Key Considerations in Evaluating & Selecting a MDM Solution
February 2012 Galvin Consulting, LLC
1 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
TABLE OF CONTENTS
Executive Summary ............................................................................................................... 6
Target Audience .................................................................................................................... 7
Background and Methodology ............................................................................................... 8
Current State of the Mobility Market ..................................................................................... 9
Mobility Growth Statistics ............................................................................................................... 9
Mobility Device Management Size and Forecast......................................................................... 10
Mobile Device Management Background ............................................................................. 11
Key Components of Mobile Device Management .............................................................................. 11
Mobile Device Management Market Evolution ................................................................................. 12
The Alphabet Soup of Mobility: Understanding Differences between MDM, EMM, MEAP and
MAM ............................................................................................................................................... 14
Nomenclature: A Window into Mobility Evolution .................................................................... 14
Mobile Device Management Segmentation ......................................................................... 17
Segmentation Frameworks .......................................................................................................... 17
Segmentation by Vertical Industry .............................................................................................. 17
Segmentation by Functionality ..................................................................................................... 19
Segmentation by Company Size ................................................................................................... 20
Segmentation by Pace of Adoption ............................................................................................. 20
Additional Factors Impacting MDM Adoption and Growth ................................................... 21
Dynamic Market Causing Some Firms to Delay MDM Implementations ............................................ 21
Preference for Exchange ActiveSync ................................................................................................. 22
Still Trying to Secure Assets .............................................................................................................. 23
Corporate Culture ............................................................................................................................. 23
Key Players in the Mobile Device Management Market........................................................ 26
Mobile Device Management Industry Structure ......................................................................... 27
Mobile Device Management Vendor Offerings.................................................................................. 30
Mobile Device Management Vertical Expertise ................................................................................. 37
Needs and Benefits Addressed by Mobile Device Management Vendors .............................. 39
Overview ......................................................................................................................................... 39
Mobile Device Proliferation .......................................................................................................... 41
Mobility Fragmentation ................................................................................................................. 43
Growing Privacy and Legal Concerns: Whose Property Is It? .................................................... 46
Growing Importance of Mobile Applications ............................................................................... 48
Customers Struggle with Application Management ............................................................... 49
The Growing Influence of Mobile Application Management Vendors .................................. 51
2 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Variety of Delivery Models Allows Customers Greater Choice ....................................................... 55
Vendors Adding Cloud to their On-Premise Solution Offerings ............................................. 55
Cloud-only Offerings ................................................................................................................. 56
On-Premise Only Offerings ....................................................................................................... 57
Cloud Solutions through Partnerships ..................................................................................... 58
Choice is Critical......................................................................................................................... 59
Transition Challenges from On-Premise to Cloud Architectures ........................................... 60
Mobile Device Management Pricing Comparisons ...................................................................... 67
Increased Security Concerns Drive Greater Interest in MDM Solutions .................................... 70
Container Approach to Mobile Security .................................................................................. 72
Platform versus Container Approach ....................................................................................... 73
Mobile Application Security in Enterprise BYOD Environments ............................................ 74
Tension between Security Risks and Long-term Business Potential ......................................... 77
Mobile Device Management ROI ......................................................................................... 78
Mobile Device Management Partnerships............................................................................ 81
Partnerships Essential to Meeting Customer Needs ................................................................... 81
MDM Partner Ecosystems are Rich and Varied ........................................................................... 81
MDM Partnerships with OEMs ................................................................................................. 83
MDM Partnerships with Carriers.............................................................................................. 84
MDM Partnerships in Adjacent Industries .............................................................................. 84
MDMs Provide Partner Training ............................................................................................... 86
MDMs Seek Best-of-Breed Partners ........................................................................................ 86
Additional Partnership Strategies ............................................................................................ 87
Mobile Device Management Geographic Coverage .............................................................. 93
Mobile Device Management Support ................................................................................... 96
Key Considerations When Evaluating and Choosing a MDM Vendor ....................................105
Additional Considerations for Selecting a Mobile Device Management Vendor .................... 112
Policies and Procedures ......................................................................................................114
Mobile Device Management Trends on the Horizon ............................................................117
Conclusions and Mobile Device Management Industry SWOT Analysis ................................124
Appendix: Vendor Profiles .................................................................................................127
Mobile Device Management Vendors ........................................................................................ 127
Absolute Software ................................................................................................................... 127
AirWatch .................................................................................................................................. 129
AT&T ......................................................................................................................................... 131
BoxTone ................................................................................................................................... 133
Fiberlink.................................................................................................................................... 136
Good Technology..................................................................................................................... 139
3 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
McAfee ..................................................................................................................................... 143
Mformation.............................................................................................................................. 146
MobileIron ............................................................................................................................... 148
Motorola Solutions .................................................................................................................. 150
RIM/Ubitexx ............................................................................................................................. 153
SAP ............................................................................................................................................ 154
SOTI .......................................................................................................................................... 158
Syclo ......................................................................................................................................... 162
Tangoe ...................................................................................................................................... 164
Wavelink .................................................................................................................................. 167
Zenprise .................................................................................................................................... 169
Additional Strategic Mobility Market Players ............................................................................ 173
Apperian ................................................................................................................................... 173
Bitzer Mobile ........................................................................................................................... 175
Endeavour Software Technologies, Inc.................................................................................. 179
Enterproid ................................................................................................................................ 180
Partnerpedia ............................................................................................................................ 184
About Galvin Consulting, LLC ..............................................................................................186
License ...............................................................................................................................186
No Unauthorized Distribution .............................................................................................186
Disclaimer ..........................................................................................................................187
Contact Information ...........................................................................................................187
4 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
LIST OF TABLES
Table 1: US Penetration of Smartphone Devices Between 2009 - 2011
Table 2: US Penetration of Smartphone Devices by Age Group Between 2009 - 2011
Table 3: Top Smartphone Platforms
Table 4: Mobile Device Management Company Backgrounds
Table 5: Mobile Device Management Vendor Offerings
Table 6: Mobile Device Management Vendor Vertical Expertise
Table 7: Key Benefits Provided by Mobile Device Management Solutions
Table 8: Mobile Device Management Vendor Delivery Options
Table 9: Mobile Device Management Vendor Pricing Models
Table 10: Vendor Approaches to Mobility Management: Platform versus Container
Table 11: Mobile Device Management Technology Partnerships
Table 12: Mobile Device Management Vendor Geographic Coverage
Table 13: Mobile Device Management Vendor Support Offerings
Table 14: Considerations for Implementing Mobility Policies and Procedures
Table 15: Sample Reimbursement Policy Matrix
Table 16: Mobile Device Management Industry SWOT Analysis
5 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
LIST OF CASE STUDIES
Case Study 1: Tangoe Predicts BYOD Trends
Case Study 2: Fiberlink on Fire
Case Study 3: Fiberlink: Applications in the Cloud
Case Study 4: MobileIron’s AppConnect Helps Secure Enterprise Applications
Case Study 5: Mformation Highlights Cloud Security
Case Study 6: SAP Offers Cloud-based Afaria with Key Partner Offerings
Case Study 7: Zenprise’s Evolution from On-Premise to the Cloud
Case Study 8: McAfee’s Three Pillars of Mobile Security
Case Study 9: Absolute Software Provides Secure Document Access and Control through
AbsoluteSafe
Case Study 10: Enterproid’s Divide
Case Study 11: Wavelink Stresses Importance of Controlled Application Rollouts
Case Study 12: AT&T’s Focus on Mobile Security
Case Study 13: SOTI’s MobiControl Saves Auto Glass Business
Case Study 14: MDM Partnerships: Critical to Future Success
Case Study 15: Good Dynamics Promotes Secure Application Development through
Partnerships
Case Study 16: Syclo’s Partner Structure
Case Study 17: Motorola Solutions: Plug-In Partner Model
Case Study 18: BoxTone and 3LM Partner to Provide Secure Android to Security-Conscious
Customers
Case Study 19: AirWatch Scales with Global Customers
6 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
EXECUTIVE SUMMARY
As worldwide growth in the mobility market surges among business and personal users,
organizations are seeking ways to monitor, manage and secure mobile devices, data and
applications. Security concerns among IT managers about sensitive data leaving corporate
environments have led many executives to assess mobile device management (MDM) solutions.
MDM vendors provide customers with a way to manage, secure, support and track mobile
devices throughout their enterprise. Typical functionality includes over-the-air updates; asset
management; support for applications; the ability to locate, lock, and wipe devices; policy
control and password management; device diagnostics and reporting; and security and
compliance enforcement.
A key driver of MDM growth has been the BYOD – Bring Your Own Device – and
consumerization of IT phenomena. As consumers increasingly bring smartphones, tablets and
other mobile devices into enterprise settings, they expect access to corporate networks and
support by enterprise IT departments. This, along with device and mobile operating system
fragmentation – particularly on Android-based devices – has overwhelmed IT managers and led
to greater interest in MDM solutions.
Due to the significant and accelerating growth in mobility, vendors have entered the mobile
device management market to capitalize on the need to secure data and devices. As a result,
the MDM market has become crowded, with a mentality sometimes referred to as the “Wild
West.” Additionally, vendors from adjacent industries, including mobile application
management (MAM), are seeking to capture a portion of the mobility market. In some cases,
MDM vendors are partnering with complimentary firms such as MAMs in order to provide a
comprehensive approach to customers. MDM executives realize the market is moving too fast
to develop solutions on their own and emphasize strong partner ecosystems.
The MDM market can be segmented in a variety of ways. When MDM vendors look at their
own market opportunities, they utilize both vertical and functional segmentation approaches,
targeting industries and groups of users that are most likely to adopt a mobile device
management solution quickly and comprehensively. It is also common for MDM players to
segment the market based on customers’ size and rate of adoption.
When evaluating the MDM industry structure, there are two principal types of vendors: large
companies that offer mobile device management as part of a larger set of offerings and smaller
players who are primarily or exclusively focused on the mobile device management market.
Larger players are typically public, while smaller players are generally private. Smaller firms are
often funded by venture capital backing.
7 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
TARGET AUDIENCE
Key Considerations in Evaluating and Selecting a Mobile Device Management Solution serves
a growing audience of IT managers within medium-to-large organizations who are considering
the deployment of mobile device management solutions within their organizations. The report
highlights the core capabilities provided by top-tier MDM providers, the benefits MDM
solutions provide, and the innovative ways mobility is being used within organizations today.
The report also presents comprehensive and detailed recommendations for the types of issues
IT executives should consider before and during their discussions with mobile device
management vendors, highlighting key questions and capabilities prospective customers should
raise to discern whether a specific solution is a good “fit” for their needs. Additionally, the
study provides recommendations about internal policies and procedures that will aid in
organizations’ long-term mobility success.
Finally, the report is helpful to customers who may be considering adjacent mobility players,
such as mobile application management vendors – either in addition to or in place of MDM
solutions. Through in-depth discussions with these market players, we are able to present the
similarities and differences in their approaches to mobility management.
8 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
BACKGROUND AND METHODOLOGY
Primary and secondary research for this study took place during October 2011 – January 2012
and included interviews with IT executives from mobile device management vendors, mobile
application management companies, and mobile enterprise application platform vendors.
Additional participants included IT enterprise customers, partners, and subject matter experts.
Report contributors included company presidents, CXOs, VPs, senior/executive directors, and
senior managers. Participants were represented from marketing, engineering, business
development, communications and corporate strategy and provided both tactical and strategic
feedback regarding their organization’s mobility technology. In-depth face-to-face and
telephone interviews were conducted with approximately 60 executives during the research
process. Research also included participation in webinars and online forums, as well as live
discussions at industry events.
9 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“We never would have guessed that
this many people would be moving
this fast in the industry at this point”. Alison Welch George, Senior Business
Development Manager, SAP
CURRENT STATE OF THE MOBILE INDUSTRY
Mobility Growth Statistics The mobility market has grown exponentially during the past several years, a trend that is
expected to accelerate. For example, at the end of
2011, there were nearly 6 billion mobile subscribers
worldwide, or 87 percent of the world’s population,
according to mobiThinking, which also reports that
India and China each have nearly 1 billion mobile
subscribers, representing 30 percent of the world’s
mobile users. CTIA reports that there were 322
million mobile subscribers in the United States as of
June 2011.
As shown in Table 1, smartphone penetration in the United States has more than doubled
between 2009 and 2011, while feature phone penetration has seen a corresponding decline in
users.
Table 1: US Penetration of Smartphone Devices Between 2009 – 2011
2009 2011
Smartphone Penetration 18% 44%
Feature Phone Penetration 82% 56%
Source: Nielsen, December 2011 (The Mobile Media Report: State of the Media, Q3 2011)
Smartphone penetration by age group shows that the highest percentage of smartphone users
are in the 25-to-34 age group category, both in 2009 and 2011, as highlighted in Table 2.
Table 2: US Penetration of Smartphone Devices by Age Group Between 2009 - 2011
Smartphone Penetration by Age in 2009 Smartphone Penetration by Age in 2011
Source: Nielsen, December 2011 (The Mobile Media Report: State of the Media, Q3 2011)
10 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 3 highlights market share changes in smartphone platforms between June and November
2011. According to comScore, Google and Apple continue to dominate the smartphone market,
both gaining share. While RIM and Microsoft continue to struggle, most observers agree that
these vendors are still very solid contenders in the mobility market.
Table 3: Top Smartphone Platforms Share of Smartphone Subscribers
June 2011 September 2011 November 2011
Google 40.2% 44.8% 46.9%
Apple 26.6% 27.4% 28.7%
RIM 23.5% 18.9% 16.6%
Microsoft 5.8% 5.6% 5.2%
Symbian 2.0% 1.8% 1.5% Source: comScore MobiLens, November and December 2011
Mobile Device Management Size and Forecast As these statistics show, mobile devices now permeate most – if not all – aspects of society,
including personal and professional spaces, as the line between personal and professional use
of mobile devices continues to blur. As employees increasingly bring their personal devices to
work, most organizations do not have the resources required to manually manage the large
influx of devices. Additionally IT departments have seen their budgets shrink during the past
three-to-four years and have been told to do more with less. While many IT managers have
leveraged efficiencies and made do with fewer resources, they are finding it difficult to
approach mobility management in the same way they have handled other priorities – mobility
is too complex and IT departments are now too lean to handle all of this work in-house. As a
result, companies are outsourcing the task of mobile device management, mobile application
management, and mobile security management to outside vendors.
As a result of this trend, the market for mobile device management has grown as more vendors
seek to capitalize on the need for data and device management. Visiongain predicts that the
mobile device management market will reach $3.54 billion by 2016, of which $2 billion will be
accounted for by the enterprise segment.
Many observers describe the growth of MDM vendors (now over 60 companies) as the “Wild
West” or a “land grab.” According to Alan Dabbiere, Chairman of AirWatch, “Our company has
grown from less than 15 customers in the Fall of 2010 to over 1,500 a year later. We’ve grown
from 150 to 300 employees during the same time frame and expect to double that number by
late 2012. We will need to be thousands of employees to handle the global nature of what’s
happening.”
11 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“It’s a great time to work in the
mobile industry because confusion
breeds opportunity.” Peter DeNagy, Principal Consultant at Enterprise
Mobility Strategies
Joe Granda, EVP of Marketing at Syclo, agrees, noting there has been a significant amount of
education in the market during the past year, resulting in an increased awareness and comfort
level around mobile device management solutions.
MDM is also considered a “hot topic” in the mobile
space because customers are struggling to learn
which solutions and vendors to select, particularly in
a market where there are few differentiators
between MDM providers.
Even with the abundance of players, the market
offers significant opportunity, and new companies continue to join the market to take
advantage of what many believe is still a nascent market. As officials at McAfee state,
“Realistically, the mobile security market is still in its infancy. We’re just getting started and
there’s a long way to go.”
MOBILE DEVICE MANAGEMENT BACKGROUND
Key Components of Mobile Device Management
What is mobile device management, and what are the key components that make up a MDM
solution? Most industry observers agree that there are several key components of any MDM
solution, including:
MDM Server and Client: MDM solutions typically include a server component, which
sends out management commands to mobile devices across a network, as well as a
client component, which resides on the end-user’s device and receives and implements
the management commands. The client and server could come from a single vendor or
different vendors.
MDM Software: MDM software monitors and manages mobile devices, generally
smartphones and tablets, which are deployed across an enterprise or service provider
environment. Software distribution includes deployment, installation, updating,
deletion and blocking.
Remote Management: Remote Management provides IT administrators with a venue
to manage mobile devices, usually over-the-air (OTA). This typically includes software
upgrades and patches that can install silently in the background, configuration of
devices based on “policies,” remotely wiping and/or locking mobile devices if they are
lost or stolen, and providing remote troubleshooting.
12 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Security Management: This element includes device, data, network and perimeter
security. MDM vendors help to ensure that sensitive data is encrypted and that security
policies are centrally enforced using certificate authentication, monitoring and
enforcement tools, root detection, jailbreak detection, sniffer sensors, password
settings, application-level security, SSL encryption, and app tunnels.
Policy Management: Users can be segregated into different groups based on policies.
Groups are defined by IT administrators and can include classifications such as a user’s
role in the organization, department, geography, or seniority. Policy management is
important because it allows IT managers to quickly assign policies to large groups of
users, ensuring accuracy, consistency, and lower IT overhead.
Telecom Expense Management: “TEM” focuses on understanding and controlling
telecom equipment and services costs and often includes mobile devices and services
plans. TEM may or may not be included in MDM vendor portfolios. Some MDM players
believe TEM is essential, particularly as end-users consume more data and bandwidth.
Other MDM vendors view TEM as non-essential to their core focus and choose instead
to offer core device management capabilities, partnering instead with third parties who
specialize in the TEM market.
Mobile Device Management Market Evolution Research In Motion (RIM) is generally considered the “grand-daddy” of mobile device
management, with its BlackBerry Enterprise Server, or “BES,” introduced in 1999 as a way to
manage and control BlackBerry devices. BES is the middleware component of RIM’s BlackBerry
wireless platform that connects to messaging and collaboration software on enterprise
networks. Until recently, BES only managed BlackBerry devices. In November 2011, RIM
announced “BlackBerry Mobile Fusion,” a new offering that includes mobile device
management of BlackBerry smartphones and PlayBook tablets, as well as other mobile devices
running iOS and Android operating systems.
Customers and industry watchers welcome RIM’s introduction of a multi-platform OS MDM
offering, although there is a general sentiment within the market that RIM should have
executed this strategy years earlier, helping it to remain relevant in the enterprise environment
by deepening RIM’s portfolio to include mobile management – a competitive advantage over
Apple and Google. With its Mobile Fusion offering, RIM will become further embedded within
enterprise environments and customers are hopeful that BlackBerry Mobile Fusion will be able
to provide additional choice, especially for customers who have a large investment in
BlackBerry infrastructure. According to Stewart Hubbard, VP of Operations at Coldwater Creek,
13 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“MDM is nothing new, having been
around since the days of laptops.
Mobile devices such as phones and
tablets are no different than the
drivers of laptops. What has
changed, however, is the complexity
of heterogeneous platforms and
applications which IT will have a
difficult time managing. This is
further complicated by the fact that
it’s now an end-user driven paradigm
versus the traditional top-down
approach of corporate IT.” Sam Liu,
VP of Marketing, Partnerpedia
“We are interested in where BlackBerry is going to go with its platform. It's too bad RIM didn't
offer this earlier.”
Even before BES, mobile device management existed, according to industry veterans. Jay
Cichosz, VP of Marketing at Wavelink, for example, notes that the first mobile devices ran DOS:
“When Windows CE was introduced for ruggedized devices, there was a need for MDM because
the utility that worked on DOS devices didn’t work on CE devices. Now that we're running into
Android, iOS, RIM and whatever else is coming along, the need to have a system that can
manage across all of those various platforms is becoming more relevant.”
Sam Liu, VP of Marketing at Partnerpedia, adds that “MDM is nothing new, having been around
since the days of laptops. Mobile devices such as
phones and tablets are no different than the drivers
of laptops. What has changed, however, is the
complexity of heterogeneous platforms and
applications which IT will have a difficult time
managing. This is further complicated by the fact
that it’s now an end-user driven paradigm versus the
traditional top-down approach of corporate IT.”
Unlike laptops, when corporate applications were
essentially corporate email and that was largely
provided by a singular device – BlackBerry – the
world of mobility today has diversified into
hundreds of permutations. The numbers and types
of devices, and the numbers and types of
applications, have grown exponentially.
Provisioning all of these devices has been a key
driver that has fueled the growth of the MDM market. In the past, companies had to physically
and manually remove devices from the field to do updates and patches. Remote diagnostics
was non-existent and making changes to configuration settings had to be done at a central
location. Removing mobility tools from workers resulted in down-time. There was also the
requirement to have high levels of inventories for spare parts and devices.
Against this backdrop came Over-the-Air (OTA) programming and provisioning, which allows
software updates and new configuration settings to be deployed on devices over a wireless
network, typically on demand. OTA capabilities allow application deployment, updates and roll -
outs consistently across a wide range of devices, giving customers a reliable and repeatable
model to support customers.
14 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
The Alphabet Soup of Mobility: Understanding the Differences between MDM, EMM, MEAP
and MAM
Different acronyms have arisen in the discussion of mobility management, including “MDM,”
“EMM,” “MEAP,” and “MAM.” Each acronym represents a different type of player in the
market, with some overlap, partnerships, and increasingly fuzzy lines between these categories
of players.
