MAM Challenge Document FINAL

Network World and Robin Layland present

2013

The 2013 Mobile

Application Management

Challenge Mobile Apps are the key to productivity. Which

MAM solutions are up to the complex task of

managing and securing your apps and data?

The 2013 Mobile Application Management Challenge

2

Professional Opinions Disclaimer: All information presented and opinions expressed in this report represent the current opinions of the author(s) based on professional judgment and best available information at the time of the presentation. Consequently, the information is subject to change, and no liability for advice presented is assumed. Ultimate responsibility for choice of appropriate solutions remains with the reader.

Contact:

Robin Layland Layland Consulting (860) 561 - 4425 [email protected]

Copyright © 2013 Robin

Layland / Layland Consulting

Analyst Introduction: The Answer to Securing and Managing Mobile Applications.............3

The Evolution of Mobile Application Management Enabling the enterprise through mobile apps .............................................6

Secure Mobile Apps Across the Enterprise Mobility as a transformative force..............9

Symantec Mobile Management Suite Mobility with Vulnerability.......................12

Apperian Assures Mobile Adoption Ingredients for moving your mobility forward.....................................14

2013 Mobile Application Management Challenge

3

The Answer to Securing and Managing Mobile Apps and Data Mobile Application Management is the key

By Robin Layland Principal Analyst Layland Consulting

Businesses and employees are going mobile. People are carrying multiple devices that are constantly connected. Now applications are following them and going mobile. The days when using a web browser was the only way to access an application are disappearing. We are increasingly in a world where people build their lives around both mobile apps and browsers. It doesn't sound like a big change, but it is. With a browser, all the important stuff - the application logic and the enterprise's data - was safely tucked away in a server in the data center. The only important stuff on the employee’s mobile device - the laptop - was maybe Excel spreadsheets, Word documents and PowerPoint presentations - generally not the kind of data that resulted in lawsuits or regulator action. All it took to make everything safe enough was to encrypt the disk drive, require a password and use a VPN. Mobile apps change the picture and require more management, control and security. Apps store the enterprise's application logic and data on the device. They are easy to lose, get passed around to friends and family, and fall prey to sites that reveal how to jailbreak them. Mobile devices give senior executives and IT teams headaches. You can't even depend on encrypting everything and implementing access control at the device level. Bring Your Own Device (BYOD) upsets that apple cart. Recent surveys show employees resist allowing enterprises to put device controls on their devices, and as easy as it is to jailbreak devices, you can't just depend on device-level controls. Mobile Device Management (MDM) is still important for corporate-owned devices, but in the BYOD world, you need management and security at the app level. You can't avoid mobile apps either. More and more often, mobile apps are key to increasing productivity. They provide a way to transform business processes and gain competitive advantage. Enterprise apps are here to stay and are only going to grow in number and importance.

The Answer

There is an answer that protects the enterprise -- using Mobile Application Management (MAM). It is based on the premise that you can't always control the device, but you can control, manage and secure your apps and data. MAM builds in controls and enforces policies and security in each individual app. If a policy says that if a device is jailbroken, and you can't access the app, then the MAM software in the app will stop any access. If the policy is that data can't be moved out of the app, then it can't. Access control is at the individual app level. Each app encrypts its data with its own key, making it safe from prying eyes.


4

MAM allows enterprises to take a lifecycle approach to apps. This means putting in processes to ensure that all enterprise apps go through a standard procedure to confirm they do what they say they do, they don't create problems, they enforce policies and implement security, and that you have a way to deploy, update and retire them. First, you need a process to collect all the mobile apps, because unlike server applications, anyone can create mobile apps. Sure, most of the important ones will come out of the formal application development process, but not all of them. Mobile apps can be developed by the business units, field staff and others. The reason is that mobile apps are best when they do small tasks. For example, let's say you have a delivery person who drives around to your customers. One app could be used by the driver to record the goods taken off the truck and into the store. Another app records what the driver actually puts on the shelves. Still another app collects the store manager's signature. Each app is small and does one task, but also improves the process and allows the business to collect more information. It understands the process, but it doesn't take a lot of code to create. Some smart person outside of IT could create each of these apps. Great for the business, but you want to make sure all the apps have the right security, controls and management. That’s why you want a process to collect all the apps being used for business. Once you collect all the apps, you need to make sure they conform to all your internal standards, including any regulatory requirements, as well as confirming that there is no malware, and the app does what it says it does. You need to check its user interface and privacy setting and look for any risky behaviors. MAM solutions can help you do this.

