A full and secure mobile platform, in 30 minutes or less
By some estimates, there will be close to two billion smartphones in use on the planet by the end of 2014. While tablets, such as the iPad, still have a way to go to surpass laptops, you don't see many people on vacation taking videos with their laptops. It surprises no one that mobile devices are literally everywhere—in a restaurant being used as a tableted e-menu, and on the dashboard of your taxi helping to avoid a traffic jam.
The "personal" computer quickly evolved into an engine for business, completely changing the way we work. And the mobile device is following the same path, only more quickly. On your mobile device, it could just be a finger tap that separates a vacation video from access to your company's customer database.
But are businesses ready to handle these smart devices, expecting them to be the new 21st century workstations?
ForwardView magazine spoke with Chris Clark, president and chief operating officer of Fiberlink, an IBM company, to better understand the state of mobility management in businesses today. Fiberlink has more than 20 years of experience delivering enterprise mobility management solutions, and has been at the forefront of efficiently and securely turning mobility into productivity. Here's an edited version of our conversation with Chris.
First off, I've heard several terms that describe managing mobility. Expressions such as mobile device management, mobile application management, mobile content management, enterprise mobility management, and bring-your-own-device or BYOD. Do these describe different stages of adoption or preparedness? How do we make sense of these different terms?
I'll just explain what they are because the industry has changed a lot in the last five years. Obviously mobile has really taken over how people work, versus maybe five, ten years ago when lots of folks were bolted to their desk and they looked at their computer screens. Now everything is mobile. Mobile device management is software that connects IT management to the operating system of smartphones or tablets. What that software will do is understand whether it's iOS from Apple or Android from Google or perhaps Microsoft. It will take inventory of what applications and information are on that phone, and implement the kinds of policies IT wants on that device. Mobile device management is a very device-centric focus on managing your phone or your tablet.
Mobile application management is just what it says—a way to manage apps on your device. It's also an application catalogue that gets deployed on your device so the company you work for can load different internal or external applications on either your corporate delivered phone or your bring-your-own-device phone; we'll get into BYOD in a minute. So now you have a device that's being managed and you also have an application catalogue that has been deployed to your device. So you're almost there.
We've got the device, we've got the applications and now there's content inside that application or there's email, pictures or Word documents, for example. Mobile content management gives you a simple way to access, deliver, view, edit, and share all the content you want on that device. So think of mobile content management as all the substance sitting on those mobile devices, but some of it may be proprietary, confidential corporate information.
Now we have a recipe of a device, of an application and of content and all that gets wrapped up into a management capability for the purpose of employee enablement and productivity—that's what our MaaS360 solution does.
Regarding bring-your-own-device…ten years ago, IT would give you a computer or workstation; you might like it or not. They'd give it to you when they wanted, they'd update it when they wanted, not when you wanted. It was a very dictatorial kind of construct. Bring-your-own-device in this era is bring anything you want to the corporation. I will give you certain guidelines, policies and requirements for you to use your own device and I will also—and this is what Fiberlink has done best in the industry—let corporate information and software peacefully coexist on your personal device or tablet because I will have software that bifurcates your professional content. The pieces of the device that are from your company, such as corporate mail and the content within it, will be containerized; it will be separated from everything personal yet be side-by-side, virtually next to each other.
Companies large and small need to figure out and partner with somebody who can do all of those things in corporate compliance and productivity to ensure privacy and personal protection are happening at the same time. Whether it's the device, the application, the content, the security, the policy, the reporting, the analytics—all of those things together are what people now call enterprise mobility management. It's that broad and comprehensive approach to enable and secure the entire organization's mobile resources including the devices, the phone and the apps.
"A technology, like mobile, enabled without a strategy probably won't do what you really need."
Enterprise mobility management is the big umbrella and those pieces fit underneath it.
That's right. That's right. We've migrated in the space from mobile device management to something much more full and complex.—all those pieces together in a 24/7 world that a company has to grapple with, and also unlock, to help employees be most productive.
Let's talk about this overall management system. Businesses have been managing remote desktops and laptops for decades. Is the approach to managing mobile devices any different?
Yes, it's very different. Microsoft was the dominant operating system on a laptop and a PC. Of course, Apple had Mac that was used in certain verticals. But in general it was always Microsoft. In the mobile device world there are several operating systems. What that does to IT departments and CIOs is give them a big headache.
I'll give you a simple example. Between January and April of 2013, there were 30 different changes to Android and iOS in four months.
When Microsoft was the one company, you had to keep pace with what they were doing with Windows, but now you have two major players—Google and Apple—changing software all the time. How do you manage that? How do you keep up? So there's a lot of difference in mobile.
Also, how much personal information did you have on a laptop in the last ten years? And how much personal information do you have on your phone right now that might also have access to corporate email? You might have had some personal things on your laptop, but the amount of personal information and corporate information on an iPad right now is much greater and all of that data moves—whether you're on an Amtrak train or about to board a plane at the Paris airport.
The biggest thing in mobile versus the laptop, which was still mostly used in the office, is the flow of data. How do you control movable data? In the next three years, that's what companies are focusing on. How do we get data in motion to be protected and how do we get data to our employees so they can compete better in the marketplace? And that is a far different world than a Microsoft-centric operating system for PCs and laptops that were mostly used inside an office building.
If a company has been putting off developing a mobile management strategy—maybe because the IT team is small—where and how would you suggest they start? What obstacles—real or imagined—do they typically perceive?
I think you should always start by looking at a best practice.
One major fear is that a company will invade people's privacy. I see that cause some companies to go slowly, but that's just burying your head in the sand because mobile is happening. I think you're not going to recruit talented people anymore if you try to dictate how their tools are going to be used and what those tools are. I always recommend a simple way to think about it: what problems are we trying to solve? We're trying to make sure our employees are maximally productive but also secure. So what's the best practice?
A company can do a best practice approach for strategy and policy on the device. That device should be passcode protected, encrypted, and enabled for remote data wipe. Let's consider an industry like education and kids in classrooms bringing their devices. They go to websites, some of which they shouldn't. So why don't you put a web browser on the device that you can control, and disable any other web browser during school hours. The sequence of protection, the sequence of prescription, is to let me focus on the device and then I'm going to focus the content they're after.
So, I would start with best practices from a security standpoint and then evolve over time as to what else you want to put on those devices and what other wrappers you need in order to make sure that everybody is in compliance; in this case, safe for a child, as well as what other things you need to string together from a third party application standpoint.
I see a lot of companies trying to ensure protection of their access, as well as protection of their data. Policy is key. What are the policies we want to enable? And you just have to sit down and think through what you're really trying to achieve.
Let's talk a bit more about policy. We've heard that policy should precede technology. Is that a best practice approach?
Yes. Mobile really is a culture. It's about a company's corporate culture, as well as a technology. You have to be principled about things and I don't mean in a philosophical way. You should set the parameters about what decisions employees can make on the corporate side of their device, and what you're going to ensure is protected.
A technology, like mobile, enabled without a strategy probably won't do what you really need. A lot of employees will not participate or cooperate if they don't feel like they're getting a transparent, clear arrangement with the company. You have to start with guiding principles and with policies so that the technology does for you what you want it to do, and is also transparent enough to the employee so that they buy in as well.
Google and Apple are mostly B2C companies, and they've designed their software for the consumer; not necessarily for business use. You need to have policies set for your business before you let a Google or Apple technology do whatever it's going to do to a user with access to corporate data. I am a big advocate of policy preceding technology.
Other than scale, are the issues surrounding mobile the same for both small and large businesses?
I actually think the issues are mostly the same. There's certainly going to be some difference, but the 300 person company versus the 100,000 person company shares the same amount of risk and reward for unlocking mobile.
A 300 person healthcare company that has HIPAA compliance information needs to be just as mindful as a car manufacturer with 100,000 employees. The amount of reputational risk, the amount of compliance requirements, as well as the opportunity to take applications and content and give it to their employees in order to compete…there's no difference.
There is certainly a core bundle of things one needs to do whether they're a mid-market or large company. We've already discussed some of those: it's that device, plus the app, plus the context. There may be differences in large enterprises with regard to how many security layers are deployed. A company like IBM, for example, with multiple lines of business may have different requirements according to what industry those folks are in; whether it's a regulated line of business or not. Besides scale, I would say there may be security differences.
Differences in regulated industries could create some specialized situations for small businesses that might not exist in some large businesses.
Security is probably one of the top concerns for IT, especially when the data is moving, as you said; visions of network intrusions if a mobile device is lost or stolen. Can you talk about considerations around security given Fiberlink's experience and the evolution of MaaS360? How do you take some of the worry out of the minds of the companies you serve?
We always did things outside of the local area network, which meant we were always mobile or remote facing in our business and our product platform.
An interesting fact here is that our relationship with IBM started over ten years ago with their Big Fix endpoint management platform. We took all that laptop management and we put it in the cloud; we were the first ones to do that. We know more about IBM's endpoint management technology than any other company because we understood how it worked and then we specifically operationalized it for the mobile world. And in mobile, the security requirements are just as important as they are in the PC world, but it's even more dangerous.
We have built capability by gaining insight from seeing a lot of customers, thousands and thousands, create their own security posture, their own security policy, their own security platform through our software and our product sets.
What Fiberlink does—and what we have successfully done for companies around the world—is give them a multiple set of skills and capability so that they can enable zones of defense.
For example, you have email, a calendar, contacts, browsers. You have all of those things that you use every day, and what we have is a leading app container that can actually protect and bifurcate the corporate data from the personal data; we do that with as much rigor and as many credentials and certifications as anybody would do for a server in the data center behind the company's firewall. And we have won a lot of awards for that; we were the first to be certified by the federal government in terms of operating a multi-tenant cloud, before Google and Salesforce.com. I like to brag about that.
I would think that MaaS360 would be particularly appealing to midmarket companies. We've seen where cloud-based offerings, in particular, are of strong interest to small and medium businesses. Can you talk about some of Fiberlink's experience helping midmarket companies embrace and succeed with enterprise mobility management?
Sure. We have thousands of small and medium-sized business clients. Some say we have the fastest customer acquisition in those segments as anyone. Why is that? Because amid all of the very serious and sober requirements of doing compliance and security on that iPhone or that Android device…for the SMB market with only 2.5 IT people or a .5 full time equivalent…they need a fast and easy solution.
Those businesses with a one-to-ten-person IT team need to move as fast as they can; they have too much to do, and not enough resources. Our MaaS360 platform can be adopted and deployed in less than 30 minutes, a full platform. I could enroll your device right now and within minutes, IT could interrogate your device; see what's on it. What's personal and what's professional. Then apply policies.
You still get to choose, but if you want email from the company, or you want a proprietary application, a customer sales presentation with pricing or patient information, you need to have a certain security posture. We have won accolades from many, many companies and we see the same impact.
You could argue that a data breach or a data problem at a midmarket company is even more impactful than at large company because they may not have the resources for the rapid response that is needed.
Also, every SMB company I know is not trying to stay SMB; they're trying to grow. They're trying to go fast. They're trying to expand reach, maybe globally. So there's a great multiplier effect, a great multiplier factor of being able to package real time information and real time analytics. Maybe it's about the competition. Maybe it's about a new discovery somebody made. Maybe it's about a new idea and we've got to get it out to the field. Only mobile and only apps and content that are securely distributed do that. We constantly source, certify and send that information and we make it easy. IT knows what we're doing. The employee knows what we're doing and it's painless.
Getting our entire MaaS360 platform is as easy as downloading Angry Birds And it's all in the public domain. There are a lot of testimonials on it. We have a platform that is fast. It's easy. It's intuitive. It's always on and it's loved.
You mentioned analytics. Is there an unsung aspect to enterprise mobility management from an analytic standpoint?
Yes, I think it is more advanced. It's certainly more effective. Everybody is mixing personal and professional. There's work style and there's personal style. But, frankly, there's just a dual persona style. Everything is always on, all of the time. So we see that often and I think the analytics piece gives a company, and even the employee, an ability to understand what makes them most productive. Analytics or insights into behaviors can unlock more productivity.
There are two things in the world of mobile: context and identity. What are you doing, what do you need, where do you need it, when do you need it? That's context. Then, who are you? That's identity. I have those two things next to security, productivity and cost. MaaS360 solves for those all the time, gives analytics to both the company and the employee about different things they're doing that helps them organize, that helps them unlock, that helps them compete. The way we do that is with automation. We get rich analytics and it's based on context and identity for ensuring security, maximizing productivity and minimizing cost. That's what the MaaS360 platform does.
Do you have any success stories with midmarket clients you'd like to share with us?
We have many. One would be a retail company who decided to put iPads in their five toy stores. Employees work with customers to capture a few points in an app on the iPad about the gift or toy they're looking for, along with maybe something about the child. The app then develops recommendations wired to the inventory and SKU number, and the employee walks the customer to the relevant aisles to match the item. Customers can pay right there rather than going to a traditional checkout cash register.
In that example, there's some personal information that's captured: my name, my credit card. What has to be done is wrap together or separate items. We also have to ensure the next employee using the same iPad is identified.
Many law firms choose us. They clearly have data confidentiality concerns. We also work with major children's hospitals, very serious work saving lives and also protecting information, but in a very simple, easy way that doesn't bog down their doctors and researchers.
I've seen fire departments actually mount cameras inside buildings in California. When an event occurs they have their own iPad on the truck and are monitoring it on the way to the fire. They're getting floor plans straight out of that iPad and they're saving lives because speed matters and they need it to be easy. We have customers in the U.K. who do ambulance work that way too.
Those are just a few examples off the cuff of real people putting mobile to work, with MaaS360 just supporting their mission.
It sounds like Fiberlink and MaaS360 are very well positioned to help our mid-sized businesses get a handle on their mobility issues.
More from ForwardView
Join the conversation
Is your organization ready to go mobile first?
Modernizing data protection for SMBs