MDM (Mobile Device Management): MDM vendors typically focus on device
management, securing, monitoring, managing, provisioning, and auditing mobile
devices deployed across an enterprise. Typically solutions include a server component,
which sends out the management commands to the mobile devices, and a client
command, which runs on the handset and receives and implements the management
commands.
EMM (Enterprise Mobility Management): EMM goes beyond MDM to encompass all
aspects of mobility management, and not just device management. EMM includes
wireless networks and mobility services, as well as application management, security,
and, often, telecom expense management.
Mobile Enterprise Application Platform (MEAP): MEAP vendors provide tools for the
development of mobile applications, helping organizations develop mobile software
across a plethora of different device types and mobile operating systems. MEAPs
typically provide mobile application development templates to simplify and accelerate
mobile application development time frames.
Mobile Application Management (MAM): MAM vendors are relatively new players in
the mobility industry and offer a compliment to MDM vendors, although many industry
observers believe MDM and MAM will eventually converge. MAM vendors help
organizations create, deploy, and manage in-house and market applications, often going
beyond simple applications (such as email, calendar and contact databases) and offering
mobile enterprise applications for business system services, such as Customer
Relationship Management (CRM), Enterprise Resource Planning (ERP), Business
Intelligence (BI), and location-based services, such as geo-fencing.
Nomenclature: A Window into Mobility Evolution
Which term or acronym individuals use in their mobility discussions provides a window into
their current thinking in terms of mobility management. MDM vendors, traditionally selling to
and aligned with enterprise IT departments, commonly use terms such as “control,” “secure,”
“lock down,” and “access.” Users are denied access until they “conform” to prescribed
corporate mobility policies. Primary concerns include data leakage, theft, control and
15 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
regulation. Although some MDM vendors prefer to take a “carrot and stick” approach, trying to
coax users into compliance with corporate policies about upgrading to a new mobile OS, for
example, uncooperative users are dealt with by blocking or quarantining their access.
MAM vendors, while emphasizing their strong commitment to security (sometimes through
partnerships), like to stress their greater focus on end-user experience. MAMs typically work
with a broader array of corporate constituents than just IT departments, including sales
managers and marketing directors. MAMs see mobile phones as a gaming platform, a camera,
a 2-way communications device, or as a computer more powerful than laptops of several
generations ago. This group asks, “How can we help customers gain competitive advantage for
their businesses by using mobility as a business tool?”
MAM vendor Apperian believes that Enterprise App Stores, or App Catalogs, are the primary
entry point for employees into the world of corporate applications and should be friendly, easy,
branded, intuitive, and “opt in-able.” Employees are invited – or “pulled” – into the experience
by installing their company’s private application catalogs onto their phones. Apperian contrasts
this with the centralized, “push” approach of MDM vendors.
Advocates for “Enterprise Mobility Management” insist that MDM is now an antiquated
misnomer. Representatives from SAP, for example, believe the term MDM is too limiting and
that Enterprise Mobility Management should be used instead. As SAP explains, mobility
management is not just management of the device but also application management and
security management.
AT&T MDM executives add that MDM is nothing new and has traditionally been associated
with loss and theft management. Today, AT&T officials note, MDM is much more concerned
with the overall mobilization of the enterprise space.
Fiberlink and SOTI both position themselves as being in the Enterprise Mobility Management
market. Neil Florio, Fiberlink’s VP of Marketing, describes the distinction between EMM and
MDM as such: “Enterprise mobility management is really the higher level category and mobile
device management is a component of that. EMM can include many different lifecycle aspects,
including mobile device management, application management, document management,
expense management, and security management. They all fall under the EMM umbrella.”
Crystal Wong Kruger, Senior Manager for Business Development at SOTI, notes that while the
acronym “EMM” is increasingly being used, most RFP/RFI requests still refer to the technology
as “MDM.” Wong Kruger states that SOTI’s decision to promote itself as an EMDM (Enterprise
Mobile Device Management) solution vendor helps it to make the distinction between itself
and new market entrants and to address how it can support different stages in enterprise
mobility evolution. Importantly, Wong Kruger also points out that including the term
16 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“Who cares about the physical
phone? What businesses really care
about is protecting the company
data, access to the back-end
compute systems, and the corporate
intranet. The real issue is not focused
on the cost of a device; the issue is all
about the mission critical information
that resides on the device. It’s all
about preventing corporate data
leakage and ensuring that corporate
intellectual property is protected.”
Peter DeNagy, Principal Consultant,
Enterprise Mobility Strategies
“enterprise” in any classification can make small and medium businesses feel left out of the
mobility management discussion.
Other vendors are not so absolute. Adam Stein, Director of Marketing at MobileIron, believes
that terminology is beside the point, noting “You can pick your three-letter acronym of choice.
The real question is: What are people trying to do
with it?”
And this has become the crux of the issue. As mobile
device management grows and matures – and
arguably becomes a requirement by enterprises –
corporate IT managers are starting to de-emphasize
“device” management and are instead focusing on
the “data” and “application” protection and management elements of enterprise mobility. As
Peter DeNagy, Principal Consultant at Enterprise Mobility Strategies, points out, “Who cares
about the physical phone? What businesses really care about is protecting the company data,
access to the back-end compute systems, and the corporate intranet. The real issue is not
focused on the cost of a device; the issue is all about
the mission critical information that resides on the
device. It’s all about preventing corporate data
leakage and ensuring that corporate intellectual
property is protected.”
John Herrema, SVP of Corporate Strategy at Good
Technology, concurs, noting “What's really
interesting about mobile device management is that,
in almost all cases, you're able to manage the heck
out of the device but that doesn't ensure that you're
properly managing the data and preventing data
loss.” Herrema states that Good’s solution – using a
container approach – focuses on control and
ensuring data loss prevention as the primary goal. If
customers want to manage aspects of the whole
device, Good allows them to do this as well.
Herrema asserts that this approach and Good’s
overall philosophy differs from that of other MDM
players, who focus on the wrong “d” – device management instead of data management.
“You can pick your three-letter
acronym of choice. The real question
is: What are people trying to do with
it?” Adam Stein, Director of Marketing,
MobileIron
17 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MOBILE DEVICE MANAGEMENT SEGMENTATION
Segmentation Frameworks
Different observers segment the MDM market differently, with some experts using vertical
industries as a logical framework, while others use functionality, company size, or the pace of
adoption. In some instances, industry experts report that segmentation discussions are
irrelevant because mobility – and the need for mobile management – is simply so widespread.
Similar to differences in nomenclature, the lack of concrete segmentation reinforces the fact
that the mobile device management market continues to evolve as technology and end-user
needs change.
Segmentation by Vertical Industry Which companies are at the forefront of mobility management? And what is driving their push
toward greater mobility adoption? Some industry veterans point to specific verticals as
mobility thought leaders.
Education is an industry using mobility adoption in a transformative way, both at the K-
12 level and in colleges and universities. A key value proposition relating to mobility in
education surrounds book purchases and replacements. College students can now
download and access textbooks onto their tablets, not just for a semester, but for their
entire university careers. As online learning grows, companies such as Blackboard are
adding mobile applications to their online teaching classrooms, including campus maps,
news, university activities, library resources, and real-time bus locations/routes.
Mobility in K-12 education includes mobile homework and assignments, online
textbooks, interactive activity sheets, and interactive education with gaming to foster
greater engagement in learning. Applications help students master reading, languages,
math, science and other topics in an interactive format. Students and teachers can use
tablets interactively to demonstrate a concept or practice a task. Learning assessments
can be done online, with tests automatically increasing or decreasing in difficulty
depending upon the student’s ability.
Healthcare is frequently cited as an industry moving quickly to the forefront of mobility.
Why? mHealth holds the promise of significant cost savings, particularly in
demographics with aging populations, and for consumers in need of chronic disease
management and monitoring. Federal government initiatives toward adopting
Electronic Health Records (EHRs), Electronic Medical Records (EMRs) and a Health
Information Exchange (HIE) have also provided a significant impetus for mobility in the
healthcare setting. As Peter DeNagy, Principal Consultant at Enterprise Mobility
18 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Strategies, states, “There are many opportunities relating to mobile health, including
telemedicine, remote diagnostics, medical imaging, remote consultation, access to the
EMR/EHR system, records validation, and prescription validation.”
Tim Williams, Director of Product Management at Absolute Software, echoes this
sentiment, noting that BYOD in health care settings was started and driven by doctors
bringing their iPads to health care settings and requesting support. Williams adds that
health care IT managers are very cognizant of health care requirements and understand
that there are even greater risks and compliance costs around this information.
Nevertheless, these IT managers are also quicker than most organizations to understand
that they set the policy, even for doctors.
Financial Services firms are using mobile device management to prevent employees
from forwarding confidential information on mobile devices to their personal email
accounts, download it to home computers, or sync it to services such as Dropbox.
Companies in this industry are also using MDM functionality to perform context-aware
mobile security that disables specific applications by time of day, location, employee
role, and device type. White- and black-listing of applications is used, as is blocking out-
of-compliance devices from corporate network access.
Real estate agencies are increasingly arming their representatives with tablets to deliver
real-time listings, allowing mobile agents to garner a competitive advantage over agents
who continue to rely on traditional MLS listings. MDM vendors can deliver secure files,
including disclosure statements, purchase agreements, and good faith estimates,
directly to mobile devices. Consumers are also taking advantage of mobility in the real
estate market: Zillow reports that nearly 1.8 million homes are viewed daily on Zillow’s
mobile applications, with 30 percent of Zillow’s weekend traffic and 20 percent of its
overall traffic coming from mobile devices.
Retail stores are using mobile devices to combine in-store and digital shopping. For
example, in October 2011 Lowe’s announced that it would deploy 50 ,000 iPhones to
store employees that will allow them to process credit and debit card transactions on
the retail floor. Also in October 2011, Sears announced that it was deploying 5,000 iPad
and 11,000 iPod touch devices to approximately 450 Sears and Kmart stores throughout
the United States that will allow associates to check available inventory at various
locations, order products online if an item is out of stock, and access product
information and videos. Customers will also be able to comparison shop due to free Wi-
Fi at some locations. Luxury retailer LVMH, which owns high-end stores such as Sephora
and Le Bon Marché, is adding secure iPad kiosks to its stores to help customers find
products; the secure browser will ensure that employees only use the devices for work-
related browsing. Lowe’s, LVMH, and Sears are all AirWatch customers.
19 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Defense and aerospace firms are increasingly using mobile device management to more
efficiently run their businesses. One aerospace company, for example, is using
Zenprise’s secure file sharing application to deliver electronic versions of inspection
documents directly to the iPads of its engineers. The content is time-expired, allowing
the vendor to meet its compliance requirements and save millions of dollars in fines
each year.
Defense contractor DynCorp, an AirWatch customer, has also utilized MDM capabilities
in its operations around the world. Bill DeWeese, IT Manager for Enterprise Mobility,
notes that DynCorp has realized millions of dollars in savings per day just by automating
time keeping between its facilities in the United States and overseas, reducing errors
and eliminating time-consuming manual processes.
Travel and hospitality companies are using mobile devices in a variety of ways,
including as kiosks for guest check-in. For example, a Zenprise hospitality customer is
deploying iPads for guest check-in at its resorts. Other hotels provide tablet devices to
customers in their rooms; for returning guests, the preferences are already configured
to favorite web sites or applications. Guests can use the tablets to explore new
surroundings, both in the hotel and in nearby communities. Hotels report that the
tablets have resulted in higher customer satisfaction, loyalty and guest spending.
Segmentation by Functionality
Instead of segmenting the market by vertical, some MDM vendors instead view opportunities
by the types of uses their customers are targeting. In essence, this view is one that cuts across
industry and, instead, looks at functionality. For example, officials at AT&T report that MDM
transcends all 12 of the verticals it targets, making it more of a horizontal offering.
Officials at SOTI agree, noting that a key segment SOTI targets is organizations deploying
mission critical, line of business applications who want the ability to silently install, update, and
disable applications; lock down devices into kiosk modes; and provide live technical support
through remote control tools. At the other end of the spectrum, SOTI customers include
companies that are primarily interested in enforcing a corporate sandbox and controlling access
to email. In this latter instance, customers prefer to have minimal impact on the end-user
experience when employees are using their devices.
Fiberlink also segments the market in terms of best practice MDM essentials and advanced
management/security capabilities. Best practice essentials include OTA enrollment,
configuration, security policy management (such as pass codes, Wi-Fi and VPN profiles),
reporting, remote lock/wipe, selective wipe, and a self-service portal for end-users. More
advanced functionality includes the ability to automatically and/or continuously monitor
20 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
remote devices, and well as to provide automated enforcement, certificate management, and
application or document security.
Mformation’s Marketing Director, Rob Dalgety, believes that most enterprises are looking for
six-to-eight key capabilities, or building blocks, to support their mobilized enterprises today.
These include device management; expense management; application development,
deployment and management; and endpoint security requirements. Within these core
capabilities, Dalgety believes that enterprises have different priorities depending upon their
current mobility evolution and long-term mobility strategy.
Segmentation by Company Size
When examining mobility in terms of company size, we find that large organizations are
adopting mobility at a very rapid pace. Companies with hundreds or thousands of devices in
the field need mobile device management solutions to help manage the complexity of so many
end-points.
Larger organizations typically have concerns around security, data leakage and compliance, and
MDM solutions help manage this risk. The emphasis on ensuring an enterprise-grade solution –
along with details about architecture – is typically central to the discussions. Additionally, IT
managers at large enterprises place significant emphasis on the ability to optimize their
businesses for mobility.
Segmentation by Pace of Adoption
When looked at from a relative perspective, one could argue that mobility deployments are
increasing – albeit at a different pace – for all organizations. While some companies may be
slower or more methodical in their implementation plans than others, mobility has permeated
the infrastructures of most industries, companies, and institutions. Early adopters are now
revising their strategies, or deploying new methodologies. These firms are often taking what
they learned in their mobility implementations for email, calendar and PIM and applying these
lessons to more advanced mobility strategies, such as mobile integration with back-end
systems, including Enterprise Resource Planning, Customer Relationship Management and
Business Intelligence. Companies that are slower to adopt are evaluating their mobility options.
According to Kelly Ungs, Senior Director of Channel Sales at Wavelink, “All companies – large
and small – have compliance reasons for managing mobile devices, whether due to government
regulations, such as HIPAA and Sarbanes-Oxley, or due to their own internal corporate finance
or operations policies. The liabilities organizations expose themselves to without MDM are
huge.”
21 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Alison Welch George, Senior Business Development Manager at SAP, agrees. Welch George
describes the mobile device evolution from one in which field- and task-based employees, such
as those in sales, utilities, health care, and construction, were the biggest users of mobility
infrastructure in the past. In contrast, devices are currently entering the work force and are
being used for more than just task work. According to Welch George, “Mobility usage today is
really evening out into a much more horizontal approach, covering all industries at different
levels.”
Mobile devices are increasingly viewed as just another end-point in enterprise IT
infrastructures, needing to be managed and secured in the same way as other assets in
corporate environments. Until recently, mobile devices were restricted to email as the end
point. As the power capabilities of these devices has grown, in terms of network bandwidth
and usability, standard corporate applications beyond just email are now easily accessible to
mobile workers. Suddenly a workforce exists that can perform work anywhere and anytime,
not just restricted to a laptop or desktop in an office setting.
ADDITIONAL FACTORS IMPACTING MDM ADOPTION AND GROWTH
Despite the widespread growth of mobile devices and projections for even greater growth in
the coming years, not all organizations have adopted mobility management solutions. Some
enterprise IT managers indicate that they are considering MDM in 2012, while others are
“making do” with a patchwork of different systems. Despite dire warnings of security
infractions that could imperil companies without MDM, these IT managers have taken a “go
slow” approach to MDM adoption.
It’s also important to keep mobilization in perspective. As Andy Smith, VP of Product
Management at MAM vendor Bitzer Mobile notes, “The people who are calling us and selecting
us are already thinking about mobility. However, this is not necessarily where the industry is as
a whole. It's not as far along as I'd like to think. While there is no question that mobility
management is growing really, really fast, it’s not as penetrated as it appears if you’re living it
day-to-day.”
Dynamic Market Causing Some Firms to Delay MDM Implementations
For some companies, the dynamic nature of the mobility market has had a direct impact on
their decision to deploy mobile solutions. For example, while retailer Coldwater Creek
recognizes the need for a long-term mobility solution, it is taking a slower approach to mobile
device management. Instead of deploying a full-blown MDM solution, VP of Operations
Stewart Hubbard notes that his firm is utilizing its existing BES server to manage BlackBerry
22 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
After running rogue device
assessments in enterprises, Zenprise
found as many as 10,000 unknown
devices accessing corporate
networks.
devices and has extended its existing agreement with JAMF for management of Macintosh
computers to include JAMF’s Casper Suite for iOS device management.
Preference for Exchange ActiveSync
Other companies have opted not to purchase MDM solutions, at least for the time being,
deciding instead to utilize Microsoft Exchange to secure and manage their mobile devices.
Exchange Server 2007 and Exchange 2010 both manage mobile devices through ActiveSync
mailbox policies, while MDM solutions use group policies. Why is this distinction important?
While ActiveSync provides mobile device management and policy controls to synchronize email,
contacts, calendar, tasks and notes from a messaging server to mobile devices, Exchange Server
relates to passwords, device hardware and mobile applications through individual mailboxes,
tying policies not to a device or user account, but to the mailbox itself. MDM solutions, in
contrast, apply settings through group policies, often to hundreds or thousands of users at
once. MDM offerings also have many more policies settings than Exchange, and Exchange can
only provide full device wipe, not selective wipe.
IT managers may also be in denial, or simply unaware, of the need for mobile device
management. According to AirWatch’s Chairman,
Alan Dabbiere, “We spoke with a F500 company
recently who thought they had 20-to-30 devices that
were employee-owned. After running an ActiveSync
report, they found over 2,000 unique connected
smart devices that they didn’t know about, including
both iOS and Android devices.” Zenprise has found
similar scenarios: after running rogue device
assessments in enterprises, it found as many as 10,000 unknown devices accessing corporate
networks.
Not surprisingly, MDM vendors guide customers away from solutions such as Exchange
ActiveSync. Alison Welch George, Senior Business Development Manager at SAP, notes that
“Microsoft's ActiveSync is a very bare-bones MDM and is not really in the same category as
traditional MDM vendors.” Welch George includes Google’s MDM offering that was announced
in November 2011 and released one month later – Google MDM layered into Google Apps – in
the same category. Officials at McAfee agree; a McAfee FAQ states that “Exchange and other
device-specific management tools offer subsets of [MDM functionality] for specific applications
and devices. Enterprise-class support … is most efficient when device management integrates
into other endpoint and security management processes.”
23 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“It’s more about culture than
anything else in terms of how rapidly
companies deploy mobility.” John
Herrema, SVP, Corporate Strategy, Good
Technology
Still Trying to Secure Assets
While some organizations are far advanced down the path of mobility, other firms are still just
trying to secure mobile assets. Mike Hulthen, VP of Development at Motorola Solutions,
believes that most enterprises today are still just trying to “see” their assets, get them under
management, and manage corporate applications, including removing them if employees elect
to go off MDM support. According to Hulthen, “There are always some outliers, but in general
people are just trying to get hold of these BYOD devices.” Rob Dalgety, Director of Marketing at
Mformation agrees, stating “A key issue for 2012 is one in which IT managers are still grappling
with trying to manage individual-liable devices that are entering their networks and the need to
put in place a coherent approach and solution in this area.”
Officials at AT&T concur, noting that the need for management is a key driver in the market
today. Companies large and small are asking vendors to give them the means to manage
mobility – the “fencing” they need to coral mobility and bring it under control. Once the
fencing is built, follow-on discussions about value-added capabilities can take place. AT&T
believes that this framework applies from a business security and business cost savings
perspective, but also from the standpoint of how customers can use mobility to differentiate
themselves within their own businesses.
Tim Williams, Director of Product Management at Absolute Software, reports that many
customers need help in developing their long-term mobility strategies. IT managers feel that
since their employees are bringing mobile devices into the workplace, IT must support them
without stipulation. Williams advises clients that they can draw some boundaries, such as
allowing Android devices at specific release levels, noting “Organizations just need to throw a
lasso around some of these devices and get started.”
Corporate Culture
Corporate culture can also have a significant impact
on how quickly and aggressively organizations adopt
mobility management platforms. Some companies,
even within the same industry, and even in
industries known for aggressive mobile adoption,
can move at a slower pace than others. For
example, John Herrema, SVP of Corporate Strategy
at Good Technology, in describing the rapidity with
which Good customers move from Proof of Concept to mass deployment, notes that “It’s more
about culture than anything else in terms of how rapidly companies deploy mobility.” Herrema
cited a recent example of two companies – both in the same vertical and under the same
24 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
regulatory constraints – taking very different approaches toward mobility deployment, both in
terms of overall pace and formal “Bring Your Own Device” support, primarily due to cultural
reasons.
25 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
KEY PLAYERS IN THE MDM MARKET
NEEDS AND BENEFITS ADDRESSED BY MDM VENDORS
MDM ROI
MDM PARTNERSHIPS
MDM GEOGRAPHIC COVERAGE
MDM SUPPORT
26 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
KEY PLAYERS IN THE MOBILE DEVICE MANAGEMENT MARKET
While there are many vendors in the MDM market, less than 20 are considered top-tier players.