Security

Securing the app is one of the biggest reasons for a MAM solution. It can put controls in the app to make sure it follows the right policies. This can include making sure it doesn't share data (except with apps you have approved), that it is not used if the device is jailbroken, or that it doesn't have a connection back to the corporation. Since not all apps need an equal amount of security, it also allows you to move away from one set of policies for the entire device to individual policies for each app, MAM solutions provide access control for each app, making sure only authorized people access the app, and they authenticate themselves. It can also help with the single sign-on, since users may rebel if they have to have a different IT-approved password for every app. A MAM solution also allows each app to have its own VPN. MAM is the best way to support BYOD. With a MAM solution, you only need to protect the enterprise apps on the device. This allows you to secure your apps and data, while leaving the rest of device alone and keeping the employee happy. No matter what happens on the device, your app and its data are secure. Instead of having to wipe the entire device, the MAM solution allows you to only wipe your apps. How does MAM perform this security magic? There are two basic ways. The first is that MAM vendors provide a Software Developer Kit (SDK) that provides all the controls, management and security the application developer uses when building the app. That works fine if the app is developed in the formal


5

application development group, but not if it is field developed, or if you buy the app from a third party. The second way MAM vendors protect an app is by wrapping the app. Wrapping means taking the app and running it through a process the vendor provides. The process injects code that interacts with the APIs in the code and has the same effect as if the developer used their SDKs. The resulting app has all the control the MAM vendor provides. Wrapping is a good solution if you want to shield your developers from having to worry about management and security and apps developed outside of IT. An app that has been developed using the SDK or by being wrapped, is referred to as being “in a container.” A containerized app can use a VPN to communicate back to the enterprise. MAM vendors provide options on how the VPN is used and may provide their own VPN solution, so that a plethora of app VPNs doesn't overload your existing VPN infrastructure.

Enterprise Application Store

The next step is distributing, updating, retiring and managing the apps on the individual’s devices. Again MAM vendors provide a solution under the label Enterprise Application Store (EAS). An EAS is the enterprise’s own version of an Apple or Android store. It provides a place where your employees and partners can go and download your apps. An EAS solution can also provide a way to access popular consumer apps from the leading stores, allowing for volume discounts on popular apps. The EAS provides a way to automatically update the apps when a new version is available, along with wiping or retiring an app that is out of date. The EAS also can control who can download the app based on policies you set.

The Challenge

A MAM solution is clearly a key part of any enterprise's mobility strategy. The question is “Which MAM solution?" Not all MAM solutions are created equal. I outlined above what a MAM solution can do, this does not mean every MAM vendor does everything I mentioned. Plus some vendors do even more than I mentioned in the short description. You need to understand the differences between vendors, and then find the one that best fits into your mobility strategy. I have brought together four of the leading enterprise-class vendors to help you understand how they approach the Mobile Application Management:

AirWatch Apperian Good Technology Symantec

I asked them to explain their primary competitive differentiators, concentrating on where they excel compared with their competition - not to create a list of everything they do. Your next step is to read and listen to what they have to say, so you can understand how they can help you implement a MAM strategy for your enterprise. Then you should contact the vendors directly to answer your longer list of questions and understand how they can help you gain control of the mobile world. This document is just one part of The 2013 Mobile Application Management Challenge. There are also two webcasts. In these webcasts, I bring together two vendors to explore two topics in depth. Each one will help you gain a better understanding of what a MAM can do for you. The webcast topics are:

Enterprise Apps in a BYOD World: What Do You Need to Know? Containers & Wrappers: What Does it All Mean?

A MAM solution is clearly a key part of any enterprise's mobility strategy. The question is “Which MAM solution?”


