2016: Mobile management takes on apps, content
Corporate mobile infrastructures continue to grow, with both company-issued and employee-owned devices playing a key role in supporting business processes. Enterprise mobility management (EMM) suites are often the way enterprises manage these increasingly complex environments.
The worldwide market for EMM products is forecast to grow to more than $4.5 billion by the end of 2020, according to technology research firm Radicati Group, versus an estimated $1.8 billion in 2016. That represents an average annual growth rate of 27% in the next four years.
EMM provides companies with ways to secure their mobile infrastructure, as well as to control device policies and manage mobile apps, content, networks and service. The platforms have been around for a while; some might know them as mobile device management (MDM) suites. But those suites have matured and adopted new features, and industry analysts say EMM has now reached the point where it's the go-to method.
EMM also plays a role in overseeing expenses related to communications services, mobile policies and identity management.
Of these jobs, "content and applications are probably most important in a mobile environment, assuming the identity component is in place across the organization," says Craig Mathias, principal at Farpoint Group, a research firm that specializes in wireless and mobile technologies and services.
Managing mobile assets becoming more critical
The focus on application management will no doubt continue as companies build, acquire and deploy even more business apps for devices -- and as those apps become more critical to the business and not simply add-ons.
"More organizations are focusing on actual business transformation through mobile, rather than simply deploying mobile capabilities and pursuing productivity gains," says Bryan Taylor, research director at Gartner.
Adding to the demand for mobile app development is the rising use of wearable devices in industries such as oil and gas, utilities, healthcare and transportation. Mobile analytics in particular is a hot area, Taylor says, particularly operational and behavioral analytics.
Naturally, the protection of these mobile apps is a high priority for organizations.
"We're seeing an increased focus on app and data security, access control and overall management of these aspects of enterprise mobility," says Phil Hochmuth, program director for enterprise mobility at IDC. "With BYOD and multi-device users, the shift is moving from security on the device to the apps and data. Tying all this back to an identity-based platform for management is another larger trend."
Where mobile OSes fit in
Within mobile operating systems, "the built-in management capabilities aimed at the enterprise will continue to evolve and will impact everything from app development to operational processes to technology investments," Taylor says. "This has been a moving target for a while now, but we really saw increased impact in 2015 and we expect this to have a significant effect over the next couple of years."
Nearly all of the policies set via EMM are actually just accessing management APIs that are part of the mobile operating system on the target device, Taylor explains. Both iOS and Android have expanded the scope of such APIs with each new release. Recent examples include the Android for Work capabilities that came out with Android 5.0 (Lollipop), and iOS 9's ability to allow IT to manage an already installed app, rather than just apps that have been distributed via the organization's enterprise app store, he says.
"The major impact to enterprise mobility has been that more and more organizations use the built-in management APIs to manage mobile apps," he says. This is opposed to a proprietary roll-your-own approach through software development kits, for instance.
Now that mobile is becoming an integral part of business operations, Taylor says, the need for service management -- monitoring the availability of important back-end services -- will become more important. So, too, will the need for integration between EMM and wireless LAN management systems, and EMM and identity and access management systems. "After years of pie-in-the-sky promise, IoT [Internet of Things] and M2M [machine-to-machine] technologies are really starting to shake things up and we've only just begun," he says.
IoT "represents a growth area with huge potential for EMM vendors," Taylor says. AirWatch's software, for example, manages all Coca-Cola Freestyle machines -- nearly 38,000. These machines serve up over 150 flavors and types of soft drinks.
"These are internet-connected 'smart machines' that can self-inventory and 'call home' when they are running out of flavor X, and they can self-diagnose as well," he says. "EMM is the management framework many such IoT systems will use, from connected cars to appliances to vending machines."
There are several functions EMM provides to the dispensers, including managing reorders for things like syrup and related supplies. The AirWatch solution provides software and content updates, collects dispenser data, and transports it to various enterprise and external applications. It streamlines the process for content pushes, dispenser management, dispenser enrollment, troubleshooting and feature deployment.
Company-provided vs. employee-owned devices
Experts say the end of the traditional two-year phone contract from Sprint, AT&T and other service providers will not necessarily have an impact on bring-your-own-device (BYOD) programs and mobile management.
"It really doesn't affect it much at all," Taylor says. "A growing number of organizations in the U.S. and Canada provide subsidies of one type or another to cover a portion of the monthly carrier fees."