These companies include:
Absolute Software AirWatch AT&T BoxTone Fiberlink Good Technology McAfee Mformation MobileIron Motorola Solutions SAP SOTI Syclo Tangoe Wavelink Zenprise
IBM may soon be added to this list following its acquisition of BigFix in June 2010. IBM’s Tivoli
Endpoint Manager, which is based on BigFix’s architecture, provides mobile device
management capabilities, including selective wipe, passcode configuration and enforcement,
encryption, and compliance management. The offering will draw upon IBM’s cross-platform
capabilities and allow organizations to manage smartphones and tablets, as well as laptops,
desktop PCs, and servers. Endpoint Manager for Mobile devices supports iOS, Android,
Symbian, Windows Mobile and Windows Phone devices. IBM Endpoint Manager for Mobile
Devices is currently in Beta testing.
With its announcement of support for iOS and Android devices through its Mobile Fusion
offering in November 2011, RIM is also expected to become a larger player in the overall mobile
device management industry. While RIM has managed its BlackBerry Enterprise Servers (BES)
in the past for device management and support of customers with BlackBerry environments,
RIM’s BlackBerry Mobile Fusion offering will help the company expand to wider markets,
particularly as more enterprise customers support “Bring Your Own Device” environments that
have increased the diversity and volume of mobile devices in their corporate networks.
27 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Mobile Device Management Industry Structure
The MDM market includes two principal types of vendors: vendors that are large, multi-
national, global corporations that offer mobile device management as part of a larger basket of
technology offerings, and smaller players who focus exclusively or primarily on mobile device
management solutions. Larger players are typically public, while smaller players are generally
private.
Smaller mobile device management players may be backed by venture capital firms. For
example Good Technology has received VC funding from Allegis Capital, Blueprint Ventures,
Draper Fisher Jurvetson, ePlanet Ventures, GKM Newport, Meritech, Oak Investment Partners,
and Rustic Canyon Partners, while Zenprise has received $85 million in venture funding from
Greylock Partners, Bay Partners, Ignition Partners, Mayfield Fund, Rembrandt Venture Partners,
and Shasta Ventures.
Many MDM players have reported “explosive” revenue, employee, and customer growth
during 2011. For example, AirWatch now has 450 employees and expects to nearly double this
figure by the end of 2012. MobileIron’s customer base grew 600 percent year-over-year
between 2010 and 2011, including 435 new customers in Q4 2011. Zenprise reports that it is
quadrupling its customer base worldwide and tripling employee headcount.
Table 4 provides a summary of key corporate statistics, where available, for key players in the
mobile device management market.
28 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 4: Mobile Device Management Company Backgrounds
Vendor # of MDM Employees
Annual MDM
Revenues (US$)
Total MDM
Licenses Total MDM Customers
Year Founded Public or Private
Absolute Software
Does not disclose
$72 M Does not disclose
Does not disclose
1993 Public – TOR: ABT.TO
AirWatch 450 $20-30 M Deploy-ments
exceed-ing
50,000 devices, growing
to 100,000+
1,500 2003 Private (Parent company: Wandering WiFi); 200+
million in assets
AT&T Does not disclose
Does not disclose
Does not disclose
Does not disclose
1983 Public – NYSE: T
BoxTone 120 Does not disclose
but states Revenue CAGR is >100%
1.2 million
400+ 2000 Private, VC Funded
Fiberlink ~250 $35-50 M 200,000 600 1991 Fiberlink is a 100% private company and has raised
over $50m of private equity. Fiberlink is majority owned by: Goldman Sachs,
GE Equity, Technology Crossover Ventures, and
Edison Ventures
Good Technology
500 Does not disclose
Does not disclose
4,500+ Enterprise customers
1996 Private (VC funded, including Allegis Capital,
Blueprint Ventures, Draper Fisher Jurvetson, ePlanet Ventures, GKM Newport, Meritech, Oak Investment
Partners, Rustic Canyon Partners
McAfee Does not disclose
Does not disclose
Does not disclose
Does not disclose
Trust Digital: 2004;
McAfee: 1987
Public (Parent company: Intel. McAfee acquired Trust Digital in 2010.)
NASDAQ: INTC
29 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 4: Mobile Device Management Company Backgrounds (continued)
Vendor # of MDM Employees
Annual MDM
Revenues (US$)
Total MDM
Licenses Total MDM Customers
Year Founded Public or Private
Mformation 150 Does not disclose
Does not disclose
60 mobile operators and MSPs
1999 Private (VC funded, including Battery Ventures, Carmel Ventures, Deutsche Bank, Kingdon Capital, Intel
Capital, North Bridge Venture Partners,
QuestMark Partners, Visa International and Wasatch
Advisors Inc.)
MobileIron 250 Does not disclose
Does not disclose
1,500+ corporate customers
2007 VC Funded ($57 million total as of August 2011)
Motorola Solutions
Does not disclose
Does not disclose
Over 5 million licenses
sold
Does not disclose
1928 Public – NYSE: MSI
SAP Does not disclose
Does not disclose
Does not disclose
Does not disclose
Sybase: 1984; SAP:
1972
Public (SAP acquired Sybase in 2010.) NYSE:
SAP
SOTI 150 Does not disclose
Deploy-ing 70-100K new
licenses/month
80,000 1995 Private (Profitable)
Syclo 100+ Does not disclose
Does not disclose
750+ 1995 Private
Tangoe 1,000+ $100 million
(estimated)
Manages 2 million devices,
10% directly
by MDM clients
100 2000 Public – NASDAQ: TNGO
Wavelink Does not disclose
Does not disclose
10 million+
8,000 1992 Private (key investor is WestView Capital Partners)
Zenprise 200+ Does not disclose
Does not disclose
1,000+ 2003 Private ($85 million VC funding as of October
2011, including Greylock Partners, Bay Partners,
Ignition Partners, Mayfield Fund, Rembrandt Venture Partners, Shasta Ventures)
30 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Mobile Device Management Vendor Offerings Many of the mobile device management offerings in the market today are similar. Indeed,
MDM vendors themselves admit that differentiation is difficult to discern and urge customers
to “dig into the details” to truly understand the differences in architecture, security, target
markets and overall approach. Table 5 provides a summary of MDM offerings from key players
in the market, along with each vendor’s “value proposition” and a list of key customers.
Table 5: Mobile Device Management Vendor Offerings
Vendor Key
Offerings Key Features Value Proposition Key
Customers
Absolute Software
Absolute Manage MDM
Application Management allows customers to track installed apps, build device records, publish a list of approved apps onto each device and allow single-click app downloads. Apps by Absolute allow customers to securely host, remotely deploy, and distribute in-house apps to end users, as well as provide users with a list of recommended Apple or Android apps. AbsoluteSafe allows IT administrators to distribute files without email. Security, Change, & Configuration Management includes ability to lock/wipe, manage/deploy profiles, restrict apps, set up VPN, disable camera, deploy web clips. Asset Inventory provides >65 HW and SW data points, including Apple’s VSPP.
Absolute Software is expanding its cross-platform management tools to cross-management of devices, addressing the convergence of security and management with a device- agnostic management approach. Absolute Software works hard to leverage customers’ existing resources and provide solutions adaptable to existing environments.
Detroit Public Schools, Eisenhower Medical Center, Glassboro Public Schools, La Jolla Institute for Allergy and Immunology, Old Dominion University, Texas Department of Public Safety
AirWatch Enterprise App Catalog
HTML5-based user I/F
MAM SAML integr.
for mobile devices
Integration to Microsoft BPOS-D, Office 365, and Gmail
Secure Email Gateway
Secure Content Locker
SDK Library
AirWatch MDM includes: highly scalable solution, OTA enrollment and configuration, asset management, accounts and services integration, policy enforcement, restriction enforcement, device/data security, multi-tenant architecture, web-based multi-lingual console, role-based access, intelligent notifications, reporting and alerts, SDK library for ISVs and enterprise customers, enterprise app catalog and distribution, full certificate management, advanced branding and white labeling, and device retirement. HTML5 is fully integrated into AirWatch’s management console, user self-service portal and application catalog modules.
AirWatch states that it provides mobile security, along with MDM, MAM and mobile content management (MCM) at the lowest price. The software supports all WWAN and WLAN mobile devices and all major mobile platforms and carriers with a multi-tenant architecture. AirWatch highlights its rich partner ecosystem as a key benefit to customers.
Austin Convention Center, AXA, Best Buy, Children’s Healthcare of Atlanta, Coca-Cola, Duty Free Stores, Home Depot, Inova Health System, Level 3 Commun-ications, Lowes, LVMH, Sears, Target, Tiffany & Co, Urban Outfitters
31 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 5: Mobile Device Management Vendor Offerings (continued)
Vendor Key
Offerings Key Features Value Proposition Key
Customers
AT&T Good for Enterprise
McAfee Enterprise Mobility Manage-ment
MobileIron VSP
Mformation BES
solutions
Good: Provides enterprise-grade wireless email, PIM and IT security and management tools. McAfee: Provides a security solution to protect mobile devices and data. MobileIron: VSP from AT&T combines data-driven smartphone management with real-time wireless cost control. BES: Provide IT with simplified management, centralized control and wireless email.
Partnerships provide not only best-in-class support, technology and scope, but the security, capabilities, functionalities and OS support customers need. Together, AT&T and its partners can support all customers vertically and horizontally.
New York Life, Union Bank, Large transporta-tion company (using MobileIron’s Cloud Connect)
BoxTone Security & Compli-ance
Asset & Expense
Service Desk
User Self-Service
Incident Manage-ment
Perfor-mance Manage-ment
BoxTone’s MDM offering includes OTA provisioning, configuration and changed management through direct linkage to Active Directory Group Policy. BoxTone monitors for lost and rogue devices, as well as devices in non-compliance with IT policies. Application Management includes an Enterprise App Catalog of custom in-house and commercial applications.
BoxTone’s platform is built upon an ITSM/ITIL foundation for device, support, business and operations management. BoxTone uses ITSM best practices to address the full mobile lifecycle, providing an industrial-strength platform with built-to-last reliability and security.
BP, BT, Citigroup, Kaiser Permanente, M.D. Anderson Cancer Center, US Bank, US Government (Army, Congress, EPA, GSA, Postal Service, State Department), University of Pittsburgh Medical Center
Fiberlink MDM MAM
(including AppCloud & App-Extender)
Secure Document Sharing
Mobile Expense Manage-ment
Laptop Manage-ment
Fiberlink offers MDM for all major MOSs through its SaaS-based offering, including 2 ways of managing devices: via ActiveSync and direct to the device. Mobile App Management includes enterprise app catalogs for iOS and Android devices; app lifecycle management; white/black lists and controls on accessing apps; AppExtender (API & SDK) for authentication, authorization, updates, compliance status, device query, and mobility intelligence; and the MaaS350 cloud for app distribution. Compliance Engine provides compliance monitoring and enforcement for specific rules.
Fiberlink advertises its cloud-based technology and delivery model as unique in the MDM market. Its SaaS model allows Fiberlink to “support new devices and operating systems as rapidly as they become available.”
Bank of New York Mellon, CDW, Centene Corporation, Fluor, GSA, LinkedIn, Panduit, Phillips-Van Heusen, Sutter Health, Vinson & Elkins, VMware, Yale New Haven Health System
32 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 5: Mobile Device Management Vendor Offerings (continued)
Vendor Key
Offerings Key Features Value Proposition Key
Customers
Good Technology
Good Dynamics
Good for Enterprise
Good for Govern-ment
Good for OEMs/Carriers
Good Dynamics allows customers to separate work and personal data in a secure container. It is FIPS-certified, making it an attractive choice for regulated industries and government customers. Good for Enterprise includes Mobile Control (web-based portal), Mobile Messaging (enterprise messaging and collaboration), and Mobile Access (secure browser and app access). Good for Government provides military-grade mobile security, including Bluetooth & USB Common Access Card support, PKI support, & certificate verification. Good for OEMs/Carriers includes Good Mobile Email, Good Mobile Social Networking, Good Mobile Instant Messaging, & Good Mobile UI-Less.
Good has been providing MDM solutions for 10+ and “we’ve built up a lot of IP to apply to customer problems.” Good’s container approach appeals to security-conscious and highly regulated customers.
Crowley Maritime, Downey Brand LLP, Gates Corporation, Government of District of Columbian, Napa County, Patagonia, Perkins+Will, Specialized Bicycles, Union Bank, U.S. DoD
McAfee Enterprise Mobility Manage-ment
Includes device management (OTA provisioning, real-time device access and asset information, and device information) ; audit and compliance service (visualizes mobile assets, identifies and blocks rogue assets, provides silent OTA remediation, reports compliance status and activity); device agents (password, PKI, 2-factor authentication, and remote wipe; native device encryption; Wi-Fi & VPN configuration & management); and integration with ePolicy Orchestrator (centralized visibility and control, integrates with ePO dashboard).
McAfee believes that EMM “tucks in nicely” alongside other McAfee enterprise solutions that customers already have in place, allowing companies to extend their security-connected infrastructure. McAfee also believes it is well suited to unifying heterogeneous environments.
CSL Behring, Ellis Medicine, Riverside Healthcare
Mformation Enterprise Manager
Enterprise Manager supports cloud-based deployments and includes inventory management and reporting, lock/wipe, app display/management, tablet support, enterprise service configurations, policy control and password management, security compliance reports, and device diagnostics.
Mformation sells exclusively to MSPs and CSPs and can support large-scale deployments across different mobile OSs that integrate with other mobility solutions (such as TEM and encryption) within an ITSM framework.
Airtel, AT&T, Bell, Clearwire, ISEC7, LG Electronics, Orange Business Services, Sprint, Telefonica, T-Mobile, UQ Comm., Vodafone
33 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 5: Mobile Device Management Vendor Offerings (continued)
Vendor Key
Offerings Key Features Value Proposition Key
Customers
MobileIron Virtual Smart-phone Platform (VSP)
Sentry Connected
Cloud MyPhone
@Work Enterprise
App Storefront
VSP is the “central hub” of the MobileIron solution and can be deployed as a physical hardware appliance or as a virtual appliance (using VMware ESX). MobileIron released version 4.5 of VSP in November 2011, which included additional security features for Android devices and support for Android 4.0 security. Sentry provides access control for email and is an optional component. Connected Cloud, announced in August 2011, is a multi-tenant SaaS service allowing customers to administer their solution via a web browser/Internet and integrate with existing security infrastructure. Enterprise App Storefront includes an app distribution library, app security and access control, and app inventory.
VSP is a “simple-to-install server that plugs into corporate networks and lets customers quickly gain control of their smartphone operations.” MyPhone@Work provides an enterprise app storefront with a catalog of mobile apps tailored to enterprise users. Apps are approved by IT and available in commercial app stores or created by IT for internal use.
Amlyin Pharmaceu-ticals, City of Redlands Police Dept, City of Stockholm, Colt Car Company, Curtiss-Wright, Daimler Trucks North America, Fairfield Residential, Fenwick & West, Helsana, Kindred Healthcare, KLA-Tencor, Land Securities, Life Technologies, Logica, Mercedes Benz, NETGEAR, New York Life Insurance, Norton Rose, Thames River Capital, U of Connecticut Health Center, Wyndham
Motorola Solutions
Mobility Services Platform 4.0
Multi-OS support, including smartphones and tablets, BYOD management, self-service portal, configuration/application management, remote OTA provisioning and analysis, and remote lock/wipe; “Hardened” Android support , including IT controls, OTA remote updates, management of white lists for approved apps, and secure internal & external storage policies; and enhanced security, including remote lock/wipe and automated device certificate renewal and maintenance.
Motorola Solutions scales to up to 250K licenses simultaneously supported. Motorola Solutions can also manage rugged and consumer devices from a single pane of glass. As a F500 company, Motorola Solutions has a diverse breadth of offerings.
Baylor Health Care, Bumrungrad International Hospital, Memorial Medical Center, Sunnybrook Health Sciences Centre
34 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 5: Mobile Device Management Vendor Offerings (continued)
Vendor Key
Offerings Key Features Value
Proposition Key
Customers
SAP Sybase Afaria, including Advanced Enterprise Security (AES) for Samsung devices and Applica-tion Develop-ment Tools.
Sybase Unwired Platform
Afaria for iOS 4: Delivery of in-house applications OTA, asset information provided from a single console, separate management of enterprise and personal applications, extension of corporate security policies to IL devices, remote lock/wipe, enterprise-grade security using policy-based model. Afaria for Android: Management of IL and CL devices, strong security policy enforcement, provisioning of enterprise-class apps, partnership with NitroDesk Touchdown for secure corporate email. AES for Samsung Devices: Security management, application management, configuration management, Exchange client configuration, and OTA deployment for Galaxy S and S2 (Android 2.3+). App Development Tools: SAP is using the SQL Anywhere database to synchronize application deployments by enterprises and ISVs. Sybase Unwired Platform: Mobile enterprise application platform that allows enterprise developers to build applications that connect business data to mobile workers.
As an industry leader in back-end data management, SAP believes that mobility is a natural progression that allows customers to access data and act on it in real-time. SAP describes mobility as part of a larger ecosystem that makes Afaria more simplistic even with additional layers, including pre-built applications that can be accessed via self-service portals through application libraries, as well as custom applications through Sybase Unwired Platform (SUP).
City of Oakland Police Dept, Cox, Duke Univ. Health System, eFleet, Ergon Energy, Faith Footwear, Hurley, Jazz Pharma., Kindred Healthcare, Kwik Trip, National Institute of Statistics, Novo Nordisk, Good Samaritan Society, Tasty Baking Company, United Utilities, US Census
SOTI Mobi-Control
MobiAssist MobiScan
MobiControl is SOTI’s primary MDM tool for enterprises and includes management console, deployment server, MS SQL database, and device agent. MobiControl includes a web console, help desk tools, device provisioning, location services for GPS-enabled devices, data sync, advanced security (including standalone or AD authentication), asset management and CRM, and alerts and reporting. MobiControl is also available in v9.01 for Samsung Android devices. MobiAssist is a separate product for BlackBerry devices which compliments the BES and provides remote support for IT helpdesks and advanced diagnostics (SOTI plans to integrate MobiAssist into MobiControl in Q2 2012). MobiScan is targeted at customers with mobile field workers. Out-of-the-box configuration is designed to quickly establish connections to MobiControl and MobiAssist servers.
SOTI believes it solves unique challenges for customers who are deploying, managing, securing, supporting and tracking remote mobile and desktop devices. SOTI advertises that it is compatible with both consumer and ruggedized devices.
Bayer, BMW, Chevron, Coca-Cola, DHL, Dollar Rent-a-Car, Energizer, Honda, Honeywell, Johnson & Johnson, Kellogg’s, TJX, Marks & Spencer, McDonald’s, McKesson, Medtronic, Microsoft, Pfizer, Raytheon, Shell, Siemens, Southwest Airlines, Tesco, VW, Waste Management
35 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 5: Mobile Device Management Vendor Offerings (continued)
Vendor Key
Offerings Key Features Value
Proposition Key
Customers
Syclo Agentry MDM
Syclo has recognized most of its success in the MEAP market and offers its Agentry MDM platform bundled for free as a compliment to customers who purchase Syclco’s MEAP offering. Key MDM functionality includes Security (strong authentication, role-based access, remote device wipe, data encryption, centralized management); Management & Analytics (integration management, server/cluster management, OTA commissioning and application deployment, update and patch management, remote device troubleshooting); Connectivity (available on- or off-line, option of Wi-Fi or cellular networks, data compression); and Integration (database connection via ODBC and SQLNet; prebuilt enterprise system connectors, APIs and web services; enterprise application tools).
Syclo believes that applications are at the heart of any mobility offering and has over 2,000 developers working on the Agentry platform. Additionally, Syclo has a well-developed partner program and is using partners to expand globally.
Abbott Labs, Amgen, Astra Zeneca, Baxter, Bristol- Myers Squibb, Carefusion, DePuy Ortho, Johnson & Johnson, Merck, Sanofi-aventis
Tangoe Tangoe MDM
Tangoe is best known for its Telecom Expense Management (TEM) services, aggressively looking for ways to lower fixed and mobile communications costs in real-time for SMS, voice, and data that is tracked against carrier plans. Tangoe’s MDM offering includes multi-OS platform management, support for CL and IL devices, multi-server management views, a self-service provisioning portal, role-based security, client application for policy management and monitoring, and automated application deployment.
Tangoe advertises that it is the only vendor to support application deployment throttling (control of deployment volume) based on wireless host server statistics. Tangoe promotes its ability to provide end-to-end mobility management.
It is Tangoe’s policy to protect the anonymity of its global customers. References and client contacts are routinely furnished to companies during the evaluation/ purchase process.
36 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 5: Mobile Device Management Vendor Offerings (continued)
Vendor Key
Offerings Key Features Value
Proposition Key Customers
Wavelink Avalanche Avalanche
Telicost Wavelink
Studio Wavelink
Avalanche SecurePlus
Avalanche provides mobile device and infrastructure management across wireless LANs and WWANs. Avalanche includes software and configuration management, security, mobile remote help desk support, location-based services, alerts and reports, performance & statistics, and infrastructure management. Versions include Site Edition and Mobility Center. Avalanche Telicost provides real-time monitoring, reporting and analysis of data, voice, SMS and roaming consumption. Wavelink Studio is a family of products that allow developers to create wireless applications that are platform, device and OS agnostic. SecurePlus is a plug-in to Avalanche that provides advanced user authentication and security on Windows CE mobile devices.