6

The Evolution of Mobile Application Management (MAM) Enabling the enterprise through mobile apps

By John Marshall CEO AirWatch

Mobile applications have become one of the primary ways people communicate, work and collaborate with others from their mobile devices. The new wave of mobile apps is helping organizations automate business processes, increase employee productivity and enhance the customer experience. Enterprises looking to ride the wave of mobile apps to enable their business need to have a comprehensive Mobile Application Management strategy for securing, containerizing and managing mobile apps and data on both corporate and employee-owned devices. Key Elements of a Comprehensive MAM Strategy

Flexible MAM platform for enabling enterprise apps on corporate and BYOD devices

Secure containerized app solutions for corporate content, email and browsing

App Wrapping and Software Development Kit (SDK) for enterprise app developers

Corporate authentication policy across enterprise apps with Single Sign On (SSO)

Seamless integration of apps with back end enterprise systems through App Tunneling

Custom enterprise app catalog with advanced assignment and deployment policies AirWatch is leading the market with the most flexible Enterprise Mobility Management platform for full mobile application lifecycle management and Data Loss Prevention (DLP). With AirWatch, organizations can truly enable their business through mobile apps while protecting enterprise data.

Enabling BYOD and Containerization

With the consumerization of mobility, many enterprises are turning to Bring Your Own Device (BYOD) programs, or a hybrid of corporate and employee-owned devices. AirWatch provides a flexible model for distributing apps and securing access to content, email and browsing apps based on device ownership type, with configurable privacy policies for data collection and self-service management capabilities for end users. With AirWatch containerization, organizations can isolate and secure corporate data on mobile devices regardless of ownership type. With the AirWatch SDK and AirWatch App Wrapping, organizations can


7

develop and wrap internal applications in secure containers. AirWatch enables ultimate data loss prevention (DLP), because all of our container solutions work together. Email attachments open in Secure Content Locker, hyperlinks open in AirWatch Browser and content can be restricted to viewing in only SDK-developed or wrapped applications. Developing Applications As employees become more reliant on mobile applications to do their jobs, many enterprises are building internal applications customized to their business initiatives and employee roles. AirWatch’s advanced application development solutions provide organizations with the tools required to build secure applications for business. App Wrapping For organizations that already have developed internal applications, AirWatch App Wrapping adds an extra level of security and management capabilities to business apps. Administrators can easily wrap apps within minutes directly from the AirWatch console. For each application, administrators can select the specific features to be added to an app such as user authentication with SSO, data encryption, geofencing, restrictions on copy/paste and opening files with other applications. Configuration changes to wrapped applications are performed over-the-air and do not require redeploying the app or code changes.

App Software Development Kit (SDK) For organizations developing internal applications, the AirWatch Software Development Kit (SDK) gives enterprise app developers access to a host of core AirWatch functionality. With the AirWatch SDK, the heavy lifting has been done, allowing developers to focus on the business goals of the app. SDK features can be configured from the AirWatch console and updated over-the-air. Organizations can add important security features including user authentication with SSO, certificate integration and detection of compromised device status. AirWatch SDK applications can query and report device information back into the AirWatch console. AirWatch provides the ability to configure app restrictions and limit app access to a specific location with geofencing and easily custom-brand internal apps according to corporate standards. For complete visibility across internal apps, organizations can leverage AirWatch analytics tools to monitor app usage, custom events and actions.

Development Workflow To streamline and track the entire app development process, AirWatch provides a built-in step-by-step workflow that allows organizations to split the application creation and publishing process into steps. Each step is assigned to a user role and corresponds to a workflow status that is automatically updated as steps are completed. When development is complete, apps can be deployed to a specific user, group or device platform for app testing. App ratings and reviews give developers the insights needed to evaluate how new applications are being used. If an app crashes, logs are automatically sent to developers for fast resolution.

