Facing Commoditization, What’s Next for Mobile Device Management (MDM)?

Facing Commoditization, What's Next for Mobile Device Management

In my latest blog post over at Forbes, I drill down into the commoditization of Mobile Device Management (MDM) and discuss what’s next for the MDM market. The reality is with over 100 vendors delivering (MDM) and with the underlying mobile operating system and hardware vendors providing a uniform set of APIs to manage their OSes/devices that MDM vendors can take advantage of, clearly a good deal of commoditization is happening within the MDM market. I wanted to use this Centrify blog to provide some additional color commentary on the points I made in the Forbes blog and also discuss in more detail how Centrify sees itself vis a vis this market.

The analyst group Gartner has written extensively about MDM over the years including publishing a Magic Quadrant, but in reading their writing over the last year or so it is clear they are seeing the MDM market commoditizing. For example, in the August 2012 report entitled “Critical Capabilities for Mobile Device Management” it noted that the MDM market has over 100 players and states that

“The level of demand and the fierce competition among these players are driving commoditization in this market. Traditional MDM capabilities such as provisioning, policy enforcement, asset management, administration and reporting, are begging to standardize across multiple offerings that increasingly provide similar capabilities.”

The resulting competition is driving prices down for core MDM and, like a balloon being squeezed, is forcing the vendors to offer additional capabilities to differentiate. Gartner sees common directions MDM vendors are heading include containerization, mobile application management (“MAM”) and enterprise content management. Let me discuss each in a bit of detail.

  • “Containerization” is about securely separating corporate and business data and apps. Also known as “workspaces” or “sandboxing,” containers provide a cleaner separation on a mobile device between work and play. So even in the case that the device itself has no unlock passcode and no corresponding security policies, the secure container of business apps on the phone cannot be accessed unless the appropriate passcode is entered. And inside the container the user is able to share data between business apps (e.g. copy and paste text from an email into a CRM record), but corporate IT would of course not want data inside the container copy-and-pasted onto a non-container app such as Twitter or Facebook — i.e. data leak prevention. And of course corporate IT should have the ability to wipe the container if the device is lost or the employee leaves the organization, but not delete music, photos, personal apps, etc. that the employee put on the phone. Think of it as “virtualization” but for mobile.
  • “Mobile application management” is about deploying third party or in-house applications to mobile devices. This may include offering an app store or app catalog for users to browse applications to install, and can also address whitelisting or blacklisting specific applications.
  • “Enterprise content management” is about better file sharing and synchronization with corporate applications such as Microsoft Sharepoint or cloud-based services such as Box and Dropbox.

But by offering these additional capabilities MDM vendors will now find themselves butting heads against a whole host of new vendors including:

  • Pureplay startup vendors in each of these new areas, or PC management and endpoint security vendors who have already purchased startups in these new areas in order to leapfrog the traditional MDM vendors.
  • Mobile operating system vendors, mobile device manufacturers or carriers who increasingly see containerization as part of the platform or hardware — much like desktop and server operating system vendors (Microsoft, VMware, Red Hat, Citrix, etc.) who see comparable virtualization technology as part of the core platform.
  • Vendors who provide mobile application development platforms who are adding mobile application management capabilities as part of their end-to-end application lifecycle visions.
  • The application and cloud-based file sharing vendors themselves who see synchronization and better mobile client interoperability as core features to their platform.

In other words, the competition for pureplay MDM vendors is only going to heat up, and having over 100 vendors (and growing) in a market is not sustainable, especially if the underlying platform consolidates to just two operating systems (iOS and Android) that need management. It is questionable whether or not a pureplay MDM market will even exist in a few years, or if enterprise mobility management is just an extension of existing markets be it security, application development, systems management etc. I am also struck by consistent analyst feedback that most enterprises see their current MDM solution as a tactical stopgap mechanism, as if customers themselves see a shakeout occurring.

So where does Centrify see itself playing vis a vis MDM vendors and this crowded market? As I discussed in my blog about the merger of identity and mobile device management, Centrify does not see itself heading down the same path that the mass of MDM vendors are now heading. We believe mobile devices are increasingly becoming the de facto client for user access, so we are looking at mobility management from the lens of identity, in terms of controlling who can access what (from an IT perspective) and enabling productivity (from an end user perspective). In other words we don’t see ourselves as a traditional MDM vendor per see, but see as certain key aspects of enterprise mobile management as very much an extension of identity management.

Does Centrify provide classic MDM capabilities such as policy management, reporting etc.? Yes over a year ago Centrify threw its hat into the mobile ring, with differentiating features including the industry’s tightest Active Directory (AD) integration for mobile devices (e.g. an Android or iPad can domain join, Group Policies for iOS and Android, AD-based mobile authentication, etc.), an easy to use and deploy cloud-based service as well as a free mobile device management offering.

We think we provide equally robust MDM capabilities — especially in light that mobile OS vendors provide a fixed MDM API that is open to all ISVs and which we support— but with an identity-centric focus. This is because we believe Identity and Access Management (IAM) is about making sure the right people have access to the right resources, and given that mobile devices are where people are doing the access from, then it is incumbent from a compliance and security perspective to ensure that the underlying device is also secure (e.g. requires a PIN, is not jailbroken, can be remotely wiped if lost, etc.) and being used by the right person. i.e. the device needs to be trusted just like the user needs to be trusted.

Does Centrify provide MAM capabilities? Yes, but again with an identity focus. With Centrify and our new SaaS SSO capabilities you can have IT set up roles to control who can access what SaaS apps, but you can also specify which mobile apps are associated with a given role. Set up a user for Box.net means not only will they see Box.net from their MyCentrify portal (to get SaaS SSO) but it also sets up Box.net mobile app to ready on their mobile.

Finally, we also believe that a further key differentiation that Centrify offers vis a vis MDM solutions is in the area of enabling Mobile Authentication Services (MAS). We in fact want to go beyond mobile single sign-on (SSO) because we think even having to type a username/password on a device to access an app or cloud services is not optimal in terms user productivity and security. Hence our focus on silent authentication aka 1-click access or what we also call “Zero Sign-On.” We are investing heavily in that and are also signing up partners to this differentiating vision.

So in some sense we ourselves both overlapping and complementing existing MDM solutions but approaching the problem from a user-centric / identity worldview. Can customers deploy both a MDM and Centrify on iOS or Android? Sure, and at the end of the day we see ourselves providing unique value that MDM don’t provide and are not heading towards providing.

Starting next week at both Mobile World Congress and at the RSA Conference we will be announcing implementation and partnerships around this differentiating vision which I am looking forward to share with you. More blogging about this next week!