Wavelink has nearly 15 years of MDM experience and over 10,000 customers in all verticals that use Avalanche software. Wavelink supports large installments of 130,000 devices. Real-time expense management tools provided through Telicost send alerts to users and IT admins. to keep costs low.
3M, Ace Hardware, Boeing, Bridgestone Firestone, Cardinal Health, CeBIT, City of Aurora, GE Healthcare, GM, Jade, J. Crew, Macy’s, McKesson, Nestle, Nike, Norway Airports, Penske, Pepsi, Pinellas County Jail, Ryder, Saddle Creek, Saint Agnes Medical Center, St. Vincent’s Hospital, Target, Tesco, University of Maryland, VW
Zenprise Mobile Manager
Zencloud
MobileManager includes configuration management (enable corporate email; configure enterprise resources such as Wi-Fi, VPN, proxy server; enable universal PKI; restrict resources/apps; define and enforce OS and patch levels; and delineate between IL and CL devices); provisioning (enforce policies, distribute applications via enterprise app store); security (enforce passcodes; integrate with 2-factor authentication; locate/lock device; full/selective/auto wipe; passcode history; block jail broken or rooted devices; enable app tunnels; app black/white listing; block unauthorized/non-compliant devices; set Dynamic Defense context-aware policies); tracking (detect user, device, system, service issues; maintain HW/SW inventory; maintain asset details; report on device statistics and service details); and Decommissioning (full/selective device wipe; identify inactive devices). Zencloud is a multi-tenant offering that can run as a public, private, or hybrid cloud. Zenprise’s cloud facilities are SAS70 Type II, FISMA Moderate compliant, and Federal Cloud Certified.
Zenprise solutions are is “powerful yet simple” – simple for administrators and users, powerful in terms of end-to-end security and multi-tenant architecture.
Baker Hughes, Boston Red Sox, Cegdim, CITCO, Conoco-Philips, CVS Caremark, Grant Thornton, Jelly Belly, Knight Transportation, Monsanto, Ross, Scent Hughes, Sears, Sysco
37 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Mobile Device Management Vertical Expertise
Mobile device management vendors typically operate across a wide cross-section of vertical
markets, sometimes specializing in specific industries. For example, while AirWatch supports
customers in over 15 vertical markets, it has an especially strong focus on healthcare, retail,
manufacturing, and technology.
Interviews with MDM executives found that many vendors approach marketing and sales
discussions based less on vertical focus and more on the scale and size of the organization.
Additionally, some mobile device management vendors state that their ROI calculations are
done at a high level across many different industries, and not for specific verticals. This is
particularly true in smaller MDM organizations which may have fewer resources to devote to
specific verticals. Larger MDM players may also have the benefit of more fully developed
vertical programs across their organizations that MDM groups within these companies can
leverage.
Table 6 presents a summary of the vertical industries being served by key mobile device
management players.
38 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 6: Mobile Device Management Vendor Vertical Expertise
Vendor Health
Care Financial Services
Public Sector Transportation Retail Other
Absolute Software
● ● Education
AirWatch ● ● ● ● ● Distribution, Field Services, Hospitality, Manufacturing, Education
AT&T ● ● ● ● ● Education, Energy/Utilities, Hospitality, Manufacturing, Media,
Technology
BoxTone ● ● ● ● ● Accounting/Legal/Professional Services, Energy & Utilities,
Manufacturing, Media, MSPs
Fiberlink ● ● ● ● ● Automotive, Consulting, Energy, Media, Insurance, Travel
Good Technology
● ● ● ● Information Technology, Legal, Life Sciences, Management & Professional
Services, Manufacturing, Telecommunications
McAfee ● ● ●
Mformation ● ● ● ● ●
MobileIron ● ● ● ● ● Technology, Hospitality, Legal, Manufacturing
Motorola Solutions
● ● ● ● ● Education, Energy/Utilities, Hospitality, Manufacturing,
Technology
SAP ● ● ● ● ● Education, Energy/Utilities, Hospitality, Manufacturing,
Technology
SOTI ● ● ● ● ● Manufacturing, Logistics
Syclo ● ● ● Utilities, Oil/Gas, Asset Management, CRM Field Service, Manufacturing,
Water/Wastewater Tangoe ● ● Limited ● ● Advertising, Aerospace, Business
Services, Manufacturing, Real Estate
Wavelink ● ● ● ● ● Manufacturing Zenprise ● ● ● ● ● Oil & Gas, Legal, Telecom, Insurance
39 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
NEEDS AND BENEFITS ADDRESSED BY MOBILE DEVICE MANAGEMENT VENDORS
Overview
Mobile device management vendors provide numerous benefits for enterprise customers,
including improved ROI/TCO, more efficient and productive employees, greater customer and
employee loyalty, and improved data and device security. In Table 7 and the ensuing
discussion, we highlight and discuss key reasons organizations are considering and adopting
mobile management solutions.
Table 7: Key Benefits Provided by Mobile Device Management Solutions Benefit Examples
Lower TCO Reduce telecom expense through telecom expense
management programs
Lower provisioning costs by provisioning devices OTA and
remotely
Self-service portals lower IT administrative
overhead Improved ROI ROI improvements include
significant hard dollar savings, totaling millions in
some cases
Soft ROI examples include greater productivity and
improved employee morale
Mobile apps are driving significant ROI today and
will generate even greater ROI in the future
Reduce Complexity Customers can upgrade software on all devices
simultaneously
Solutions allow user self-service and administration
IT can restrict corporate devices to specific
versions or OS levels
Increase Security
Includes sandboxing, containerizing and
segmenting personal and corporate data
Application tunnels run from a container to an enterprise
back-end system
Document control provides time- and
location-based access to documents
Improve Employee Experience
Allow employees to bring and use their own personal
devices
Develop and deploy mobile apps that create greater
efficiencies and productivity
Solicit and utilize stakeholder involvement
and testing Reduce Liability and Legal Concerns
Devices can be tracked, locked and wiped if lost or
stolen
Departed employees no longer have access to
sensitive company information
BYOD environments may restrict corporate
liability to business data only
Increase Productivity and Efficiency
Mobile integrations with business system services,
such as BI, ERP & CRM
Reduced duplication and manual processes lead to
greater effectiveness
Less down time and “waiting around”
generates higher sales
Improve Customer Experience
Tablet kiosks help drive greater engagement and
higher spend
Customers are more loyal and willing to re-purchase
Data is more accurate and accessible
Improve Support Self-service portals fit new end-user paradigm
Partner support provides comprehensive assistance
Customers can choose low-, mid-, or premium-level support contracts
Provide Greater Choice
Customers can choose on-premise, cloud/hosted, or
appliance solutions
Vendors offer platform and container offerings
Partnerships allow vendors to provide more comprehensive offerings
Offer Attractive Pricing
SaaS and appliance pricing offer reasonable per user
and per month fees
Greater competition within the MDM market has driven
down all pricing
Some vendors offer warranties or free
support
40 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MDM solutions provide significant benefits because they address critical needs in the market
that IT executives continue to struggle with, including:
The proliferation of mobile devices, along with the “consumerization of IT,” has
overwhelmed corporate IT departments as more employees bring their mobile devices
to work and want access to corporate networks.
The fragmentation of device types and mobile operating systems, particularly for
Android devices, has led to the need for more systematic management and control over
mobility end-points.
Privacy and legal concerns surrounding BYOD policies, particularly with regard to wiping
employee-owned devices, has caused IT managers to investigate solutions that protect
them from future liability.
The explosion in the number of applications being downloaded and used, including the
need to secure and provision these applications, has led IT executives to turn to MDM
(and MAM) vendors for greater assistance in creating, deploying and managing
applications.
Customers are struggling to develop, deploy and manage applications as they
transition from public app store applications to custom applications that are tailored
specifically to their industries or businesses. As a result, Mobile Application
Management vendors are exerting greater influence in enterprise settings, challenging
MDM vendors for the application component of the mobile enterprise.
The proliferation of delivery models, including on-premise; SaaS models via private,
public, and hybrid clouds; and appliances, has offered greater choice, but also raises
concerns about security in cloud-based environments.
Increased security concerns among organizational executives, most notably in highly
regulated industries, such as healthcare, financial services and government, has led to
the need for tracking and auditing employees and devices.
Remote storage for mobile devices, including the storage of confidential corporate
documents in public digital vaults, iCloud and other non-secure environments, is a
growing concern for CIOs, regardless of industry.
The tension between security risks and long-term business potential when mobility is
fully unleashed has led many IT executives to seek out best practices to take advantage
of the efficiencies, productivity and greater competitiveness promised by mobile
solutions.
These categories are described in greater detail in the following sections.
41 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“Christmas is coming and I’m
expecting to have hundreds of users
in sales and marketing coming to me
in January, asking for support of their
new devices.” Enterprise IT manager,
December 2011
Mobile Device Proliferation
The days of BlackBerry devices ruling the corporate
environment, and being handed out to corporate
executives as a seniority perk, are over. Today,
millions of devices have flooded into the work place
by employees at all levels of the organization.
Cimarron Buser, VP of Business Development at
Apperian, states “Mobility is a wave that has already
crashed. It’s the laggards that still haven’t gotten
on-board.” IT managers are struggling to deal with
the scale and complexity they’ve inherited. As one
overwhelmed IT manager stated in December 2011,
“Christmas is coming and I’m expecting to have
hundreds of users in sales and marketing coming to
me in January, asking for support of their new
devices.”
Bring Your Own Device (BYOD) trends point to even
greater usage of personal devices in corporate
settings in coming months. A survey by Good
Technology of its customer base in October 2011
found that enterprises are increasingly embracing
BYOD policies, including those in highly regulated
industries, such as finance/insurance and healthcare.
Good’s survey found that 72 percent of its customers
are formally supporting BYOD programs, an increase
from January 2011, when 60 percent of Good
customers supported formal BYOD programs. An
additional 19 percent of Good respondents from the
October survey indicated that they were either
planning or considering a BYOD program within the
next six-to-12 months.
MobileIron is seeing similar statistics: at an October
2011 MobileIron User Conference, 75 percent of
MobileIron customers indicated that they are either
considering a BYOD policy or already have a BYOD
policy in place. While not all environments have
Tangoe Predicts BYOD Trends
Tangoe believes that BYOD will become
available as a software stack due to the
growing importance of security and
mobility, specifically authentication,
verification, identity management and
single sign-on. As part of an integrated
solution, IT executives will not have to
piece all of these components together
themselves.
Tangoe also believes that BYOD is
causing a reduction in the growth rate
of email, as users increasingly
collaborate in real-time and transition
to texting, social networking and file
downloading services.
By integrating social networking sites
into MS Outlook, enterprises can take
advantage of real-time collaboration
within social networking platforms,
giving corporate IT control over
sensitive corporate data within a secure
enterprise environment while realizing
the benefits of real-time decision
making and interaction.
Tangoe predicts that BYOD will also
change the relationship between IT and
Finance. While these two groups did
not collaborate extensively in the past,
BYOD will force more interactions,
including discussions about cost
management and reimbursement
policies.
42 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
moved to BYOD models, there is a general
acknowledgement that heterogeneous environments
are here to stay. Smart corporations are looking
ahead and putting frameworks in place to support new
employee-liable devices, devices that may not even
exist yet.
The importance of BYOD in the MDM market cannot
be overstated. Whereas enterprises could keep tight
control over corporate assets and inventory in the past
– maintaining a uniform operating system, installing
the “right” applications that ran on the OS,
implementing lock-down controls, and returning
devices to the corporation when employees departed
– that model has crumbled over the past 18-to-24
months as unknown devices have begun connecting
and operating on enterprise networks. IT departments
have had to expand the types of devices they are
supporting and there has been an overall “mixing” of
corporate and consumer data on employee-liable
devices.
According to John Herrema, Good’s SVP of Corporate
Policy, “CIOs see a great opportunity to leverage the
technology their users are already using, but they
want to be able to do that correctly, especially if
organizations are large, complex, regulated, or
security-conscious.” Herrema believes the trend
toward greater BYOD policies will continue, if not
accelerate, allowing organizations to open up mobility
broadly to 50-to-80 percent of their employees, not
just 30 percent of senior executives, sales, and similar
roles who traditionally enjoyed mobility privileges in
the past.
The “consumerization of IT” has brought about a
transformation in corporate and organizational work
spaces, as employees increasingly demand access to
corporate networks. This is a trend that is especially
Tangoe Predicts BYOD Trends
Tangoe believes that BYOD will
become available as a software stack
due to the growing importance of
security and mobility, specifically
authentication, verification, identity
management and single sign-on. As
part of an integrated solution, IT
executives will not have to piece all of
these components together
themselves.
Tangoe also believes that BYOD is
causing a reduction in the growth rate
of email, as users increasingly
collaborate in real-time and transition
to texting, social networking and file
downloading services.
By integrating social networking sites
into MS Outlook, enterprises can take
advantage of real-time collaboration
within social networking platforms,
giving corporate IT control over
sensitive corporate data within a
secure enterprise environment while
realizing the benefits of real-time
decision making and interaction.
Tangoe predicts that BYOD will also
change the relationship between IT
and Finance. While these two groups
did not collaborate extensively in the
past, BYOD will force more
interactions, including discussions
about cost management and
Fiberlink on Fire
On February 1, 2012 Fiberlink
announced enterprise support for the
Amazon Kindle Fire. Fiberlink will
support the Fire through both
ActiveSync and device agents.
Because the Kindle Fire does not yet
support Google’s Cloud to Device
Messaging Framework (C2DM),
Fiberlink created built-in timers that
allow MaaS360 servers to regularly
check to see if there are any actions
pending on Kindle Fire devices, such as
the need to perform device wipe or
passcode reset.
MaaS360 leverages TouchDown for
secure email, allowing it to provide
integration for Kindle Fire with
TouchDown’s secure email container.
Fiberlink customers can set granular
policies, such as disallowing
documents to be forwarded or saved
as attachments on mobile devices.
Fiberlink also provides a simple
connection back to the network for
email and document access.
Additional MaaS360 support for Kindle
Fire includes: OTA device
configuration management, security
policy enforcement, real-time
reporting, and alerting and auto-
quarantining if Kindle Fire devices
attempt to connect to the corporate
network.
43 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“In the old days you had a BlackBerry
Enterprise Server (BES) administrator
in your IT department. Now you
have a BES administrator on
steroids.” Peter DeNagy, Principal
Consultant at Enterprise Mobility
Strategies
playing out in companies with younger workers, often dubbed “Generation Y,” “millenials,” and
“digital natives.” These workers have specific expectations about how, where and when they
access and use technology. In many instances, this generation is more tech savvy than their
older colleagues, who are often satisfied with company-issued BlackBerry devices. Younger
workers, in contrast, want to use their own personal devices anytime, anyplace. As shown in
Table 2, 53 percent of 18-24 year olds and 64 percent of 25-24 year olds own smartphones.
Many organizations adopt BYOD policies to attract and retain the best workers. According to
John Herrema, Senior Vice President of Corporate Strategy at Good Technology, “If a company
is seen as unreasonably saying ‘No’ to employee requests, that organization simply cannot hire
the best people they want to hire, particularly from Generation Y.”
Officials at McAfee agree, stating “The 18-to-24 year old demographic considers mobile devices
a birth right as much as they consider social media a birth right, while BlackBerry devices are
sufficient for individuals over 50. As you go into younger and younger demographics, both the
expectation about what technology people should be able to use, as well as the benefits that
technology brings, definitely gets broader.”
Even in corporate environments that do not have BYOD policies in place and instead issue
corporate-liable devices, an MDM solution is viewed as essential. Large deployments are
especially well suited to MDM solutions because the MDM software allows IT managers to
quickly and easily deploy and configure the devices over the air (OTA). As AirWatch Chairman
Alan Dabbiere states, “It would crush an organization’s IT staff to get involved in the installation
of every device.”
Mobility Fragmentation
The fragmentation of mobile devices, and Android devices especially, can be overwhelming to
IT managers. As one industry veteran points out,
Samsung alone released 134 Android-based phones in
North America in 2011. Other popular handset
manufacturers releasing Android-based devices on a
steady basis include Acer, ASUSTek, Dell, HTC,
Huawei, LG, Motorola, NEC, Lenovo, Sony Ericsson,
Toshiba, and ZTE. There are secondary and tertiary
tiers of manufacturers as well.
In addition to the plethora of devices and device
types, there are multiple operating system versions associated with Android devices, including:
44 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Cupcake: Released in April 2009, Android 1.5 included new UI enhancements and new
features, including virtual keyboard, animated window transitions, voice search, support
for widgets, and video recording/playback in MPEG-4 and 3GP formats.
Donut: Released in September 2009, Android 1.6 included a quick search box and
expanded search framework; updated UI with integrated camera, camcorder and
gallery; VPN control panel; Android Market updates; text-to-speech engine; expanded
support for screen densities and resolutions; and telephony support for CDMA.
Éclair: Released in October 2009, Android 2.0 featured support for MS Exchange to sync
email, Bluetooth 2.1 support, new browser interface and support for HTML5, improved
virtual keyboard, Quick Contact, new calendar features, integration with Facebook, and
updated search features.
Froyo: Released in May 2010, Android 2.2 included a JIT Compiler for faster applications
and improved battery life; automatic application updates; new Linux kernel; Adobe
Flash support; integration of Chrome’s V8 JavaScript engine into the browser
application; support for Android Cloud to Device Messaging (C2DM) service (enabling
push notifications); and improved MS Exchange support, including security policies,
auto-discovery, GAL look-up, calendar sync and remote wipe.
This release was critical for the mobile device management market, in that it included
APIs and integrations to MDM platforms, as well as the ability to perform remote wipe
and password enforcement. This is the first release in which Android was generally
considered “enterprise-ready,” although many IT managers continue to express
concerns about security on Android devices.
Gingerbread: Released in December 2010, Android 2.3 featured an on-screen
keyboard; UI changes, including new color schemes, simplicity and speed; application
and power management for better insight about what is running in the background; SIP
Internet calling, directly integrating VoIP; Download Manager, allowing easier access to
files downloaded from the browser, email or other applications; Native Development Kit
(NDK) for Native development; Near Field Communications (NFC); new audio effects;
and support for multiple cameras.
Honeycomb: Released in February 2011, Android 3.0 was the first tablet-only Android
update and supported applications and programs specifically designed for tablet
computers. The Motorola Xoom tablet was the first device to feature this version. Key
features of Honeycomb included a new user interface, including improved multi-tasking,
home screen customization, widgets and notifications; an improved camera/gallery for
larger screens; an Action Bar to display applications in use; a System Bar for global
status and notifications; new connectivity features; a customizable home screen;
45 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
browser enhancements; support for multi-core processors; and improved keyboard and
cut/paste functionality.
Importantly, the Honeycomb release also included critical features for enterprises,
including the ability of enterprise application developers to add new types of policies,
including encrypted storage, password expiration, password history, and password
complex characters.
Ice Cream Sandwich: ICS was announced in October 2011 and the source code for
Android 4.0.1 was released in November 2011. Unlike previous releases, Android 4.0
combines the same OS for mobile phones and tablets and is considered one of Google’s
largest Android OS updates. Key features of ICS included an updated UI designed to
work without buttons; “back,” “home,” and a newly created “multi-tasking” virtual
button at the bottom of the screen that expand/contract depending on user activity;
auto-syncing of browser with Chrome bookmarks; new tabbed web browser with up to
16 tabs; more powerful home screen than previous versions for placing widgets and
icons across different pages; automatic folder creation/deletion; permanent search
screen at the top of the home screen; unlock with facial recognition; improved
notifications functionality; social networking integration (“People” app); improved NFC
(“Android Beam”); and data usage settings that allow users to set alerts when they
approach usage limits, as well as data disabling when usage limits are reached.
Due to the BYOD phenomenon, employees are bringing not only Android-based devices into
their work spaces, but other mobile devices and operating systems as well. While the
fragmentation associated with these devices is not as extreme as it is with Android, IT managers
must still add Apple, Microsoft, and RIM devices and OSs to their list of support requirements.
Still, some CIOs are pushing back against fragmentation, marking a line in the sand and
restricting device choice, even in BYOD environments. This is particularly true in highly
regulated industries. These IT departments have decided that they will not shoulder the
burden of supporting every device form factor and every device OS. Examples include:
Coldwater Creek: While Coldwater Creek issues corporate-owned BlackBerry devices
and will allow employees to use their own iOS devices, it will not allow or support
Android devices due to security concerns surrounding the Android platform.
Gannett: Media and marketing solutions company Gannett made the decision in
December 2011 that it would standardize on the Apple iPhone 4S instead of Android
phones. A key reason for this decision was “the wide variety of [Android] versions, plus
inconsistent functionality by vendors/devices.”
46 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Growing Privacy and Legal Concerns: Whose Property Is It?
Because of the lack of precedence for individual-liable devices in corporate settings, privacy and
legal issues are a significant concern for officials managing mobility policy. A starting point in
most legal conversations is “Whose property is it?” For corporate-liable (CL) devices, this is
fairly straightforward: since the company purchased the device and pays for the monthly
service, the company owns the device and all associated data on it.
In Individual Liable (IL) or BYOD environments, the answer to this question is not so
straightforward since courts have not clearly defined privacy and data ownership rules for
mobile devices. While an employee may own the device, the company may own the corporate
data on that device. When companies perform monitoring of their IT assets, personal
information from employee devices may also be monitored. If an employee is fired or resigns,
IT managers must ensure that the corporate data is completely removed, or wiped, from that
device. But what if personal data is also wiped? There are also potential issues with
contractors and consultants, who may want access to the corporate network for their personal
devices but are not employees of the firm.
While BYOD environments are growing due to ease of use and employee satisfaction, the BYOD
trend is fueling legal concerns too. Increasingly, corporate executives realize that if they only
lock down a portion of an employee’s device, such as corporate data residing in a container,
they are only liable for damages relating to that data, and not for inappropriate or illegal
actions relating to the rest of the employee’s device. See no evil, hear no evil. This concern
over legal exposure is also driving the movement toward application management instead of
device management.
Research for this paper found that there is universal agreement on the need for organizations
to take certain steps with regard to mobility to protect themselves from potential liability:
Organizations should define what is meant by a mobile device, include smartphones,
tablets, laptops, netbooks, and similar devices.
It is critical to get explicit employee consent for any monitoring or access the company
may initiate of IL devices, including written consent of the company’s employee mobility
policy.
There should be explicit wording about the extent and terms of support for employee-
and company-owned devices, regardless of whether the organization is providing
support itself or through an MDM provider.
47 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Additionally, corporate policies need to clearly spell out and define all aspects of the
firm’s mobility policies, including the possibility that the entire device may be
monitored, accessed, and/or wiped.
Companies must take steps to monitor only what is needed for legitimate business
purposes on employee-owned devices. If an employee downloads an application onto
his or her personal device and a member of the company’s Help Desk staff comments on
it, for example, there may be issues of employee privacy violation.
In developing mobility policies, representatives from IT, legal and Human Resources
should provide input and guidance.
Companies also need to be aware of different laws when operating in multiple geographic
markets. For example, in some countries, such as China, Germany and France, it is illegal to
wipe an employee-owned device. Additionally, companies operating in these geographies are
not allowed to extract application inventory if they blacklist certain applications. AirWatch
Chairman Alan Dabbiere notes that, “While AirWatch can track employees, devices and vehicles
for Coca-Cola in the United States, it cannot do this in other countries, such as Germany or
France. Software needs to comply on a global basis to what features really mean.”
Alison Welch George, Senior Business Development Manager at SAP, notes that SAP takes a
very hard line between consumer and corporate data if a device must be wiped due to loss or
theft. Afaria allows IT managers to separate personal data from corporate data, which Welch
George asserts is not universal among all vendors.
48 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Growing Importance of Mobile Applications
Mobile applications are driving much of the growth in
the mobility market. As Joe Granda, EVP of
Marketing at Syclo states, “It all starts with
applications. If you don’t have applications, what’s
the point of having a mobile device?” As of January
2012, Apple’s iTunes store offered more than
560,000 applications, while Google’s Android Market
is quickly catching up and offers over 400,000
applications, also as of January 2012. Other mobile
application stores include BlackBerry App World,
Nokia Ovi Store, Samsung Apps, and Windows Phone
Marketplace. In October 2011, Berg Insight forecast
that mobile application downloads worldwide will
grow at a compound annual growth rate of 57
percent between 2010 and 2015, reaching nearly 100
billion total app downloads by the end of the period.
Fiberlink reports that it has seen much greater
interest in application development, deployment and
management within the last three-to-six months,
with some companies that have more advanced
capabilities moving faster than others. Because
Fiberlink deploys its MDM solution solely as a SaaS-
based offering on a common platform, it can
aggregate data to see which applications are most
popular by category and recommend those
applications to customers.
As application proliferation increases, different types
of applications have been introduced, including on-
device, thick client standalone applications, thin
client web-clip applications, and applications that are
a blend of on-device code as well as back-end
database/back-end application server. Increasingly
customers are blending these applications depending
on their needs. For example, BoxTone has numerous
health care customers that are running Cerner and
Fiberlink: Applications in the Cloud
Fiberlink’s “AppCloud” allows companies to upload their applications to the MaaS360 platform, where Fiberlink puts a secure wrapper around the application. Users who try to download the app must first authenticate to gain access.
AppCloud is available from nearly 100K endpoints in Fiberlink’s global content distribution network. This allows users in Europe, for example, to download a local copy instead of transferring information from a site in the United States or other geographical location. Fiberlink partners with Akami for its global content distribution services.
Fiberlink also offers “AppExtender,” which allows organizations to leverage a set of Fiberlink APIs to build in-house enterprise apps. APIs include different types of functionality, such as the ability to authenticate/authorize users, query a device and pull back device information. Customers can also get performance and reporting data about specific applications. Fiberlink believes AppExtender allows customers to enhance the security and operational efficiency of their apps.
AppCloud and AppExtender are designed for corporate, in-house apps, and not for the Apple or Android public app stores. Fiberlink’s Enterprise Application catalog helps manage public applications.
49 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
McKesson applications, along with diagnostic imaging
and ultrasound applications that use a sensor and
display on an iPad.
As organizations increasingly utilize applications for
productivity gains beyond just email, calendar, and
contacts, they are looking to mobility vendors for help
in supporting their application creation, deployment,
management, and integration. Companies have come
to realize that putting high-value applications on
mobile devices will increase productivity and employee
commitment to the company. According to Cimarron
Buser, VP of Business Development at Mobile
Application Management vendor Apperian, “We want
to make sure individuals feel good about the
applications they’re using and the experience they’re
having with these applications. If they do, the
company will ultimately benefit.”
The majority of Wavelink’s MDM customers –
enterprise-level companies – understand the long-
term benefits of utilizing and controlling mobile
applications to drive better performance. Jay Cichosz,
VP of Marketing, notes that “Wavelink customers are
definitely trying to use mobility to integrate with back-
end systems and to use mobility for more of a strategic
purpose.”
Customers Struggle with Application Management
While some customers have moved beyond basic
applications to more advanced capabilities, many
companies struggle with how to manage all of the
applications end-users are putting onto their mobile
devices, including securing and provisioning the
applications and managing third party versus in-house
applications. Increasingly, organizations are creating
their own version of an application store, using app
libraries for mass deployments and upgrades, and
building policies and resources directly into their MDM
MobileIron’s AppConnect Helps Secure Enterprise Applications
In September 2011, MobileIron announced “AppConnect,” a collaboration with nine partners that provides enterprises with a tool to secure application ‘data at rest’ and ‘data in motion’ across the application lifecycle.
AppConnect secures company-developed apps, third party apps from the Android Market, and other mobile application distribution services.
AppConnect can be natively installed on MobileIron’s VSP platform and is available to MobileIron customers and developers at no charge.
AppConnect capabilities include authentication, configuration, authorization, access control, analytics, and removal.
AppConnect partners include: Accellion, Box, GoodReader, GroupLogic, NitroDesk, Quickoffice, Roambi, Wyse PocketCloud and Xora Sign On.
50 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“If you narrowly define MAM as just
offering an enterprise application
store, then MDM and MAM are
converging. However, I think that
MAM is more than just enterprise
application stores and I'm worried
that the definition of MAM is getting
watered down to that.” Andy Smith,
VP of Product Marketing, Bitzer Mobile
consoles. Creating a “single pane of glass” that provides a unified view of public and private
applications is critical.
While MDM vendors have increased their capabilities
and offerings around third party applications –
applications found on iTunes or in the Android
Market, for example – there is still work to be done in
terms of MDM vendor development, deployment and
management of custom applications. Most MDM
vendors provide an application store front but this is
not synonymous with custom application
development. When asked if MDM and MAM
markets are converging, Andy Smith, VP of Product
Management at Bitzer Mobile, responded “If you
narrowly define MAM as just offering an enterprise
application store, then MDM and MAM are
converging. However, I think that MAM is more than just enterprise application stores and I'm
worried that the definition of MAM is getting watered down to that.”
Custie Crampton, VP of MDM Technology at Tangoe, agrees that application management is
more of an advanced capability and notes that “Device management is not really part of
application management.” Officials at Tangoe project that custom and private application
development will continue to be a separate entity from public application stores for most
customers, with a difficult path to the creation of a single enterprise store front that manages
different applications done by different developers. Tangoe believes that MDM vendors will
need to provide a single interface that displays both private and public application lists.
Sam Liu, VP of Marketing at MAM vendor Partnerpedia, juxtaposes the role MAMs play to that
of MDMs, noting that the application store paradigm that MAM vendors create is usually not
something MDMs provide. Liu believes that MAM vendors retain a focus on applications and
users, versus devices and device control, which is typically the domain of MDM vendors.
Partnerpedia has agreements in place with distributors of third party business applications that
it makes available to IT customers for purchase or download. Partnerpedia also offers a service
for customers to develop and build custom applications if they desire unique applications
unavailable in the market currently. Additionally, Partnerpedia has built a community of
approximately 5,000 members, including ISVs and VARs, whom customers can contact for
further assistance with mobile application development. According to Liu, “We know they need
this, because they just don’t have this expertise in-house.”
51 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
The Growing Influence of Mobile Application Management Vendors
As applications grow increasingly important in enterprise mobility, more companies are seeking
outside assistance for application creation, distribution and management. Increasingly, they
are looking to Mobile Application Management vendors to play this role, sometimes combining
MDM and MAM application development, distribution and management efforts, and in other
cases bypassing MDM application solutions altogether.
Mobile Application Management vendors such as Apperian, Bitzer Mobile and Partnerpedia
have entered the mobility market with a focus on improved applications and user experience.
Andy Smith, VP of Product Management at Bitzer Mobile, notes that, “While MDM players have
gotten a lot of traction initially, enterprises are increasingly looking to MAMs for a better user
experience, particularly as customers move from corporate-liable to BYOD policies.” Smith
believes that customers may initially select an MDM vendor because it is “easy” and “familiar”
but then decide that MAM vendors provide greater efficiencies and benefits.
Sam Liu, VP of Marketing at Partnerpedia, describes traditional mobile device management as
very device centric, focusing on specific corporate assets. Liu describes his view of the market
as one that is evolving from a time when applications were built internally or sourced from
large vendors, such as SAP, and deployed and implemented internally before being rolled out.
In this top-down approach, IT either performed or controlled nearly every aspect of application
development, deployment and management. Application cycles were also longer – generally
about 18 months for IT to build and roll out new applications from start to finish – and the
application had a life cycle of three years or more.
In contrast, Liu describes the current environment as one that drives life cycles for mobile
applications to under 12 months, resulting in a situation in which most IT departments “just
can’t keep up.” Adding to the problem is the fact that most IT developers have minimal
knowledge about mobile development. According to Liu, “The world of mobile development is
a fragmented world of a new generation of developers. Traditional IT just cannot keep up with
that.”
Alison Welch George, Senior Business Development Manager at SAP, describes how SAP’s
Afaria offering has been impacted by the accelerated schedules: “Afaria is on a release
schedule of dot releases every other month and full releases every quarter. We're releasing
new product on a less than 60-day cycle. A lot of those are new features to support a new OS
that just came out. It's not necessarily bug fixes – we’re actually adding features that were just
announced by Apple or Android.” Welch George adds that SAP employees “drink a lot more
coffee” lately.
52 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
One result of collapsing release
schedules is that IT departments are
increasingly being forced to open up
application sourcing, procurement
and development strategies to
outside vendors and external
sources.
Fiberlink, whose MaaS360 offering is hosted, does a new release every three weeks, and
sometimes more often. According to Fiberlink’s VP of Marketing, Neil Florio, “These are
typically releases with new features and functionality added.”
One result of collapsing release schedules is that IT departments are increasingly being forced
to open up application sourcing, procurement and
development strategies to outside vendors and
external sources. Applications are becoming a blend
of market apps from iTunes and the Android Market,
as well as internal corporate and third party
applications. IT departments will need to create a
framework in which they can quickly and efficiently
build a corporate catalog of applications that come
from multiple sources, transparent to end-users.
Moreover, corporate application catalogs need to
have the look and functionality of those that users are already accustomed to seeing.
According to Bill DeWeese, IT Manager for Enterprise Mobility at DynCorp International, “A lot
of MDM vendors don’t seem to get it, to see [application catalogs] from an end-user’s point of
view. [Our application store] doesn't look as aesthetically pleasing as the rest of the
applications on the iPhone. It doesn't look as good as it should, and it doesn't work as well as it
should. Instead, it looks like an IT shop built it. I think it needs to mimic the success that iTunes
has had.”
Bitzer Mobile, interested in better understanding the views of enterprise users with regard to
BYOD and end user experience, conducted a mobile industry study in December 2011 and
published the results in January 2012. Among Bitzer’s findings:
91 percent of users would be “very frustrated” if their company wiped personal data
from their mobile device.
81 percent of users would be “very frustrated” if they were forced to enter a password
every time they wanted to access personal applications, such as Facebook.
47 percent of users would decline enterprise access if they were forced to give up iCloud
or Android Backup Manager.
41 percent of users would be “very unwilling” to give up the use of Pandora or Spotify in
exchange for access to corporate information.
Bitzer Mobile believes the preservation of a positive user experience is essential.
Sam Liu of Partnerpedia believes that MDM vendors are a good fit for IT managers, who are
accustomed to top-down control focused on device-level security. In contrast, Liu believes that
53 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
There is clearly a need for balance
between security and end user
experience. If companies tip too far
to the security side of the scale,
mobile devices become unusable; if
they tip toward user experience,
there are invariably security holes.
Understanding the importance and
implications of both is key.
MAMs are better equipped to address the needs of end-users, which revolve around
application convenience, ease of use, and productivity tools, all within a collaborative
environment that invites users to be participative.
Liu believes that “consumerization” can be examined in two ways:
Consumerization coming from end users and their experience with consumer
application stores.
Resulting impacts of consumerization on IT departments, which is concerned with
corporate security, policies and procedures.
Liu acknowledges the security concerns surrounding mobility that many IT executives are
struggling with today. At the same time, he cautions against an over-reaction in which IT loses
sight of the ultimate drivers of mobility – the end-user and greater work force productivity. Liu
believes that, as IT managers feel confident that they have addressed enterprise security needs
and have adequately “locked down the fort,” they will increasingly turn their attention to the
organization’s application strategy, which includes figuring out ways to make end-users more
productive.
There is clearly a need for balance between security and end user experience. If companies tip
too far to the security side of the scale, mobile devices become unusable; if they tip toward
user experience, there are invariably security holes.
Understanding the importance and implications of
both is key. Brian Reed, Chief Marketing Officer at
BoxTone, notes that “Organizations need to look at
the entire lifecycle of the device and the applications
and all of the human beings interacting with that
device, including the IT department and the users
themselves. Mobile devices then need to integrate
with existing systems already in place – core IT
infrastructure – and not be a new mobile island of
mobile ‘stuff’ that hangs off the side of IT.”
Many mobile applications that are labeled as third party, pre-packaged applications still require
customization, in some cases significant customization. Bitzer Mobile is trying to convince
customers that its solution is a credible alternative when MDM solutions require significant
customization, which is expensive and time-consuming. Bitzer’s Andy Smith tries to convince
application decision makers that they can write a Bitzer virtualization layer and run it as a
mobile application in the Bitzer Mobile container for any customization that needs to be done.
54 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Apperian plans to use crowd sourcing
to engage users in conversations
about which applications are
important and what problems users
are trying to solve, serving as a
facilitator throughout the
discussions.
According to Smith, “Applications will have a native look and feel on end users’ devices and can
be deployed across multiple devices.”
Some organizations are taking user input to new levels for application deployment. For
example, mobile application management vendor Apperian plans to add crowd sourcing to its
repertoire, engaging end-users in conversations about
which applications are important, what problems
users are trying to solve, and serving as a facilitator
throughout the discussions. As Cimarron Buser, VP of
Business Development for Apperian notes, “It’s
important that you’re not just giving users a wiki or a
bulletin board to submit their ideas but, instead,
driving creative ideas out into the organization.”
Apperian does this by sponsoring contests that give
away free iPads, for example, to those users with the
best ideas, thereby driving up response rates and innovation simultaneously.
There is some overlap between MDM and MAM players, as vendors from both worlds unite
through partnerships. For example, Apperian is partnering with BoxTone to provide BoxTone
customers with more advanced application management solutions. When BoxTone customers
complete the device enrollment process, they see an HTML clip in the final step that installs the
Apperian application catalog. Alan Murray, Apperian’s SVP of Product, notes that the Apperian-
BoxTone partnership allows both companies to showcase their strengths: Apperian’s core
competencies are based around users and user experience, while BoxTone comes from an
infrastructure standpoint. Murray adds that “Integration with other MDM partners is always a
possibility. We’re definitely on the outlook but it’s the type of thing that doesn’t happen
quickly. You’ve got to trust them and get to know them, feel comfortable with their approach.”
Apperian also announced a new service for AT&T in January 2012 that uses Apperian’s EASE
(Enterprise App Services Environment) platform. Called “AT&T Mobile Application
Management,” the service provides human resource management, sales force/CRM, eCatalogs,
and product promotion applications that can be uploaded and assigned to groups. AT&T
customers can create and secure custom, enterprise applications and deploy them over-the-air
to employee devices. The service is managed through a web-based management portal.
Automatic updates take place after users tap an icon. AT&T Mobile Application Management
is a cloud-based service that supports iOS and Android devices. AT&T officials state that they
may add this offering and capability to MobileIron or McAfee’s platforms to enhance these
solutions.
55 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Most observers agree that MAM is not a replacement for MDM – at least not yet. According to
Sam Liu, VP of Marketing at Partnerpedia, “We can do some device management and we've
seen MDM vendors that also offer MAM-like capabilities. However, there is currently no single
vendor, either in the MDM or the MAM category, who does both well.” Cimarron Buser, VP of
Business Development at Apperian, agrees, noting “Some of our customers have MDM
solutions and may use those for certain devices, which may be company-issued. These same
customers will use the Apperian solution for all employees because they need application
management, which spans the entire population. It’s not an ‘either/or’ scenario.” Buser adds
that the individuals purchasing MDM and MAM solutions are often different individuals with
different sets of needs.
Variety of Delivery Models Allows Customers Greater Choice
While mobile device management has traditionally been offered as an on-premise solution, a
delivery model that remains a significant portion of the MDM installed base, customers are
increasingly evaluating other delivery models as potential options. For example, Jay Cichosz, VP
of Marketing at Wavelink, notes that Wavelink’s installed base is primarily utilizing on-premise
solutions and enterprise customers remain interested in retaining control through on-premise
systems. Nevertheless, Cichosz states that “more new customers are definitely interested in
our SaaS model.” Key benefits of cloud-based solutions are that they offer lower TCO, instant
scalability, faster deployments and upgrades, and lower internal IT personnel costs.
Vendors Adding Cloud to their On-Premise Solution Offerings
Cloud-based offerings are increasingly common among MDM vendors who began with on-
premise solutions. Companies such as MobileIron, Motorola Solutions, SOTI, Tangoe, Wavelink,
and Zenprise have added hosted offerings to their repertoires in the recent past. Executives at
these firms report that the cloud-based segment of their businesses is growing at a rapid rate:
AT&T is utilizing the MobileIron Connected Cloud platform for its cloud-based MDM
offering; AT&T reports that it is gaining “significant traction” and the offering is
expected to do very well.
MobileIron states that customers frequently request demonstrations of its Connected
Cloud offering, introduced in August 2011, adding that between 20-to-30 percent of its
customers have elected to purchase its cloud-based solution.
Motorola Solutions states that, while its cloud base is a smaller percentage of its
existing business, “We definitely see a healthy ramp.” Motorola Solutions predicts that
its cloud-based MDM offering will likely always be a smaller part of its overall business,
56 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
based on the company’s history and length of time in the market, but cloud will be a
very important growth engine for the future.
SOTI notes that the majority of its installed base today uses on-premise equipment but
more customers are increasingly asking for SaaS in the cloud. SOTI also supports a SaaS
model with on-premise architecture where customers pay a monthly subscription fee to
support the required number of devices during the time.
Tangoe reports that it has “strong interest” from on-premise customers to move to
Tangoe’s managed offering. Tangoe predicts that pattern will continue through 2012.
Given the strong potential for cloud-based offerings, vendors such as Absolute Software and
McAfee, which currently offer only on-premise MDM solutions, are exploring SaaS-based
offerings. According to McAfee officials, the company is working with a number of partners to
provide a cloud-based offering for its Enterprise Mobility Management solution. McAfee also
plans to develop its own, organic MDM SaaS offering.
Cloud-only Offerings
In contrast to a dual delivery approach, Fiberlink believes that a single delivery model is
preferable. Fiberlink offers only a SaaS-based offering and believes it is the only “true” multi-
tenant cloud-based architecture for MDM. Jonathan Dale, Product Marketing Manager at
Fiberlink, states that customers can scale to an unlimited number of devices. When customers
enroll in Fiberlink’s MaaS360 offering, Fiberlink carves out a tenant and creates a billing account
in the background, tying each account into Salesforce and Fiberlink’s internal billing and finance
systems, as well as assigning the customer rights and responsibilities.
Fiberlink’s Dale cautions that trying to keep up with the pace of change with different delivery
models across multiple device types is too challenging to do well. Dale argues that vendors
who offer both approaches need to make code changes across their on-premise services, as
well as a different set of code changes across their cloud-based platform. Fiberlink adopted its
cloud-based approach in 2007 and has “never wavered from this vision or execution.”