Deploying Applications With the increasing number of business apps deployed to mobile devices, organizations need an efficient way to push apps based on an employee’s role, group membership or business process. AirWatch enables administrators to distribute, update and remove apps across the entire organization using a fully customizable App Catalog. The AirWatch App Catalog provides a central place where users can browse, search, install and update public, internal or purchased apps provided by their business. AirWatch directly integrates with public app stores and external app repositories to link to public apps and access internal app files. Advanced features of the App Catalog include: user authentication, custom app categories and featured apps, app assignment rules based on user, device or group. The App Catalog supports multiple languages and a unified and intuitive HTML5 interface that can be branded according to corporate standards.


8

Deploying Purchased Apps Administrators are able to streamline the purchase, management and distribution of Volume Purchase Program (VPP) apps through integration with AirWatch. AirWatch enables administrators to centrally manage app redemption codes and track user acceptance and installation of apps. If applications are being purchased and deployed for different business units, AirWatch is able to associate those costs to a specific purchase order or department. With AirWatch, administrators are able to view details on VPP orders, including order date and number, and track the number of codes purchased, redeemed and remaining. If codes are remaining, administrators can re-allocate them to different users to ensure the organization is making the most of their investment.

Integrating Applications The AirWatch App Tunnel helps address mobile access to corporate resources within a single application. Typically this business challenge has been answered with a device level VPN configuration, but with a device level VPN, data leakage can occur. AirWatch App Tunneling allows a single secure connection with corporate systems that may exist behind a firewall without needing a VPN. To establish this application tunnel, IT administrators create an application wrapping profile within AirWatch leveraging the AirWatch Mobile Access Gateway. This enables a secure connection between the app and the enterprise system. SSO’s identity management makes it easy for users to access multiple apps without having to log in every time within an approved active timeframe.

Securing Applications AirWatch gives organizations ultimate application security with advanced user authentication options and SSO and the ability to create app whitelists, blacklists and compliance policies. Restrict access to pre-installed applications on a device, such as Bluetooth or camera, and disable access to public app stores. AirWatch can be configured to automatically uninstall apps when a user un-enrolls or when a device is compromised. For dedicated line of business devices AirWatch provides a lockdown kiosk mode where user can only access specific apps and settings configured by the administrator. AirWatch has the ability to scan applications to detect privacy violations, risky behaviors and designer programming to detect unsecure protocols to post data via the application.

About AirWatch AirWatch is the largest Enterprise Mobility Management provider in the world with over 1,300 employees globally. More than 7,000 companies trust AirWatch to secure and manage their mobile enterprise. Our mission is helping organizations successfully deploy, secure and manage the mobile initiatives that drive their business through market-leading solutions for mobile security, device, email, application and content management.

For more information about AirWatch solutions described here, please visit:

http://www.air-watch.com or call AirWatch at +1 404 478 7500.

http://www.air-watch.com/


[ T y p e t e x t ]

9

Secure Mobile Apps Across the Enterprise Mobility as a transformative force

By John Dasher, Senior Director, Product Marketing Good Technology

Be User First Without Compromising on Security

BYOD users want more than just access to corporate email/calendar/contacts on their smart devices – but they don't want to sacrifice personal privacy in the name of security. Mobile Application Management (MAM) can be effective, but not all solutions are created equal.

Good Technology provides a new approach in this ‘mobile-first’ era via unique mobile app containerization and associated app lifecycle management technologies. Users get their choice of preferred device and can use both personal and containerized business apps on the same device. IT retains complete control over containerized business apps and nothing else, irrespective of the device – managed by MDM or not – on which those apps are being used. Good enables users to work as they wish, more productively, without privacy infringement so personal data is not viewed or lost in the eventuality that IT has to take protective actions over containerized business apps.

At Good, we respect the personal nature of the user’s workspace and uniquely preserve the expected experience ensuring IT-certified mobile apps are embraced. As a result, businesses are freed from worry about where their data travels and can pursue bolder mobile strategies.

Not All MAM Solutions Are Equal

The unique capabilities of Good’s MAM offering, listed below, make it the only comprehensive MAM solution that does not require an enterprise to compromise where it matters most – business innovation, user satisfaction and productivity – in the name of security and manageability.

Good's mobile app containerization technology safely segregates business apps for use on any device and provides IT with extensive security and compliance controls over those apps.