Best practice has long been to use EMM on all devices, including those that employees bring in themselves, Taylor says. "But there is quite a bit of evidence of increased user resistance to organizations installing EMM on personal devices over the last year or so," and that's why many organizations are now trying MAM-only (mobile application management) approaches for BYOD, he says.
But even managing just the apps can be problematic if companies want to deliver apps that come from commercial stores to BYOD devices, Taylor says. For one thing, wrapping public apps is now expressly prohibited in Apple's license agreement.
App 'wrapping' now prohibited
App wrapping is a form of code injection that allows IT to add management capabilities to apps for which they don't have access to the source code, Taylor says. "It allows them to inject management code into a binary executable so the app can be managed using EMM without enrolling the device," he says. "Apple has never liked organizations doing that with public apps" -- those obtained through the Apple store -- but for a long time "made no specific prohibitions against it." But that changed in the wake of iOS 9, he says, when Apple specifically prohibited companies from wrapping public apps.
"This makes enrolling in EMM and using the native OS app management APIs the only way to manage public apps," Taylor says. "So if you buy an off-the-shelf SAP front end, the only way to manage it and apply policies to prevent data leakage is to enroll the device in EMM so you can access the built-in OS app controls. You can't get around this prohibition. You just have to play by Apple's rules, and that means managing your apps using EMM."
In the early days of BYOD, "users were so eager to turn in their BlackBerries and be able to use an iPhone that they would sign just about anything you asked them to," Taylor says. "But since then, the motivation is not as strong as most BlackBerry shops are now iPhone shops, and users have become more aware of the potential threat to privacy EMM presents." Many users fear that IT can see their pictures, read their personal texts, etc., and fear enrollment because of it, he says.
"The net result is a larger percentage of users not wanting to agree to participate in BYOD if EMM enrollment is a requirement," Taylor says. So organizations are experimenting with less powerful methods of securing company data on mobile devices, using standalone MAM, for instance.
"But Apple and Google have designed their OSes to be managed by EMM, and limit what IT can do without enrollment in EMM," he says. So even though organizations are experimenting with 'lighter' management approaches, many "find them unsatisfactory. They then decide they do in fact need EMM, and look at other methods such as improved communications to users and clear statements of commitment to user privacy to encourage recalcitrant users to enroll."
For BYOD to work, Taylor says, due to such potential privacy concerns, "you must make BYOD opt-in as opposed to mandatory, and you need to provide an organizationally owned/issued device as an alternative for those users who qualify if they choose not to allow the organization to enroll their personal device."
The all-important mobile policy
Organizations should have policies in place regarding what devices and device operating systems are acceptable, how often devices may be upgraded and what percentage of both the device cost and monthly service plans are reimbursed, Farpoint Group's Mathias says.
"It may be that none of the device cost is reimbursed -- since everyone is going to buy a device regardless -- in which case the frequency of upgrade is irrelevant." Another thing organizations need to spell out is who is responsible for updating the operating system and all the apps on the device.
If companies are managing only employee-owned devices and not those owned by the business, they will likely not require different EMM features or functions, Mathias says.
"The same policies would apply in both cases," Mathias says. "The only difference is that the management capabilities applied to [an employee-owned] device need to be clearly spelled out in the BYOD agreement signed by all participants," he says.
Most organizations enforce only a handful of common policies on mobile devices with EMM, and historically haven't treated user-owned devices differently in this regard, Taylor says. But the growth of user privacy concerns has prompted some organizations to re-evaluate this to determine if a less restrictive set of policies on user-owned phones can adequately balance the need for security and compliance against the user's desire for autonomy and privacy.
As for working out the networking/data costs with mobile devices, "in general, we recommend either a fixed amount, or in some cases, a fixed percentage," Mathias says. "It's possible to apply more complex schemes [such as] variable percentage, actual costs, etc. But the cost of implementing these can be high. It's best to keep it simple. Trying to control usage is usually somewhere between futile and irritating to both parties."
Looking ahead to future developments with EMM, there will be a "continued evolution to apps and data as the focal point of security and management," IDC's Hochmuth says.
"We're also anticipating rapid growth of home-grown enterprise mobility apps," Hochmuth says. "As enterprise app development programs mature, solutions such as mobile back-end as a service and mobile app development platforms [will] supplant traditional app development efforts in the enterprise."