57 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Mformation also offers a single delivery vehicle – off-
premise – and is unusual in the industry due to its
model of selling via managed service providers (MSPs)
and communications service providers (CSPs), and not
directly to the enterprise. Mformation believes that,
while MSPs and CSPs are a smaller percentage of the
market today, these channels will only increase as the
market develops and matures. Mformation also
predicts that the MDM market will continue to follow a
more general IT trend and increasingly shift from on-
premise to cloud-based solutions. According to Rob
Dalgety, Director of Marketing at Mformation, “The
only question is: How quickly will it move?”
On-Premise Only Offerings
Good Technology is unique in discontinuing its
CloudSync MDM offering at a time when the general
market is rushing toward cloud anything. Good
currently offers its on-premise Good for Enterprise and
Good for Government as the company’s primary
solutions for mobile security and management. Good
believes that delivering end-to-end security with
consistent, government-grade data encryption across
all of the platforms and devices it supports requires an
on-premise solution with a footprint behind the
corporate firewall and on the device itself, particularly
when the “business” apps and data being accessed are
based on on-premise systems. John Herrema, Good’s
SVP of Corporate Strategy, points out that Good does
have a cloud component – Good’s Network Operations
Center, which facilitates secure connectivity without
having to open up holes to the firewall – and that its
Good Dynamics mobile apps framework supports both
“on-premise” and “cloud” apps. However, Herrema
notes that when it comes to consistently securing data
and apps that are based on on-premise systems (e.g.,
an on-premise Exchange server or an Intranet server),
Good must do so at the end-points to avoid “man-in-
Mformation Highlights Cloud
Security
Mformation takes cloud security
seriously and protects data in transit
using SSL.
While native data at rest is OS
dependent, Mformation has fully
integrated partners that handle both
individual application wrapping (fine-
grained container) and containers
(course-grained container) that
protect data at rest.
For access authentication and
authorization, Mformation’s security
service is implemented on the
concept of Access Control Lists (roles)
after user name and password
credentials are successfully met.
58 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
the-middle” and other security issues.
Cloud Solutions through Partnerships
Another approach to cloud-based MDM being taken by
some vendors is to offer cloud-based solutions through
partners. Zenprise, for example, built MobileManager
to be a partner offering and is currently working with
partners to market and sell Zencloud. McAfee is
currently offering Enterprise Mobility Management
(EMM) as an on-premise solution but will launch EMM
as a cloud service in 2012, both through McAfee’s
partners and as an organic offering from McAfee.
SAP is also working with partners to provide a cloud-
based MDM solution. SAP has historically offered
Afaria as an on-premise solution, something it
continues to do today. As more customers request
cloud-based offerings, SAP wanted to ensure it could
meet those needs. Recognizing partner strengths in
cloud-based infrastructure, SAP announced an
agreement for cloud-based MDM on Afaria with
Verizon in May 2011. SAP subsequently added
partnerships with Accenture, Orange Business Services
(a division of France Telecom), and Dutch company
VeliQ (formerly known as VeiligMobiel). SAP
specifically chose firms with deep, cloud-based
experience.
Russell Fry, Senior Director and Mobility Solution
Executive at SAP, sounds a cautionary tone when
discussing cloud-based approaches to enterprise
mobility management. While the cloud is very “trendy”
and the long-term prospects for SaaS are “exciting,” Fry
notes that mobility solutions are increasingly
connected into back-end systems and services,
including different corporate directories, LDAP, and
certificate authorities – and not just a BES or messaging
server. According to Fry, “As customers create these
more passionate back-ends, they're asking for a lot of
SAP Offers Cloud-based
Afaria with Key Partner
Offerings
SAP is offering cloud-based MDM
through partnerships with four key
partners:
Accenture
Orange Business Services
VeliQ
Verizon
Partners use Afaria as the
underlying platform and have built
their own front-end user interface
on top of Afaria, providing a cloud-
based portal for customers who
want cloud-based Afaria.
SAP’s partners all utilize the same
technology, implementation, and
look and feel for their solutions,
although they package and sell
their offerings differently.
SAP states that it has seen a large
interest in cloud-based solutions,
especially from its customers in
EMEA. Smaller companies, in
particular, like the payment
structure afforded by cloud-based
offerings.
59 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
firewall rules to take place, a lot of traversing down
from the clouds, down into the DMZ, typically into
multiple, one-way ports or firewalls, having that data
analyzed, and then creating a return trip. We have
interdependencies on the communication protocols
between the platforms. We can't re-write ActiveSync
to behave faster and have lower latencies. We do see
things improving, but the cloud is not perfect yet. We
all need to be aware – our customers included – of the
interdependencies of these back-end systems and
connection points that can complicate what a cloud
feature will look like.”
Choice is Critical
Increasingly, the emphasis for MDM vendors is on
choice and allowing customers to decide the best fit to
meet their needs. Peter Cannon, Senior Product
Manager at Wavelink, acknowledges that Android and
iOS platforms are well suited for the cloud and typically
offered by vendors who are new to the market. At the
same time, choice is important for those companies
and industries that are highly security conscious and do
not want to have mobile devices “speaking over an
open Internet, even if it is encrypted and controlled.”
Cannon foresees Wavelink continuing with both
approaches but cautions that the company’s SaaS
solution is usually an entry point for customers, adding
that, “As customers grow and become more
sophisticated, many will chose to bring the system
behind their firewall anyway.”
Motorola Solutions also believes that delivery choice is
key. Motorola Solutions’ MSP platform is available as
an on-premise offering, as well as through the
company’s large and growing Advanced Services
organization. According to Kevin Goulet, Motorola
Solutions’ Senior Director of Strategy and Product
Management, “The beauty of having our product both
Zenprise’s Evolution from On-Premise to the Cloud
Like many MDM vendors, Zenprise initially offered its mobile device management software as an on-premise solution. In July 2011, Zenprise released Zencloud as an alternative to its on-premise MobileManager solution. Zencloud is a multi-tenant solution that logically separates customer information. According to Ahmed Datoo, Zenprise’s CMO, “Any issues with corruption would only impact a single customer’s data, not the entire customer population.”
Zenprise puts cloud-related databases with sensitive information behind the DMZ so that critical information is not accessed via the public Internet.
LDAP information is also kept out of the DMZ in Zenprise configurations, and Zenprise does not sync LDAP data to the cloud.
Zenprise describes its security policies as end-to-end, providing device, network, application & data security.
Using a combination of public, private and hybrid clouds, Zenprise sold a 40,000 seat hybrid cloud contract in late 2011 to a customer integrating its existing on-premise resources into the
cloud.
60 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
ways is that customers have choice. Some customers want certain parts of their infrastructure
owned and operated for a certain geographic area, while others want it hosted. Regardless of
what the customer likes, we can provide it to them either way, either on a pay-per-use basis or
on an owned and operated basis.”
Jayaraman Raghuraman (“Raghu”), VP of Americas at Endeavour Software Technologies, a
mobile and enterprise application development firm, also believes that offering customers an
on-premise and cloud-based solution is critical, going so far as to predict that MDM providers
who do not offer both delivery models are likely to fail. Why? “There are still customers that
don't want to allow other companies to manage their infrastructure because of the importance
of mobile device security, particularly in industries such as banking and insurance. For at least
the next two years, the ability to offer on-premise will still be a need.”
Transition Challenges from On-Premise to Cloud Architectures
Some argue that pivoting from an on-premise architecture to a cloud-based architecture is
difficult, if not impossible. Alan Murray, SVP of Product at Apperian, argues that companies
that have built their products with an on-premise state-of-mind, on-premise engineers, and on-
premise delivery models will find it difficult to pivot their technology and will essentially need
to re-build. Murray adds that competitors who move from one deployment model to another
face “an incredibly expensive period, and a period of slower growth and innovation.”
Alan Dabbiere, Chairman at AirWatch, echoes these sentiments, stating that vendors who try to
move from single-tenant, on-premise solutions to a multi-tenant SaaS architecture are doing a
“re-write.” Dabbiere warns that many vendors who claim to do multi-tenancy are really just
standing up separate instances of the software for each customer, adding “As these companies
continue to scale, their success becomes their undoing and they implode under the weight of
their own success.”
Officials at Mformation also concur. Rob Dalgety, Mformation’s Marketing Director, states that
there are multiple key factors – tenancy, device support requirements, the need to support
many in- and out-bound transactions, a different approach to integration with Exchange Active
Directory, database partitioning, application delivery at scale, and API support – that can be
substantially different in cloud versus on-premise environments. For example, Dalgety notes
that a large MSP deployment may need to support hundreds if not thousands of concurrent
enterprise administrators – a significantly larger number than the typical user load in behind-
the-firewall solutions.
Others argue that the transition from on-premise to a hosted platform is not difficult, at least
not for firms who architected their solutions in such a way as to anticipate such a transition.
Tim Williams, Director of Product Management at Absolute Software, notes that his firm “has
61 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“Moving from a single-tenant code
base to multi-tenancy is not
impossible, but it is also non-trivial,
represents real work, and requires a
different mindset. It takes time,
energy, and the right talent.” Senior
Mobile Security Official at McAfee
been offering a SaaS-based solution with Computrace since the 1990s, so SaaS is not new to us.
Moving Absolute Manage MDM to the cloud is just a matter of integrating technologies that we
already have. It's simply a matter of converging our products in a way that makes the
capabilities of our cloud solutions available on-premise and our premise-based solutions
available in the cloud. That's part of our plan and our strategy.”
Officials at Wavelink state that they build products to please customers, not just to make a
product announcement or to impress venture capitalists. According to Peter Cannon, Senior
Product Manager at Wavelink, “Moving from a single tenant, on-premise solution to multi-
tenancy is something we’ve been hard at work on for the past few years. Our architecture was
built in such a way as to make the transition to multi-tenancy more conducive than others. A
lot depends on how much you've painted yourself into a corner with technology choices in the
past. We are fortunate to have a good, solid architecture to begin with and strong engineering
to help us make that transition.” Wavelink does express skepticism about the possibility of
newer entrants making this transition, however.
Syclo is another MDM provider who believes that moving from an on-premise solution to a
cloud-based solution is not difficult. According to Joe Granda, Syclo’s EVP of Marketing, “It’s
more difficult to go the other way. Why? On-premise providers know how to implement the
solution and are just putting the solution into a different server farm that’s in a hosted
environment. In contrast, SaaS providers do not have
a vehicle – such as a professional services team or
partnerships with global service providers – to deliver
on-premise solutions.” Granda believes that SaaS
environments are consistent and monolithic with few
changes, unlike on-premise environments, which are
“accustomed to a wider range of challenges.”
A senior mobile security official at McAfee takes the
middle road between these two views, noting that
moving from a single-tenant code base to multi-tenancy is not impossible, but it is also “non-
trivial,” represents “real work,” and requires a different mindset. It takes “time, energy, and
the right talent.” Ahmed Datoo, CMO at Zenprise, agrees, noting that companies that
architected their solutions using an on-premise model are now “struggling” as they transition to
cloud-based models but, with time, will eventually reach their goals.
Table 8 provides a detailed description of the delivery options offered by the mobile device
management vendors profiled in this study.
62 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 8: Mobile Device Management Vendor Delivery Options
Vendor On-Premise SaaS Other
Absolute Software
Absolute Manage MDM is offered only as an on-premise solution today. Key features include application management; security, change & configuration management; automated patch; computer imaging; asset inventory; and power management.
Absolute Software does not offer a SaaS-based MDM solution currently but is evaluating this as an offering. Absolute Software has been providing a SaaS-based solution with Computrace since the 1990s and states that “SaaS is not new to us … it just requires integration of existing technologies.”
NA
AirWatch Software is deployed behind the corporate firewall (perpetual licensing per device up to 100,000+ devices with implementation services and support included). AirWatch’s on-premise model is available with annual maintenance and support at 20% of license fees. Approximately 20% of AirWatch revenues are from on-premise sales.
Supports 100,000+ devices through its 24x7 NOC with standard SLA of > 99.9% uptime. Approximately 70% of AirWatch revenues are from SaaS deployments.
AirWatch offers an Appliance in which perpetual licenses are sold to small-to-medium sized organizations with fewer than 5,000 devices. Maintenance and support is included for the first year and available at 20% of license fees starting in the second year. Roughly 10% of AirWatch revenues are from Appliance sales.
AT&T AT&T offers on-premise solutions through its partnerships with Good Technology, McAfee and MobileIron. McAfee’s EMM from AT&T is only available to customers with an AT&T business or government agreement and a Foundation account number.
AT&T offers hosted offerings through its partnership with MobileIron, utilizing MobileIron’s multi-tenant Connected Cloud solution. AT&T will provide support to hosted customers depending on the scale of deployment. Support will include a 3-tiered offering, from light support to fully administered support.
NA
BoxTone BoxTone’s on-premise Enterprise Mobility Management platform leverages BoxTone’s history in systems and application performance management and includes device management, support management and operations management.
BoxTone offers its solution in a private cloud only (not public cloud). Customers can deploy BoxTone on their own private cloud or through a private cloud provider (such as CSC, Dell, Fujitsu, HP, or Xerox/ACS). BoxTone has no plans to compete against low-end SaaS vendors such as Fiberlink and AirWatch but instead targets “industrial strength, mission-critical” deployments to F2500 businesses and government agencies.
NA
63 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 8: Mobile Device Management Vendor Delivery Options (continued)
Vendor On-Premise SaaS Other
Fiberlink NA MaaS360 is a subscription service that includes on-demand access, upgrades, maintenance, and 24x7 support.
NA
Good Technology
Good is best known for its container approach to MDM, which builds policy controls into the solution and allows IT policy, not end-users, to govern the behavior and ultimate control of applications. Good believes that by controlling data and not devices, it is solving the crux of enterprise data leakage concerns while still protecting the user experience.
Good has discontinued its CloudSync offering, believing that delivery of its end-to-end application securely, with end-to-end encryption, requires a footprint behind the customer’s firewall. Good’s Network Operations Center facilitates secure connectivity without “opening up holes” in the firewall.
NA
McAfee Enterprise Mobility Management (EMM) provides device management (iOS, Android, Windows Phone 7, BlackBerry); audit & compliance service; device agents; and ePO integration. AT&T offers EMM to its customers.
McAfee does not offer EMM as a SaaS-based offering currently. McAfee is working with several partners, and internally, to offer this capability and is expected to announce offerings in 2012.
NA
Mformation NA Mformation provides its Enterprise Manager hosted solution exclusively to MSPs and CSPs. Mformation Enterprise Manager can support large-scale deployments (hundreds of millions of devices), transactions (millions/day) and tenants/enterprises on a single platform instance.
NA
64 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 8: Mobile Device Management Vendor Delivery Options (continued)
Vendor On-Premise SaaS Other
MobileIron MobileIron offers VSP as its on-premise solution. Key components of VSP include Advanced Management: multi-platform support (iOS, Android, BlackBerry, Windows); monitoring and reporting (Atlas); application management; email access control (Sentry); advanced security; enterprise privacy; lost phone recovery; administration; and enterprise integration; Mobile Activity Intelligence: visibility and reporting, privacy policies, real-time roaming controls, exception and abuse control, and event center (alert triggers). MyPhone@Work: Usage visibility; app discovery; self-service.
Connected Cloud is MobileIron’s SaaS service and provides the same VSP features and functionality without installing a server in a data center. MobileIron states that Connected Cloud can be fully integrated and operational in less than an hour. MobileIron currently supports iOS and Android on Connected Cloud and expects to offer support for BlackBerry and MobileIron Sentry in 2012. In November 2011, MobileIron announced the opening of an Australian datacenter for Connected Cloud, from which it will support customers from various Australian and New Zealand verticals, including automotive, high technology, healthcare and government.
MobileIron offers perpetual licenses with an additional annual support fee, as well as a monthly subscription that includes support.
Motorola Solutions
MSP4, announced in January 2012, is Motorola Solutions’ latest update to its MDM offering. Key features include a single management interface for multi-OS support of enterprise and BYOD devices, self-enrollment, configuration & application management, remote OTA control, remote lock/wipe, enhanced security with AE256 encryption and centrally-managed keys, forced updates, and application white lists.
Motorola Solutions offers MSP as a managed, hosted solution through its “significantly sized and increasingly growing” Advanced Services organization.
NA
65 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 8: Mobile Device Management Vendor Delivery Options (continued)
Vendor On-Premise SaaS Other
SAP SAP’s Afaria offering is an on-premise solution that was developed in the early 1990s, providing the company with “a great deal of experience in this space.” SAP plans to update Afaria’s user interface in Q1 2012. Key features include policy management and enforcement, asset tracking, enterprise-grade security, OTA application delivery and client-side application portal, and secure email through TouchDown.
SAP offers hosted Afaria through partnerships with Accenture, Orange Business Services, VeliQ, and Verizon. Verizon became the first company to sign an agreement to sell SAP’s cloud-based Afaria when it extended an existing agreement in place with SAP in May 2011. This initiative is part of SAP’s Managed Mobility Offering (MMO), which is comprised of a team solely focused on service providers, the cloud and multi-domain software instances that have provided additional capabilities to Afaria for greater scale and concurrent sessions. SAP expects more vendors to utilize its cloud-based capabilities to white label their brands for end-user customers.
SAP offers an appliance model for Afaria for Proof
of Concept customers. Developed in Q4 2011, this
appliance provides a behind-the-firewall
solution for PoC customers.
SOTI MobiControl on-premise provides asset management and CRM, diagnostics, alerts and reporting, data sync, device provisioning, help desk tools, advanced security (user/hardware authentication, data encryption/process run control, kiosk mode operation), and location services.
MobiControl Cloud is hosted in the cloud by SOTI and is a turnkey solution with no hardware or infrastructure costs. Customers can increase deployments as needed without adding additional servers. SOTI targets enterprises that want to start a pilot quickly without dedicated resources and SMBs who want to minimize server and software maintenance costs.
SaaS with in-premise architecture allows customers to purchase perpetual and transferrable software licenses. Servers can be installed in the DMZ. Solution can be installed on a virtual machine. SOTI targets security conscious customers and enterprises with data centers.
Syclo Syclo includes Agentry MDM at no additional cost to customers who purchase its MEAP product. Key MDM functionality includes multi-OS platform support, security, management and analytics, connectivity, and integration.
Syclo typically provides Agentry in the cloud through partners, including CSC, IBM, and West Interactive, who deploy Agentry on Syclo’s behalf. Some partners re-label Agentry as their own, while others promote it as Syclo’s offering.
NA
66 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 8: Mobile Device Management Vendor Delivery Options (continued)
Vendor On-Premise SaaS Other
Tangoe Tangoe’s on-premise MDM solution includes real-time security and compliance services, application management, management through a central console, help desk support, and device recycling.
Tangoe offers a multi-tenant, hosted solution, segregating customer data to meet security compliance requirements. Tangoe’s MDM databases are built on SQL Server 2008, and all communications are handled over SSL with authentication handled directly by the enterprise’s corporate directory. Tangoe states that it has developed specialized components that allow its hosted solution to integrate with customers’ internal resources. Tangoe operates its cloud services from its SAS70-certified data centers using SCEP servers.
Tangoe offers site hosting at customer sites, remotely managing all servers; partial hosting (Tangoe hosts the customer’s Domino BES server and MDM solution while the customer’s Domino email server stays onsite), and full hosting (Tangoe hosts the entire mobile infrastructure, including Exchange or Domino email servers).
Wavelink Avalanche is Wavelink’s on-premise MDM solution. Available as Site Edition (SE) for organizations that do not require wireless infrastructure management or a distributed server architecture. SE is designed to install quickly and easily. It supports multiple consoles but must perform a migration to Avalanche MC to run in a distributed model. Avalanche is also available as Mobility Center (MC), which includes the ability to deploy in a centralized or distributed model. Can install on different servers.
Avalanche On Demand is targeted at wireless enterprises and offers multi-tenancy to support hosted solutions, including SaaS and managed services. Includes support for new firmware and devices, along with additional language support.
Managed Services is a hosted solution in
which all of the administration and
system management are done by Wavelink,
including daily monitoring and
management of mobile device inventory and
alerts.
Zenprise MobileManager provides configuration management, provisioning, security that places Zenprise databases behind the DMZ, remote user support, monitoring, and de-commissioning of inactive devices.
Zencloud offers a multi-tenant offering that can run as a public, private, or hybrid cloud. The hybrid configuration requires Zenprise’s Secure Mobile Gateway for perimeter security; the ability to block unmanaged devices, users, and blacklisted applications; and the creation of rules to allow specific devices and OSs onto the corporate network. Zenprise cloud offerings are supported from data centers in the US, Europe and Asia and include a 100% SLA, including service credits for every minute of customer downtime as a result of an outage.
NA
67 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Mobile Device Management Pricing Comparisons
MDM pricing is generally done on a per device, per month basis for SaaS models and a per
device basis for on-premise configurations. Perpetual pricing is typically a cost per device,
along with an annual maintenance charge of approximately 20 percent of the license fees
beginning in the second year. Appliance pricing usually includes a one-time hardware purchase
and some number of licenses. Optional hardware and services may also be available.
Pricing varies depending on the volume of licenses purchased, the type of licenses acquired
(premium versus standard), and customer status – discounts are typically offered to
educational institutions and non-profit companies. Discounts are also provided for longer term
duration contracts and large volume contracts.
While not all vendors were willing to divulge their MDM pricing, many were. Moreover, some
vendors shared that they continue to closely monitor per user pricing, as well as maintenance
and support pricing, to ensure they remain competitive in the crowded MDM market.
Table 9 provides available pricing details on vendors' on-premise, SaaS and appliance offerings.
68 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 9: Mobile Device Management Vendor Pricing Models
Vendor Description
Absolute Software
Absolute Software offers two pricing models: term and perpetual. A 1-year subscription for standalone Absolute Manage MDM is US$11.95/user (list), and a perpetual license is $21/user plus $4.20/user/year for maintenance (list). Absolute Software offers volume and multiple-term subscription discounts. Education customers also receive “significant” discounts.
AirWatch AirWatch offers three pricing and delivery models: SaaS, on-premise and appliance. Pricing for SaaS is $3/device/month with software maintenance and support included. Optional components that can be added include remote control subscription ($.75/device), secure email gateway subscription ($.75/device), secure email gateway hardware ($6,500), basic service pack ($2,000), advanced service pack ($5,000), and enterprise service pack ($10,000). On-premise pricing is $40/device (one-time fee), annual software maintenance and support (20% of license fees), and basic service pack ($2,000). Optional components include remote control license ($10/device), secure email gateway license ($10/device), secure email gateway hardware ($6,500), advanced service pack ($5,000), and enterprise service pack ($10,000). Appliance pricing is hardware, including a 1-year warranty ($6,500), 50 perpetual licenses (included), annual software maintenance and support (20% of license fees starting in second year; first year is included), and basic service pack ($2,000). Optional components include perpetual license ($40/device), remote control license ($10/device), secure email gateway license ($10/device), secure email gateway hardware ($6,500), advanced service pack ($5,000), and enterprise service pack ($10,000). AirWatch offers additional discounts to education and non-profit customers, as well as volume-based discounts.
AT&T AT&T is partnering with MDM vendors Good Technology, McAfee and MobileIron and offers on-premise solutions from all three, as well as MobileIron’s Connected Cloud SaaS offering. Customers that purchase on-premise solutions purchase the equipment for a one-time cost and pay a monthly fee per user or a slightly lower annual license/user. The cost includes both the technology and support. Pricing for McAfee’s EMM on-premise solution through AT&T is: $5.99/seat/month for 50-1,000 active seats; $4.99/seat/month for 1,001 – 10,000 active seats; and $3.99/seat/month for 10,000+ active seats. AT&T is finalizing support pricing for its hosted solution; the price range from “light” to “full” is expected to be $.75 - $5/user/month.
BoxTone BoxTone software is priced per module per device and starts at $35 perpetual per module or $3 per month subscription.
Fiberlink Fiberlink offers a 30-day free evaluation trial. Thereafter, pricing for enterprise accounts is based on the number of devices managed on the MaaS360 platform each month, with rates between $4 - $6/user/month. Customers may alternately elect to purchase user-based pricing that includes an unlimited number of managed devices per user for a flat fee of $10/month. Pricing under both models is all inclusive - Fiberlink does not charge additional fees for activation, installation, maintenance, upgrades, or support. All customers receive 24x7x365 live support with their subscriptions.
Good Technology Both the iOS and Android versions of Good for Enterprise start at a list price of $159/device and include a one-time server access license of $1500. Basic support costs $20-$35/device/year. Volume discounts are available using the same processes and approval levels as the current Good for Enterprise model.
McAfee McAfee declined to provide pricing for this study.
69 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 9: Mobile Device Management Vendor Pricing Models (continued)
Vendor Description
Mformation Mformation offers both perpetual and term license models, depending upon the delivery and sell-through scenario.
MobileIron MobileIron offers perpetual licenses with an additional annual support fee, as well as a monthly subscription that includes support. Additionally, MobileIron offers an on-premise solution and a subscription-based SaaS service (Connected Cloud). Pricing for both the on-premise and SaaS models is $4/user/month. Perpetual licenses are $75/device with a 20% annual maintenance fee; support pricing is the same for both on-premise and SaaS configurations.
Motorola Solutions
Motorola Solutions does not provide product pricing but states that pricing for both MSP on-premise and SaaS-based offerings is “very competitive.”
SAP SAP does not provide product pricing. SAP SaaS partner The Principal Consulting , Inc. (TPC) advertises Afaria OnDemand for $4/device/month with no upfront license purchase required. TPC states that its Rapid Deployment Solution is available for Production in 1.5 weeks.
SOTI SOTI’s MobiControl product is available as an on-premise solution, a SaaS solution, and a SaaS model with on-premise architecture. Pricing for on-premise is $66 for “premium” licenses (those supporting advanced MDM features for rugged devices running Windows Mobile/CE) and $33 for Android and iOS licenses. SOTI offers volume discounts starting at 200 licenses and site licensing is available for deployments over 10,000 licenses. There are no server costs, only a cost per device license. SOTI’s SaaS list pricing is $3/device/month.
Syclo Syclo declined to provide pricing information for this study. Tangoe Tangoe does not provide specific pricing but notes that its pricing is flexible—by device and
by user—and is designed to maximize customer ROI and value.
Wavelink Avalanche is priced at $50 per device for on-premise and $4.50 per month for SaaS deployments.
Zenprise Zenprise on-premise pricing starts at $4/device/month via a subscription model with discounts for term duration and volume. Zencloud pricing starts at $4.75/device/ month with discounts for term duration and volume. Zenprise Mobile DLP starts at $2.50 and $3.00/device/month for on-premise and cloud, respectively.
70 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Increased Security Concerns Drive Greater
Interest in MDM Solutions
CIOs, CISOs and other IT executives cite security
concerns as a primary reason for evaluating and
selecting MDM solutions. As growing numbers of
employees bring their personal mobile devices to work,
there are security implications in terms of device
management, information management, and file
management, as well as issues of overall information
security and integrity if an employee leaves the
organization. Because of the large influx of personal
devices coming into the work place, IT departments are
finding it difficult to enforce policies on employee-
owned devices in the same way they enforced policies
on corporate-owned devices.
Stepping back and viewing the situation in relation to
computing platforms over the past decade, mobile
security is still considered to be in its infancy. Whereas
operating systems in the past evolved slowly and
predictably and were dominated by Windows, the
environment today is one of numerous mobile
operating systems, along with physical device
platforms from dozens of manufacturers. While
vendors are racing to respond to enterprise demands
for mobile security, the sheer complexity of the mobile
environment has made progress challenging for the
industry as a whole.
Nowhere is security a higher priority than in highly
regulated industries. Alan Arenas-Grube, Practice
Manager for Mobility at Paragon Development
Systems, hears frequently from his health care clients
about security and compliance concerns, including both
patient privacy and HIPAA compliance, as well as
ensuring that corporate data remains within the
organization when an employee leaves. Arenas-Grube
maintains that mobile devices are “completely end-
McAfee’s Three Pillars of
Mobile Security
McAfee officials believe there are
three key components to a robust
mobile security solution:
Device Protection: Includes data and
device protection using MDM
software, anti-malware protection
and Web protection.
Data Protection: Includes protecting
sensitive enterprise data by
preventing data leakage, utilizing anti-
theft and loss features and
maintaining strict separation of
personal and business information.
Application Protection: Involves
protecting users from rogue and
malicious applications.
For details on McAfee’s offerings in
each category, please see the McAfee
profile at the end of this study.
71 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
user focused, making it very difficult for enterprises
because they are used to ruling with an iron fist.” The
plethora of devices coming into corporate
environments has led to security breaches, such as
physicians working in two different hospitals who may
connect data between the organizations through their
own personal devices. In most instances, Arenas-
Grube believes these scenarios are unintentional, not
malicious. Still, security remains a key concern for
health care IT managers, as well as other highly
regulated industries, such as financial services and
government/defense.
Tim Williams, Director of Product Management at
Absolute Software, notes that one of the trends
Absolute Software is seeing today is that MDM has
accelerated the convergence between end-point
management and end-point security. While security
has always been a concern with client management, it
now leads the conversation in discussions around
mobile device management. Williams adds that the
shift from tight IT control in the past to BYOD
environments today is causing organizations to view
their security priorities differently. Notes Williams,
“While companies used to have a device perimeter
that was bounded by the company network, now they
have a data perimeter that doesn't really have any
boundaries at all because IT doesn't own the devices.
In addition, IT doesn't own the networks when users
are on 3G or 4G networks.” As a result, IT managers
increasingly view security as delivering a service or
delivering access, while still maintaining control of the
data.
MDM vendors are increasingly offering customers the
ability to put documents in secure settings with no
ability to forward, cut/copy/paste or view the
information offline. AirWatch, for example,
implemented Secure Content Locker on its MDM
Absolute Software Provides Secure Document Access and Control through AbsoluteSafe
One example of secure document management is that of Absolute Software’s support for a federal government customer who reviews classified documents in closed-door meetings.
The customer, who also has a paper-free initiative, wanted access to the same information on iPads that they have to classified paper documents, while maintaining the same degree of control.
With its AbsoluteSafe product, Absolute Software can assign classified documents with a scheduled time window that coincides with the meeting.
Appropriate devices that will be participating in the meeting have sole access to the documents. At the end of the scheduled time window, the document is automatically deleted from all devices.
Additionally, Absolute Software can turn off the ability of participants to take a screen capture of the information.
A persistent connection is not required to delete documents.
72 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
platform as a secure venue for files and email attachments that customers and employees can
access but not compromise. AirWatch has full data loss prevention capabilities for each
document and can even restrict access to view-only mode from the server – when the user logs
off, the document is gone, since it was never downloaded to the user’s device initially.
AirWatch Chairman Alan Dabbiere notes that investment banks have shown keen interest in
these capabilities so that they can restrict dissemination of their research on stocks and other
investments.
Container Approach to Mobile Security
One approach some MDM vendors have taken in addressing security concerns around mobile
data is to adopt a container architecture. Good Technology is perhaps most closely associated
with the container approach and uses this architecture as a way of ensuring consistent security
across all platforms and devices (e.g., by enabling end-to-end data encryption even in cases
where the device itself does not support this) and by controlling the behavior of “business”
applications to prevent data loss to other “personal” apps and services, particularly in BYOD
environments where users may download applications that blur the line between business and
personal use, such as Dropbox, Box.net, Keynote, and Evernote. Good for Enterprise encrypts
data from the corporate server and allows IT to define policies that determine the extent to
which the data may be shared with other IT-approved apps.
According to John Herrema, Good’s SVP for Corporate Strategy, Good’s applications, and those
based on Good Dynamics, have policy controls built into them, permitting customers to allow or
disallow specific policies, such as cut/copy/paste into or out of applications, the opening of
attachments or documents in certain applications, and address book synchronization. Herrema
notes that Good’s strategy of having policy controls built into the applications themselves
makes a significant difference and is the only way for customers to truly prevent data loss and
leakage, especially in a BYOD world where the user expects to be able to use whatever
“personal” apps and services appeal to that user and to do so without IT policy or privacy
interference based on “blacklisting” or similar techniques. Alan Arenas-Grube, Mobility
Practice Manager at Paragon Development Systems, agrees, adding that, “Delivering
documents using a containerized approach is the most secure approach.”
AT&T’s October 2011 launch of Toggle also represents a containerized approach. Toggle is a
BYOD solution that provides basic MDM functionality (lock, wipe, locate, inventory, track),
separating the device into two separate and distinct personas. Users can “toggle” by clicking on
the shortcut on the home screen and quickly move from one container to the other. AT&T
officials responsible for MDM offerings state that Toggle is an MDM compliment rather than
traditional MDM, working toward AT&T’s goal of OS agnosticism and integration with other
73 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
AT&T Advanced Mobility Solutions products, most
notably MDM and MEAP. Toggle runs on Enterproid’s
Divide platform.
There are several key differences between Enterproid’s
container approach and Good Technology’s approach.
First, Good is on-premise while Enterproid is cloud-
based. Second, Enterproid only allows IT
administrators to see what is in the container, not the
entire device, while IT administrators for Good can see
across both personal and business applications.
Zenprise also uses a container for secure file sharing in
which IT managers can specify, on a document-by-
document basis, whether to allow a user to download a
document into Zenprise’s secure container. For
companies who are “extra paranoid” about security,
Ahmed Datoo, Zenprise’s CMO, explains that users can
be restricted to only viewing the document via a
network connection, and never actually downloading it.
If the user downloads a document into Zenprise's
secure container, Zenprise also has the ability to do a
selective wipe so that if a user leaves the company and
had viewed the document on their personal device,
Zenprise can remove all of the corporate documents
from their device.
Platform versus Container Approach
One of the principal differences between MDM
offerings is whether the systems are based on a
platform approach or a container approach. Key
differences include:
Platform Approach: This category of vendors
includes companies that manage the device all
the way down to the operating system level.
Vendors in this category work closely with
hardware manufacturers, including handset and
tablet manufacturers, to ensure they have
Enterproid’s Divide
Enterproid’s Divide platform offers
two portals:
Divide Manager is similar to a
MDM console and allows the IT
administrator to see the entire
universe of devices connecting to the
IT environment but only provides
visibility into the corporate container.
My Divide is an employee
portal that allows users to wipe the
entire device, including the corporate
container.
Why does Enterproid give users so
much control?
Enterproid believes that companies
can achieve desired cost savings and
scale by leveraging the devices
employees have already purchased
and are using on a daily basis.
Even if employees wipe their entire
device, the corporate data itself is not
lost because it resides on the
organization’s servers or on the
applications themselves.
74 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
access to the APIs into which their systems will connect. Companies in this grouping
also tend to stress the fact that their customers enjoy a “native” user experience, which
allows end-users to utilize their mobile phone’s user interface, for example.
Container Approach: As the name implies, sensitive information is put into a
“container” or sandbox and managed within that container. Typically, personal data in a
BYOD environment is kept out of the container so that any wipe of corporate data is
clean and does not disturb personal information, a key legal consideration for many
firms.
Table 10 highlights MDM vendors utilizing a platform approach, a container approach, or both.
Table 10: Vendor Approaches to Mobility Management: Platform versus Container Vendor Platform Container
Absolute Software ●
AirWatch ● ● (Secure Content Locker)
AT&T ● ● (Partnership with Good)
BoxTone ● ● (Partnership with Good)
Fiberlink ● ● (Secure Document Sharing)
Good Technology ●
McAfee ●
Mformation ● ● (Through partners)
MobileIron ●
Motorola Solutions ●
SAP ●
SOTI ●
Syclo ●
Tangoe ●
Wavelink ●
Zenprise ● ●
Mobile Application Security in Enterprise BYOD Environments
There is tension in BYOD environments between who decides whether applications are
acceptable in a corporate setting. Do users get to decide? Or IT managers? While applications
may not inherently be malicious or considered malware, certain applications may be more
appropriate in personal environments than on corporate networks, particularly from a security
and compliance standpoint. For example, if a healthcare worker transfers patient information
to Dropbox, there are immediate security and compliance issues associated with this action,
75 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
and no amount of device wipe, encryption or
password-level security will prevent data loss and
leakage.
With the proliferation of applications and the
increasing reach of mobile devices, access to back-end
systems from mobile devices has led some companies
to impose restrictions on applications and devices.
Kelly Ungs, Senior Director of Channel Sales at
Wavelink, notes that, while the “Internet lingo around
app stores sounds really great and is a really cool story
to tell,” in reality, most customers rolling out mobility
today are not getting their applications from public
application stores. Instead, companies are closely
controlling their applications and making sure they are
configured in a specific way, ensuring that users have
the correct versions and levels of applications on their
devices. Otherwise, companies will not grant access to
their critical back-end systems.
In addition to security concerns surrounding BYOD,
many CIOs also have ongoing concerns about security
with cloud-based MDM solutions. While IT executives
appreciate the choice between on-premise and hosted
solutions, concerns linger about co-mingling data, loss
of transparency and control, and the difficulty of
guaranteeing regulatory compliance when data is
moved to the cloud. Large enterprises and companies
in highly-regulated industries are especially wary of
moving their on-premise data to a cloud-based
infrastructure. According to Alison Welch George,
Senior Business Development Manager at SAP, “Larger
companies want to remain on-premise; cloud-based
solutions are still a very nervous thing for them.”
Wavelink Stresses
Importance of Controlled
Application Rollouts
Officials at Wavelink report that most
of their customers prefer to deploy
and manage specific applications,
such as applications related to ERP or
field service management, that are
integrated with back-end systems.
As a result, Wavelink customers
generally obtain their applications,
create the specific configurations they
want their employees to run on
mobile devices, ensure they have the
correct versions and levels of
applications on the devices, and
conduct a managed deployment.
It is a very closely controlled process
to ensure the applications are secure
and are doing what they are intended
to do as they integrate into complex
back-end systems such as SAP and
Oracle databases.
76 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“We might consider cloud-based
MDM in the future but security is and
will remain our greatest concern in
terms of the ability to consume data
inside the firewall from some other
platform outside the firewall.”
Stewart Hubbard, VP of Technology
Operations, Coldwater Creek
Brian Reed, Chief Marketing Officer at BoxTone, agrees, citing several examples of prominent
cloud-based MDM vendors with lackluster data security. Reed described a demonstration of a
man-in-the-middle attack on a mobile device that was corrupted and hijacked during a leading
industry trade show, even though it was running MDM software. Reed notes “There are some
real issues with amateur hour in the cloud.” He adds that, “With regulated industries, there are
many audits to ensure that the software is defensible
and security is architected, but there remain many
insecurities and improper designs in the market
today.” With its regulated industry focus, BoxTone
offers hosting in private clouds, as well as on-premise
solutions.
Crystal Wong Kruger, Senior Manager for Business
Development at SOTI, agrees that there are security
concerns around cloud-based offerings for some
customers, including large enterprises and certain
verticals, including public sector, financial services and health care. At the same time, Wong
Kruger adds that many of these types of organizations are interested in access to a pilot server
in the cloud to bypass the often lengthy internal processes required for on-premise
installations, including trials.
A key factor that organizations considering cloud-based solutions should consider is the
physical location of the servers in which their data will reside. For example, the data that
companies have on cloud servers in some jurisdictions may be subject to more or less legal
protection than what is afforded in the United States. Customers should ask probing questions
about the exact location of their data if it is stored in the cloud.
For companies ultra-concerned about security in which the company’s ultimate livelihood
hinges on protecting secure data, Alan Arenas-Grube from Paragon recommends not using an
MDM solution to secure data but instead utilizing a document loss prevention or protection
system. While there are variations of vendor capabilities on the MDM security continuum,
Arenas-Grube believes that MDM platforms are ultimately best suited for device management
and device administration, and not as security platforms.
77 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Tension between Security Risks and Long-term
Business Potential
While the focus on MDM in the past centered largely
around security concerns, there is an increased focus
on how mobility will lead to greater productivity.
Employees and executives who are away from their
desktop computers want productivity on their mobile
devices to allow them to get their work done and
enable them to react to data on their device in real
time, instead of just consuming the content and then
going back to their offices and taking action.
Sam Liu, VP of Marketing at Partnerpedia, advises IT
managers to think about what’s truly driving the
consumerization of IT and the reasons it is happening.
IT executives need to acknowledge the paradigm shift
when it comes to enterprise mobility and consider how
they will consolidate, manage, publish and distribute
applications from disparate sources to heterogeneous
devices in an end-user driven world. According to Liu,
“This is the piece that some IT managers forget about
because they’re so focused on IT security.”
Bitzer Mobile’s VP of Product Management Andy Smith
echoes Liu’s sentiments, stating it is critical for CIOs
and business leaders to engage in conversations about
user experience and security. Smith urges decision
makers to “think about the end-goals of the
mobilization solutions they’re trying to put together”
and determine if there is a way to meet security goals
while also keeping users happy. The answer to this
question, Smith believes, is dependent upon specific
customer constraints, such as whether a firm is in an
industry that restricts cameras, such as some health
care settings. For most companies, however, Smith
believes there will not be significant constraints,
allowing executives to focus on user experience.
AT&T’s Focus on Mobile
Security
To reduce the tension between
security risks and long-term business
potential in the mobile device
management market, officials at AT&T
are focusing on better anti-virus, anti-
malware and anti-spam capabilities.
AT&T also plans to focus on the
impact of connectivity on security,
such as blended SSL/VPN connectivity.
Over the long term, AT&T will
concentrate on identity and personas,
including ways to build better
capabilities for customers to manage
their BYOD environments, such as
segmenting and containerizing
personal and corporate data.
While security will continue to be a
focus for containerized solutions,
AT&T looks to provide future
enhancements and development
around containers for expense
management, ultimately putting a
separate voice and data plan
associated with a container on each
user’s device.
78 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MOBILE DEVICE MANAGEMENT ROI
Discussions about ROI and TCO for mobile device management center around both hard and
soft savings as a result of more efficiently managing mobile devices. Many customers consider
the opportunity cost of not deploying an MDM solution – particularly if there is a malware
attack on Android devices – as the initial driver for deploying MDM solutions. With so much
information flowing out of organizations from different end-points, security concerns are real
and justified. When devising ROI proof points, companies typically deploy to smaller groups
initially, using this data to support their internal business case for larger deployments.
Vendors provide ample evidence to highlight the financial benefits their solutions provide. For
example:
AT&T, using MobileIron’s Virtual Smartphone Platform (VSP), advertises that customers
can save up to 20 percent on their wireless bills using Mobile Activity Intelligence, which
provides Finance, IT and end-users a detailed view of phone usage, cost drivers and
service quality.
BoxTone states that it can lower enterprise IT costs by 20-30 percent within
approximately three months. According to BoxTone’s calculations, in an enterprise
environment with 1,000 users, hard savings for mobility TCO translates to approximately
$220K - $340K during this time frame.