Develop containerized apps faster. Apps can be containerized via wrapping (i.e., no source code access or development experience required), a cross-platform SDK (i.e., code integration required), and the most popular hybrid development environments, including Adobe PhoneGap and IBM Worklight. We make it easy for anyone to containerize apps. Developers are relieved of the pressure of learning and keeping up with the latest security techniques and can focus on building best in class apps. IT can quickly containerize the enterprise’s custom apps via wrapping without having to know anything about app development.

Constantly protect information shared between apps. Good secured apps are capable of sharing documents and data between apps through Good’s unique encrypted application-to-application


1 0

tunneling technology. This translates into constant information protection and prevents accidental exposure of data between applications (e.g., IT can prevent corporate data moving from a containerized app to a personal app that eventually places data into the consumer cloud).

Figure 1: Constantly Protect Information Shared Between Apps

Share services between apps. Only Good’s mobile app containerization enables the reuse of high value services and features developed by Good, our ISV partners, and your own custom services. Secure document sharing, described above, is just one example. Another example is print services. Instead of requiring a user to save a document somewhere then open a separate printing app to reformat and print, the print service can be made available from within the original app, allowing the user to print without switching apps. Services don’t have to be publicly visible. An enterprise development team can create their own private services (e.g., a presence service that indicates when employees are not in meetings) and only publish to their internal developer community to consume.

Figure 2: Share Services Between Apps

Encrypt data at the app-level, independent of the device. Your business can consistently comply with the highest security and data protection standards and regulations across all supported OS platforms as corporate data is encrypted at app-level via FIPS-validated cryptographic modules. This is unlike solutions that require device management to turn on native device encryption or provide non-


1 1

uniform encryption across different platforms. So, even if the device password is hacked, your corporate data stays protected.

Consumer app store convenience, enterprise control. IT can distribute an unlimited number of apps whether they are custom-built or off-the-shelf, to corporate-liable or BYO devices. Apps can be authorized for a wide spectrum of users, including non-employees (e.g., partners, distributors, board members, etc.) who are not in the corporate directory system. MDM requires membership in the corporate directory system prior to making apps available to a user. With the enterprise app store, any authorized users, whether in the corporate directory or not, can acquire these apps – and also via a privately branded enterprise app store that provides a consumer-like experience – i.e., searching, browsing, app ratings and feedback. App-level authentication provides granular controls but single sign-on (SSO) across all containerized apps makes it easy for the user. IT can centrally manage enforcement of compliance (i.e., OS version, hardware models, jailbreak and rooted detection), data loss prevention (i.e., user authentication and password strength, auto lock, cut/copy/paste prevention) and developer-specified custom app policies that have been enabled via mobile app containerization. A global view of user and app analytics, beyond simple inventory reporting, helps businesses understand how apps are being used.

Securely access resources behind the corporate firewall. IT can ensure secure access to resources behind the firewall without opening additional inbound ports which exposes the enterprise to unnecessary risk; requiring upgrades to the VPN infrastructure (i.e., no additional VPN concentrators or licenses); or adding or changing anything in the DMZ.

Safely unlock mobile data for business growth. IT can sanction the broad adoption of containerized business apps across a broad spectrum of users and devices including external business partners, board members, customers whose devices are not managed by IT or are not in the corporate directory confident in the knowledge that corporate data will be secure on the device. This is a step above mobile device management (MDM) solutions that are unable to secure data on devices that are not under MDM's control.

Put IT Back In Control

Good allows IT to regain control of BYO environments, enabling security and management of mobile apps and data, without infringing on user privacy and providing a great business user experience. Good’s app wrapping allows IT to easily containerize custom apps without needing source code or development resources, ensuring secure corporate data within the respective apps. The brandable enterprise app store and the security and compliance controls enabled by mobile app containerization allows IT to support the complete app lifecycle – from app distribution and provisioning to analyzing ratings and usage to updates and decommissioning. Unlike MDM solutions that require users to be in the corporate directory, Good supports the app lifecycle for both employees and external business partners without compromising security or manageability. IT can focus on managing the enterprise’s apps and data without having to take on management of devices not owned by the enterprise. With Good designed to allow for cost savings, IT can align with end user demands and LOB mobility initiatives such as improving productivity, while protecting corporate data.

For more information about Good Technology’s solutions described above, please visit

www1.good.com/man or call 1 (866) 7BE GOOD.

http://www1.good.com/good-dynamics-platform/mobile-app-management


1 2

Symantec Mobile Management Suite Mobility without vulnerability

By Brian Duckering Sr. Mobility Strategist Symantec

Businesses today are dealing with incredible advances in mobile device technology, massive adoption of smart devices and an unstoppable BYOD trend. In response, most enterprises have multiple mobility initiatives spread across their organization – some focused on mobile email, some focused on mobile apps, and others focused on mobile content. Within these initiatives, there are diverse ownership models and varying levels of enterprise management possible. In some use cases (corporate owned devices), complete management of devices is needed, but in other cases (personally owned devices), enterprises may only want control of specific corporate apps and data – not the whole device. To achieve these widely varying enterprise business objectives, an ideal enterprise mobility solution should address diverse use cases and ownership models. To help enterprises take full advantage of mobility without sacrificing protection, Symantec offers Symantec Mobile Management Suite – a single solution that includes the technologies to address mobile device management, application management, and threat protection challenges faced by enterprises today. The Mobile Application Management capabilities deliver comprehensive distribution and protection for mobile apps and content on iOS and Android devices. Corporate apps are containerized using a unique technology that doesn’t require source code changes, and enables clear separation of corporate and personal data on the device. Symantec Mobile Management Suite can be employed in use cases where complete device management cannot be employed or is not needed, and where control over just specific corporate apps and data is desired. Typical use cases include mobile application deployments, and mobile content driven deployments in both corporate and personally owned BYOD environments. Key features include enterprise app distribution, app and content protection policies, enterprise content distribution and selective wipe. The Mobile Device Management Capabilities offer visibility and control over iOS, Android and Windows Phone devices. Symantec Mobile Management Suite can be employed in use cases where complete device management is required or desired. Typical use cases include mobile email deployment, BlackBerry migration, mobile policy management, and mobile configuration management. Key features include enterprise user activation, configuration and policy management, app and content distribution, compliance enforcement, selective wipe, secure email and asset management.


1 3

The Mobile Threat Protection technology provides award-winning antivirus technology, advanced firewall, and anti-spam functionality for Android and Windows Mobile platforms. With centralized policy-driven management and reporting, it helps ensure there are compliance policies in un-trusted ecosystems. Symantec Enterprise Mobility Strategy: Symantec Mobile Management Suite can be employed in use cases where end users download apps of their choice from any app store in the Android ecosystem by protecting from malicious apps. Typical use cases include securing sizeable Android deployments in global user bases, field users and contractors, as well as securing legacy Windows Mobile and CE operational devices. Key features include antimalware, Web protection (safe browsing), anti-theft, enterprise policy management, application blacklisting, visibility and compliance. Symantec Mobile Management Suite simplifies the licensing process with a per-user subscription model, making mobile costs more predictable. With the common device-based licensing, and users carrying multiple devices in the form of smartphones and tablets, enterprises are forced to pay multiple times for the same user. With Symantec’s new model, IT teams no longer need to count the devices and instead use a simpler user count. Additionally, Symantec Mobile Management Suite uses subscription based pricing, so organizations can better address their capital and operational expenditures. With scalable device management, innovative application management and trusted threat protection technology, Symantec Mobile Management Suite provides all the capabilities needed for enterprises to enable, secure and manage mobile devices, applications, and data. Organizations that rely on Symantec Mobile Management Suite for the management and protection of their mobile devices will enjoy specific benefits that include:

One Solution for Enterprise-Wide Mobile Deployments: BYOD, COPE, COIT – whichever deployment models an organization chooses to support, Symantec Mobile Management Suite provides a modular and scalable solution for all mobile initiatives and use cases.

