part of the file itself – for Office files, as well as applications like Acrobat. You can read more about Office and RMS working together here . With EMS you are able to deploy a layered protection solution:
  • Layer 1: Protecting at the device (MDM in Intune ).
  • Layer 2: Protecting at the app (MAM in Intune ).
  • Layer 3: Protecting at the file ( Azure RMS )
  • Layer 4: Protecting the identity and corporate access ( AAD Premium ).
EMS is the only source of this comprehensive, layered approach. Looking around the industry at AirWatch, MobileIron, Good, etc. – they plain and simple cannot do this; they have zero solutions for protecting at the file and nothing for identity management.

A Hybrid Approach to Device Management

I recognize that the majority of people reading this blog work in the enterprise, so I can be really specific with this input: The right solution for most organizations is not going to a migration to the cloud in one big move. Enterprises are best served by using the investments and know-how they already have while incrementally adding public cloud resources over time for needs like dev/test , disaster recovery , avoiding lock-in , and bursting . This is a hybrid environment and it allows you to build for the future right alongside (and in conjunction with) what you already have. Within the IT industry, Microsoft has the only on-prem (SCCM) and cloud-based (EMS) resources to enable you to manage your devices where they live, exploit the benefits of the public cloud, and deliver your end-user the absolute best work experience across all their devices. Other mobility management offerings are big on promises if/when you go all-in with them, but they all lack a clear path to the cloud.  Without that path, those solutions are just temporary band-aids on what you’re already doing – not a strategic approach to the future.

* * *

With customers from a variety of industries, we are already seeing that managing the Cloud-Device Convergence within your own organization has a compounding effect over time. If addressed before your infrastructure and/or end-user demands reach a crisis level, your ability to meet and maintain mobility management needs is dramatically improved. On the other hand, taking a status quo approach to emerging and persistent technology demands is not (historically) a position of strength or leadership. In the whitepaper I noted above, Fuller concludes with some particularly useful insight:
If Information Technology were to have an equivalent to the Hippocratic Oath it should be summarized, “ To use technology for the betterment of the world .” At its core, Information Technology is all about innovating and gaining efficiencies. IT professionals are constantly challenged to strive to be those who use the tools available to their best capabilities.
We’ve built our enterprise mobility offerings – and the accompanying support that goes with it – to put you in a position to drive this kind of innovation, efficiency, and (on a good day) world betterment.
Version history
Last update:
‎Sep 08 2018 04:26 AM
Updated by: