Identity Is the Clear Differentiator for Enterprise Mobility Management (EMM)

Centrify was the first company to unite Enterprise Mobility Management (EMM) and Identity and Access Management (IAM). Now we hear rumblings that VMware and Microsoft are pursuing similar strategies.

But not all integrations are created equal.

First, let’s review what’s happening in the market that is leading to identity becoming a core component of enterprise mobile management.

At the macro level, there are three key shifts driving this change in the market:

  1. MDM has moved to EMM: 
    Mobile Device Management is now a commodity, so MDM vendors have had to reinvent themselves to become EMM vendors. Their focus has shifted from device management to mobile application management (MAM) and mobile content management (MCM).
    Why? Because ultimately our devices are just devices — they are commodity items. But the apps we use, the content within those apps, and our relationship to our apps is vitally important—for both work and play.
  2. Features of EMM are becoming part of the mobile operating system (“OS”):  
    Features of EMM are also becoming a commodity.  EMM vendors defined propriety mechanisms to secure apps and data using technologies such as app-wrapping and containerization — but the OS vendors are now including these capabilities. For instance, both Android L and iOS include such features. And Samsung with KNOX is offering KNOX EMM. Why? Because OS vendors understand the limitations and the need to differentiate.  We all know that security was an afterthought in the Windows world; I think in the mobile space, vendors are attempting to address this.
  3. EMM vendors are now leveraging Identity:
    In reaction to commoditization, EMM vendors are now moving to the next value area — giving end users seamless access by leveraging common identity and authentication services, and management across different devices.Why? Because currently there is too much friction for the user, and the user needs a seamless way to access applications. The combination of who users are, the specific applications they are accessing, and their device and its location provides the enterprise with a set of controls that ultimately can be used to control access to enterprise resources.

The bottom line is that identity is emerging as the next frontier in mobile management, especially as the value of EMM continues to erode.  It is only a matter of time before standalone EMM vendors either partner with or acquire identity vendors — or visa versa.

Back to VMware, so what do we think they are announcing?

Following their acquisition of AirWatch, VMware blogged about their vision for Unified End Point Management. In this vision, VMware described how end users can access any app from any device in a seamless way leveraging a common identity and authentication platform — a browser-based app, a mobile app, and a traditional Windows-based app. VMware also described how administrators can manage from one management console the policies related to users, their applications and their content — irrespective of the user accessing from mobile, tablet, or traditional desktop. In VMware’s opinion (and we agree) mobile devices and traditional end-points (like Windows and Macs) should be all considered as end-points with the same management paradigm as mobile.

We believe that VMware will be showing execution against this vision in an upcoming product announcement.

To add to this, Microsoft also wants to differentiate their Enterprise Mobility Suite with identityThis article reports that Microsoft will differentiate by combining their Enterprise Mobility Suite with their cloud-based authentication and provisioning service based upon Azure Active Directory.

Is this good? 

Yes, Centrify believes this is the right approach.  We agree that end users should have a seamless experience across all devices, and administrators should be managing their users, their apps, and their devices all from one console.

We believe identity plays a significant role in the virtualized and mobile world of the future, so what VMware is doing is right for the industry. We also believe that the concept of a user’s digital identity is morphing from simply being about usernames and passwords to now also being about his or her devices, apps and location.

But are such integrations created equal?

Absolutely not.  Yes, VMware will be able to provide administrators with a single console. But buyers need to understand that the key element of this integration is all about POLICY. EMM products implement policy — these are device and application policies. IAM products implement policy too — these are identity policies, such as who can access an app. Combining these will be tough if products are stitched together. Each silo has a policy server, so the product will need to make siloed decisions and then share the outcome of the decision to the other product.

We at Centrify take a different approach.

SaaS Management

  • Firstly, Centrify’s core foundation is built on identity.  We believe a strong foundation in identity is a key ingredient for success. Call it our DNA or mindset, but we live and breathe identity.
  • Secondly, our vision is an integrated solution of identity and EMM.  We recognized the importance of mobile in the market, so we executed by building from the ground up. Unlike others, we have one seamless management and policy platform. Our product is built as one platform with a cloud-first and mobile-first mindset. When we describe policy, for instance, we have all aspects of that policy in one place — the identity, the app, and the device information — so any combination of these provides all the permutations for fine- or course-grain policy management.

Some examples of policies that we can provide.

  1. Bill can access from his mobile device the Salesforce app when he is inside the Centrify HQ building. When he is outside of the physical office, he will be prompted for additional authentication. This is a great example of device policy, location policy, app policy, and identity policy all integrated together.
  2. Bill is accessing the Salesforce app from this mobile phone, but we notice he is also at home accessing his email from his Mac — he can’t be in two places at the same time.
  3. Bill is accessing the Salesforce app from his mobile phone, but his son has installed something that’s considered insecure by the IT department, so the app will prompt Bill for additional authentication.

In conclusion, identity is now the differentiator for enterprise mobility management. VMware, Microsoft, and others will surely follow, but we at Centrify already have this, and Gartner in their recent Magic Quadrant for Identity-as-a-Service recognized us as VISIONARY — specifically for this capability.


In a world where users switch from device to device and have multiple devices at any time, the most important thing is not securing a device at a given point of time, but continuously securing users and their corresponding identity via consistent, integrated policy enforcement.