Complete Protection for Enterprise Mobility: With trusted protection at the device, app and data layers, Symantec Mobile Management Suite ensures that corporate data is isolated and protected from data loss, malware, and unauthorized access.

Lower Total Cost of Ownership: With users carrying multiple devices, Symantec Mobile Management Suite makes it cost-efficient with a per-user model (instead of per-device). In addition, integration with enterprise management products and automation tools enable operational efficiencies.

Symantec Mobile Management Suite is specifically designed to address a diverse set of enterprise mobility needs. Whether organizations want to enable mobile email or take advantage of mobile applications and content, or all of the above, Symantec Mobile Management Suite provides the most complete solution to support diverse use cases in personally owned, corporate owned and hybrid deployments.

For more information about Symantec’s solutions described here, please visit: http://go.symantec.com/mobility.

http://go.symantec.com/mobility


1 4

APPERIAN Assures Mobile Adoption Ingredients for moving your mobility forward

By Alan Murray CTO Apperian

At Apperian, our sole focus is successful mobile app adoption for our customers. As the pioneer of Mobile App Management and a company with extensive history in the enterprise, we continue to deliver innovation and set the standard for what it means to be a premier MAM provider. We at Apperian operate on a core philosophy to evolve our platform forward and drive the highest level of app adoption for mobile workers. The key points of this philosophy are listed below:

MAM − more than a pretty app store. When Apperian first started out, the main focus was on

the development of enterprise app stores. However, enterprise app stores currently represent just a “minimal viable product” for most mobile vendors. The truth is that the engine for successful adoption lies in what’s behind the app store. That’s why Apperian’s platform not only provides a best-in-class, fully customizable app store, but also an entire suite of app management capabilities, allowing IT to deliver apps to users in a way that even non-technical people can administer. We provide access to sophisticated lifecycle capabilities for inspecting, securing and deploying apps with a single click, making your mobility management easier and more efficient. If a vendor’s definition of MAM is only an app store, be wary; they are missing the larger picture.

App Lifecycle Management is the heart. There are many steps an app must take to get from

developer to device. Apps and content come from multiple sources (custom development, web links, public app stores), then must be inspected for malware and malicious code, protected with dynamic policies, signed and packaged, integrated into enterprise systems, and then delivered to the right users on the right devices. Even then, deployment is far from the end of the enterprise mobility lifecycle. Reporting, metrics, and compliance are required for mobile apps and content as much as they are for other company assets. That is why we believe App Lifecycle Management to be the heart of MAM, and why Apperian’s platform delivers a full-service suite of capabilities that handles every step of the app lifecycle, easing the challenge of managing your mobility and providing proper care every step of the way.

Usability and experience is the soul. Our efforts have never been compromised in this area, and from the beginning we have ensured a corporate experience that users demand and expect. Mobility is transformative, changing how, when and where we consume information in our personal and professional lives. With these transformative qualities now being realized, users are migrating to smartphones and tablets in numbers never seen before in IT. Consumerization of IT has raised user expectations to believe a corporate app experience should be every bit as good as a consumer-based one. Apperian provides customers with a


1 5

beautifully designed private app store; one that is familiar and intuitive regardless the device users are on. But more importantly, we allow organizations to brand their app store not as Apperian’s, but as their own, allowing for complete corporate identification and creativity. User experience is the soul of our product, which is why we devote so much of our energy providing the best user experience on the market.

App-based security. Security at the device-level is an all-or-nothing solution, and one that inevitably hampers adoption and creates friction with users who bring their own devices to work. Security solutions that require SDKs create additional work for app developers, adding time, expense and vulnerabilities. The most optimal security solutions are delivered at the app level, created post compilation by “wrapping” the app with policies that are SDK-free. With this, any administrator can manage the security policy settings of an app, such as requiring corporate authentication, data encryption or app-level VPN. The Apperian platform compresses the lifecycle of delivering apps to mobile users by removing lengthy development and testing cycles otherwise required to deliver similar capabilities. It also separates the duties of coding from security policy administration, making your app management easier, painless, and more efficient.

No containers. This is a core design choice and reflects our focus on user experience, while

still providing the protection IT requires. Although some may consider app wrapping a container, for this point we will define app wrapping and containers as separate. Containers are self-contained environments that typically include multiple apps (including PIMs) and require users to purposefully enter and exit. Barriers that worsen user experience, or assumptions that users are discretely either at “work” or at “play” (“persona” based containers) are artificial constructs, and built simply because the industry doesn’t know any better. Invisible containers, or “wrappers” as we call them, are a different story. We understand that corporate assets must be managed, protected, and secured in mobile devices. With this in mind, we created a win-win solution for both IT and end users. By wrapping individual apps with “policies” that can extend the capabilities of an app, individual policies are tailor made for that app's security, management or metric requirements. These policies are invisible to end users yet still provide IT with an important layer of security to corporate data. A best practice MAM solution should protect the user, ensure that they have the best experience possible, and behave in a way that best matches their lives – and that is what Apperian delivers.

Continuous innovation. As a company focused on innovation, it is imperative not to rest on today’s solutions. That is why for us, Mobile Application Management has evolved into a full app lifecycle solution. Continuous innovation is listening to our customers and challenging our assumptions. It is why our app wrapping is evolving into a dynamic solution that can be changed on the fly by administrative policies, or applied on demand to the right individuals without re-signing or redeploying. It is why we continue to develop new app wrapping policies that make the security and management of apps easier. It is why we will continue to grow and expand as a company, constantly redefining the definition of a premier MAM provider.


1 6

Service from the cloud. By having a SaaS-based, multi-tenancy, native-built platform, we provide unrivaled scalability and ease of implementation, along with continuous updates that incessantly move the needle for our partners and customers. The ability to deploy a solution to thousands of users with little work and time elapsed is another one of our core design principles. We are built from scratch to scale up or down on a moments notice. Our enterprise connector allows single sign on (SSO) into corporate identity providers using SAML, easing adoption issues for users by not requiring unique usernames and passwords.

No MDM required. MDM undoubtedly promises security, yet does so without any subtlety. It

will lock a device, wipe out all the content, and control everything on it, both personal and corporate. Because of the hassles and friction this creates, MDM as the only solution for enterprise mobility is insufficient. Vendors and analysts of MDM have finally acknowledged the limitations of device management, and now claim to be much broader than MDM. However, their “Mobile Application Management” solutions are only enterprise app stores, or only provide additional functionality if the device is under MDM, along with other technical limitations. We believe building value in addition to MDM as well as without MDM ensures that customers have the richest set of choices along with a broadest capability of action in their enterprise mobility environments.

No SDK required. The need to inject an SDK to get the full value of the platform is a serious

limitation of other vendors. The value for ISVs, developers, and enterprises are much higher if this limitation is removed, allowing IT to get the full value of the richest enterprise mobility platform without forcing a recompile of the app. Similarly, there is no need to track down the developers who built it, change it when a new piece of functionality is added to the platform, try to decipher an older app, or try to build a relationship with a vendor to access the vendor’s source code or engineering team.

Don’t harm BYOD devices. We believe that the ‘Y’ in BYOD truly means it’s ‘YOUR’ device.

We recognize consumer trends that determine what devices arrive when, and we work in a way that is flexible and applicable to multiple platforms. In BYOD environments, it’s really about security of corporate data, so we focus only on those apps that have access to that data. Secure them, track them, and manage them in a way that is transparent to users and doesn’t touch any personal information on the device. By operating on our core philosophy listed above, we have set the standard for what it means to

be the premier MAM provider. Having a complete understanding of our clients, products, and industry has given us the ability to properly innovate our platform to be user friendly, efficient, and reliable. Apperian assures mobile adoption, and will guide your enterprise through every step. To find out more about how Apperian can help you, and how Apperian has helped other companies such as Cisco, Allstate, Barclays, New Balance and others, review our contact information below, and begin moving your mobility forward.

For more information about Apperian’s solutions described here, please visit:

http://www.apperian.com/ or call (617) 477-8740

http://www.apperian.com/

MAM Challenge Document FINAL

Documents

Transcript of MAM Challenge Document FINAL