Fiberlink provides ROI and TCO calculations when requested by customers but notes
that these figures are typically unique to each environment – and often debatable.
Fiberlink believes that its cloud-based model provides better ROI than on-premise
solutions due to faster deployments coupled with lower infrastructure, management
and maintenance costs associated with SaaS solutions.
Good Technology describes the estimated $2 million annual cost savings Highmark Blue
Cross Blue Shield realized by allowing 2,000 nurses and doctors to use personal Apple
and Android devices while still meeting HIPAA requirements and addressing eDiscovery
issues. Soft dollar benefits included increased staff willingness to work off hours and
better staff morale as a result of increased control and flexibility over their schedules.
Mformation estimates that large businesses with at least 1,500 users will realize an ROI
of approximately 30 percent when they utilize cloud-based MDM, with factors such as
upfront software and hardware costs; labor/system administration costs; support and
maintenance costs; and connectivity costs the key factors that impact overall TCO.
79 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“There's no selling of the idea that
companies need mobile device
management. Everybody gets that.”
Tim Williams, Director of Product
Management at Absolute Software
MobileIron includes a Cost Savings calculator on its web site that allows companies to
plug in different variables for potential cost savings. MobileIron auto-calculates
potential savings in areas such as Start-up and Termination, IT Actions and Operations,
User Actions and Incidents, Telecom Usage, and Bring Your Own Device, including
detailed break-outs for each category.
SAP provides one-on-one based ROI analysis for its customers through an in-house
calculator it has built to show ROI broken out by telecom expense management, help
desk savings, and BYOD program cost savings on a per device basis.
SOTI advertises that it can help its MobiControl customers reduce end-user support
costs by up to 70 percent.
Syclo customers who purchase Syclo’s MEAP platform receive MDM for free. As a
result, ROI is considered in terms of implementation and management costs. Syclo also
provides a “Value Calculator” on its web site that allows customers to estimate ROI.
Tangoe claims that it can lower help desk and support expenses by 40-to-60 percent
with its automated security policy implementation and support for compliance. Tangoe
adds that “Reducing costs is part of our DNA and MDM is a natural extension of our
broader cost management capabilities.”
Wavelink advertises that companies can save up to 60 percent annually with Avalanche
MDM by reducing wireless costs, improving productivity and ensuring strong security
across the network.
A key goal with any MDM solution is to minimize downtime. Customers consider ROI for MDM
solutions in terms of how well the systems can keep devices up and running in order to reduce
end-user downtime and lost productivity within the enterprise. Customers also want to
minimize the number of IT personnel needed to support the devices.
Many MDM vendors admit, however, that discussions about ROI and TCO with customers
generally never come up. Why not? MDM has
become an integral part of the IT landscape, a
necessary piece of the IT arsenal that is now simply
“accepted” as part of any organization’s IT
infrastructure. According to Tim Williams, Director of
Product Management at Absolute Software, “I have
never had a question about ROI. In talking to our sales
force, this question just never comes up. It used to,
but I think everybody understands the risks, and so to most organizations the ROI is reduction
80 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
of risk. There's no selling of the idea that companies
need mobile device management. Everybody gets
that.”
Officials at McAfee agree, noting that expensive and
smart IT personnel can be better utilized for long-
term, strategic issues, not handling password resets.
McAfee officials state that “Enterprises understand
the importance of MDM because they currently see
the challenges of supporting the existing devices
already in their environments.” Ahmed Datoo, CMO
at Zenprise, adds that the majority of customers
believe that MDM is a “must have” at this point in the
evolution of enterprise mobility. Notes Kevin Goulet,
Senior Director of Strategy and Product Management
at Motorola Solutions, “MDM is just a must have. It's
almost become complete table stakes.”
Even vendors that are still being asked for ROI analysis
have an easier time of persuading customers of
MDM’s effectiveness. According to Joe Granda, EVP of
Marketing at Syclo, “We’ve had more traction in the
past 18 months around MDM. It’s been easier to
convince customers to use MDM. Instead of asking
‘What is MDM?’ customers are now aware of its
usefulness.”
Some MDM vendors can claim credit for helping their
customers stay in business – perhaps the best ROI of
all. AutoRestore, for example, used SOTI’s
MobiControl to recoup enough lost revenue to stay in
business after technicians accidentally deleted
pictures of damaged vehicles.
SOTI’s MobiControl Saves
Auto Glass Business
UK-based AutoRestore replaces
vehicular glass. In its first year of
operation AutoRestore utilized
approximately 22 field technicians to
take pictures of vehicles with
consumer-grade smartphones, both
before and after damage was repaired.
The photos were essential to
AutoRestore’s business. Without
them, insurance companies would not
reimburse the company for its work.
Accidental deletion of photos by
technicians resulted in losses of over
£500,000 in six months, jeopardizing
the company’s long-term viability.
After purchasing SOTI MobiControl,
AutoRestore can automatically sync
the photos.
SOTI states that this is a typical
example of customers effectively
utilizing MDM solutions to improve
their business processes and remain
competitive.
81 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MDM PARTNERSHIPS
Partnerships Essential to Meeting Customer
Needs
Partnerships in the MDM community are vital, and
MDM players are taking every opportunity to work
with best-of-breed vendors in a variety of
specialties. Partnerships include those with carriers,
system integrators, specialty software developers,
OEMs, cloud vendors, MEAPs, MAMs, Managed
Service Providers, Mobile Application Development
companies, global consulting firms, and even other
MDMs. In essence, vendors are pragmatic and
recognize that partnerships are essential to meeting
customer needs efficiently in an industry that has
ramped quickly and shows no sign of slowing.
For example, Good Technology SVP of Business
Strategy John Herrema acknowledges that Good
cannot possibly build everything customers may
want. As a result, Good is using its Good Dynamics
platform to develop a new set of horizontal
collaboration applications that can reach new
customers through third parties.
MDM Partner Ecosystems are Rich and Varied
Some MDM vendors have a rich ecosystem of
partners in many different categories. For example,
AT&T has structured partnerships with Good
Technology, McAfee and MobileIron. As part of this
arrangement, AT&T provides a single bill to its
customers that includes MDM charges. Customers
can elect to manage certain devices and
applications, as well as make a determination about
corporate-liable versus employee-liable devices.
AT&T is providing the MDM component on its billing
statements in a single, unified package for
customers. AT&T continues to evaluate other MDM
MDM Partnerships: Critical to Future Success
MDM vendors believe that partners are essential when extending their reach into new markets that MDM players do not typically target or to which they may not have access. SOTI uses SIs, VARs, and distributors to maximize supported countries and languages.
Partners provide local knowledge and support. For example, Syclo typically looks for local partners in countries such as Russia, where partners know the language and customs and Syclo can train them in the technology. This approach is common among MDMs, many of whom are small or medium-sized firms that want to extend their reach to international markets but may not have the financial resources to open brick and mortar offices.
In extending their reach to global markets, MDMs are increasingly partnering with global consulting firms and system integrators, including Accenture, CSC, Dell, IBM, HP, and Xerox/ACS. For example, in late 2011 BoxTone was part of a contract with HP Services for a large, outsourcing contract for a global multinational that spanned North &South America, Europe, Asia & the Middle East. BoxTone is utilizing MSPs as its “feet on the street” in the global marketplace.
Partners provide both horizontal and vertical expertise. For example, partners with knowledge in fast-growing mobile verticals, such as health care, are especially valuable. Partners who are considered best-in-class in mobile security are also highly sought after.
82 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
players for potential partnerships and strategic
alliances.
AT&T is also working with MEAP vendors Antenna
Software and Verivo to respond to customers who
want to deploy and manage their own private app
stores. AT&T officials see MEAP partnerships as a
solid opportunity, convinced that most MDM vendors
are not pursuing these opportunities quickly enough,
particularly given the overwhelming market interest in
applications to date, along with projected interest in
the future.
Good Technology has a partnership with enterprise
mobility solutions provider Verivo Software (formerly
Pyxis Mobile), in which the Good Dynamics container
is integrated into Verivo’s platform. This combination
provides military-grade encryption and centralized
device management within Verivo-built applications.
According to CTO Todd Christy, Verivo is in discussions
with other MDM vendors to offer further
application/management integration. Christy states
that Verivo would like to more seamlessly integrate
with MDM solutions, eventually allowing users to
simply push a button within the Verivo system to
make applications directly available, versioned,
managed, audited, tracked and, where appropriate,
disabled, in whichever MDM tool they are using.
Verivo is also in discussions with MAM vendors for
some of the more application-centric elements of
mobile management, including enterprise application
stores, application provisioning, and application policy
management.
Verivo’s Christy believes that customers are frustrated
with the multiple vendors with which they are forced
to work. Even if complementary vendors “play nice”
together, customers must suffer through multiple
consoles, audit information, training, and two “throats
Good Dynamics Promotes Secure Application Development through Partnerships
Good Technology announced a new class of partners in October 2011 that develop applications using the Good Dynamics platform. Partners include: Accellion, Aji, Box, GroupLogic, MeLLmo (Roambi), MicroStrategy, Quickoffice, Unisys and Verivo.
Good is developing these partnerships to leverage popular and proven applications from commercial app stores to enterprise environments, providing an additional layer of security and control through Good Dynamics.
Good’s strategy allows partners to continue selling mass consumer applications to highly regulated and security-conscious enterprises.
Good reports that customers provide recommendations for “match-making” between partners and popular consumer apps that can be containerized on Good Dynamics for use in enterprise environments.
Good Technology believes its Good Dynamics platform gives scale and leverage to existing applications and developers, helping them create and sell more secure and compliant versions of consumer applications for enterprise environments with strict security requirements.
83 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“MEAPs and MDMs are like
chocolate and peanut butter – it’s
clear that these two players need to
come together.” Todd Christy, CTO of
Verivo
to choke.” As such, Christy believes some partnerships could eventually lead to more
permanent relationships, including mergers or acquisitions between MEAP and MDM players,
particularly if a larger background player fueled the
marriage behind the scenes. According to Christy,
“MEAPs and MDMs are like chocolate and peanut
butter – it’s clear that these two players need to
come together.”
MDM vendors have also reached out to global
consulting companies, who are offering MDM
capabilities as part of their broader solutions. Many
MDM players partner with global consultancies such as Cognizant, Infosys, Tata Consultancy
Services and others. SOTI, for example, is working with all of the major distributors in India, a
region for which SOTI foresees tremendous growth and in which it plans to increase
representation. According to Crystal Wong Kruger, Senior Business Development Manager at
SOTI, RFPs and RFIs typically request configurations for 100,000 units, a level SOTI’s
architecture is designed to support, according to Wong Kruger. SOTI is currently working with
Wipro on a large grocery account that has thousands of locations.
At the other end of the spectrum, MDM vendors are partnering with individual software
companies who are building MDM developer toolkits into their products directly. AirWatch, for
example, provides security SDKs for enterprise applications that allow customers to perform
geo-location tracking and fencing, application usage monitoring and security, jail break
detection, usage and data monitoring, and certificate exchange and single-sign on. According
to AirWatch Chairman Alan Dabbiere, “This information is ‘baked’ into the products of virtually
every mobility point-of-sale vendor,” including airline flight chart mapping companies and
business intelligence companies such as MicroStrategy. The information is then reported up
through the AirWatch console.
MDM Partnerships with OEMs
Mobile device management vendors are also working closely with OEMs. For example, SOTI
uses its close relationships with OEMs to develop additional advanced functionality, such as
enhanced Android support for Samsung and Panasonic, according to Wong Kruger. Psion and
Honeywell Scanning & Mobility both have white-labeled rebrandings of SOTI’s MobiControl.
Wong Kruger also notes that SOTI’s relationships with hardware manufacturers enable it to be
more competitive in the market by offering feature-rich products, and not just cater to the
“lowest common denominator.”
84 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
McAfee views partners as the cornerstone of its MDM strategy, both in terms of providing its
own MDM products and also in its work with Original Device Manufacturers to pre-load McAfee
products onto their devices. In the latter instance, customers can purchase mobile devices
bundled with McAfee products, highlighting McAfee products as “features.” McAfee dubs this
“McAfee Business Ready,” which means that the device a customer buys is not only marketable
as a consumer liable device but is also ready to be connected to a corporate infrastructure.
According to McAfee officials, “There is a very blurry line between consumer and enterprise in
these early days of mobility.”
MDM Partnerships with Carriers
MDM vendors frequently structure partnerships with carriers as a way of integrating their
platforms directly into carrier service offerings. Carriers are important to the MDM market, as
they expand MDM vendors’ reach into the carrier’s customer base, as well as scale down to
lower segments of the market that may not typically be targeted by MDM players. Examples of
MDM players partnering with carriers include:
Fiberlink and Vodafone UK have had a long-term partnership. In January 2012, Fiberlink
announced that O2 will use Fiberlink’s MaaS360 platform to provide MDM services for
O2’s “Joined Up People” initiative. MDM services provided by Fiberlink include device
discovery, email access control, remote lock and remote wipe.
MobileIron is working with AT&T, KDDI, SingTel, Softbank BB, Swisscom, Verizon, and
Vodafone, allowing carriers a choice of managing certain devices and specific
applications. MobileIron allows carriers to include MobileIron’s MDM offering directly
on the their billing statements.
SOTI works closely with Verizon and Sprint in the Education market and Telefonica UK
has been a SOTI MobiControl distributor for many years.
Zenprise is a member of O2’s Accelerator Programme, which provides sales, marketing
and technical support to partners, as well as access to thousands of O 2’s enterprise
customers as a low-cost route to market.
MDM Partnerships in Adjacent Industries
Absolute Software believes that partnerships are “vital” with firms in adjacent areas so that
vendors can more effectively offer robust MDM solutions. According to Tim Williams, Absolute
Software’s Director of Product Management, his company has “great partnerships with VARs
and OEMs” as part of the firm’s go-to-market and sales strategy. Williams adds, “We also have
solid partnerships with technology partners who can bring to the table certain technologies
85 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
that we don't want to develop because there are
companies that do it better than we do and we'd rather
integrate with them and be able to deliver that service
more effectively.”
Adjacent firms are also reaching out to partner with
MDM vendors. For example, Endeavour Software, a
software services company, integrates its applications
with MDM systems to ensure that new features and
functionality Endeavour creates can be fully utilized on
MDM platforms. Endeavour frequently works with
BoxTone, MobileIron, RIM and SAP/Sybase. For smaller
deployments, Endeavour will often design and build
MDM features directly into its solution for customers.
System Integrators (SIs) recommend MDM vendors to
both installed base and green field opportunities. SIs
have formed partnerships with MDMs as a way of
selling services on top of the MDM platform, such as
installation, education surrounding BYOD, and
professional services. Given SIs’ extensive experience
with application development from traditional
computing markets, such as mainframes and servers,
mobile application creation is a natural – and lucrative
– extension of their businesses.
BoxTone has structured partnerships with Managed
Service Providers (MSPs), including BT, CDW, CSC, Dell
Services, Fujitsu, HP Enterprise Services, and
Xerox/ACS, as well as key mobility and government
VARs. BoxTone also has a partnership with MAM
vendor Apperian in which BoxTone provides the core
MDM platform and offers Apperian’s enterprise SDK
and app catalog to customers who are focused on
building their own internal mobile apps. According to
BoxTone Chief Marketing Officer Brian Reed, “We'll
never build an SDK, we'll never be a development
environment. Apperian has a best-of-breed SDK, so we
brought Apperian into our partner ecosystem so that
Syclo’s Partner Structure
Syclo has organized its partner
structure, with systems vendors being
very important since they are the
systems that are extended to mobile
devices. IBM, SAP and TRIRIGA are
examples of these types of vendors.
The next tier are global and local
system integrators due to their close
ties to customers who need mobility
solutions, as well as their ability to
integrate with existing customer
infrastructure.
Hardware vendors, such as Motorola,
Intermec, Panasonic and Cisco, are at
the next level; these firms supply the
hardware and utilize Syclo for the
software component.
Carriers round out Syclo’s partner
ecosystem. Carriers offer extensive
market coverage.
86 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
our customers who are building enterprise apps can
leverage Apperian plugged into the BoxTone
environment. Every customer we've plugged in loves it
and has gotten a lot of value out of it.”
MDMs Provide Partner Training
MDM vendors are pro-actively training system
integrators on installation, technical aspects of their
products, and business process skills. MobileIron, for
example, introduced “MobileIron University” in
December 2011 to train its partners on MobileIron’s
various mobility management and mobility security
services so that SIs can offer MDM on top of their
existing services.
With over 2,000 Syclo developers developing on the
Agentry platform, Syclo trains partners such as
Accenture, CSC, IBM and Wipro on how to develop and
deploy Syclo systems. Syclo has training facilities for
these vendors at its Illinois headquarters, in London,
and at partner sites in India; Syclo also offers virtual
classes.
MDMs Seek Best-of-Breed Partners
Zenprise, which launched “Zenprise Partner Network”
or ZPN in August 2011, looks for best-of-breed vendors
when deciding on partnerships. In December 2011,
Zenprise added to its partner network Trace3, a VAR
focused on security-related issues with existing and
trusted relationships with IT security executives and
CIOs. In early 2012, Zenprise signed agreements with
Dell, Sprint, F5 Networks and Palo Alto Networks.
Zenprise is expected to announce additional
partnerships with security-related vendors in the
coming months. According to Ahmed Datoo, CMO at
Zenprise, “Our focus is on going after the right sets of
partners. We target the leaders in each space.”
Motorola Solutions: Plug-In Partner Model
Motorola Solutions views its partner program and partner community as a key differentiator for its MSP product, noting that it offers a “plug-in model” to which third parties can add features to MSP. Examples of plug-ins developed for MSP by partners include: emulation tools and the ability to retrieve application metrics as part of the broader MSP system.
Motorola Solutions’ channel partner base includes over 20,000 partners who write both line of business and custom applications for Motorola Solutions’ devices and software, including MSP, providing both value and customization to the marketplace.
Customers looking for specific mobile applications that have already been developed can work with Motorola Solutions’ Solution Center, which segments applications by vertical industry, LOB and type of application. The Solution Center also provides some interoperability testing of applications, and partners can leverage Motorola Solutions’
facilities, both on-site and remotely.
87 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
AirWatch uses the term “ecosystem” to describe its approach toward partnerships. AirWatch
designed its product to be cloud-based and multi-tenant, and to have the multi-tenancy
showcased as another vendor’s brand, if desired. According to AirWatch Chairman Alan
Dabbiere, “We’re not the whole product, we make other companies’ products better.”
AirWatch has partnerships with global carriers such as Vodafone, telecom expense
management providers such as Rivermine, MSPs such as Intermec, global consulting firms
Wipro and Infosys, and PC lifecycle firms such as Matrix 42. While these partner companies
may not have the economies of scale to build MDM solutions, according to Dabbiere, they want
to incorporate MDM into a single product offering – a single pane of glass – from the
customer’s perspective.
Additional Partnership Strategies
MDM players from different historical frameworks are also partnering with one another. For
example, BoxTone, which comes from a deep history of enterprise systems management and
performance monitoring, is partnering with Good Technology to manage, monitor and support
Good’s FIPS-certified secure messaging container. Explains BoxTone’s Brian Reed: “If
customers don’t want to manage the device and only want to manage the container, customers
can use Good. If they want to manage the device, they can use BoxTone. For customers who
really want multi-layer protection, they can use both.”
SAP plans to continue its partnerships with leading hosted solution providers for cloud-based
Afaria. As Russell Fry, Senior Director and Mobility Solution Executive at SAP, states “I think you
need to create relationships and partnerships with leading cloud providers that can help
architect the multi-tenancies, that can help architect the scalability and concurrencies, that can
help architect and ease some of the communications to the inevitable back-ends to which these
systems must connect.”
88 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
SAP is expected to be a growing player in the cloud-
based application market, both through partnerships
and acquisitions. In December 2011, for example, SAP
announced that it was acquiring SuccessFactors, a
cloud-based vendor focused on human
resources/human capital management applications.
The acquisition will provide SAP with cloud-based
applications for HR management, as well as the
leverage and differentiation it needs to stand apart
from other vendors in the MDM market.
Table 11 provides a summary of the technology
partnerships that have been structured by key mobile
device management vendors. We also include an
analysis of the significance of these partnerships to
each vendor.
BoxTone and 3LM Partner to
Provide Secure Android to
Security-Conscious
Customers
BoxTone and 3LM announced a
partnership in October 2011 to deliver
an embedded security and
management platform for Android
devices and applications.
Under licensing agreements with
major handset manufacturers,
including Motorola, Sony Ericsson,
HTC and LG, 3LM is re-embedding
security controls back into Android as
part of the Android OS. In essence, it
is adding a patch code that turns the
security features from Linux back on
at the kernel level.
The result is that BoxTone can
manipulate the device at the OS level
to gain full control, encryption, and
system manipulation of the device in
the same way it does with BlackBerry
devices.
3LM provides the on-device
technology that is remotely
manageable and configurable from
the BoxTone server.
89 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 11: Mobile Device Management Technology Partnerships Vendor Key Partners Significance
Absolute Software
OEM partnerships: Acer, ASUS, Dell, Fujitsu, GammaTech, Gateway, GD Itronix, Getac, HP, Lenovo, MobileDemand, Motion, NEC, Panasonic, Samsung, Toshiba, and Xplore. Technology alliances: Intel, McAfee, Microsoft, Qualcomm, Sollos Technology Solutions , and Verizon.
Absolute Software regards partnerships as “vital” in delivering best-of-class solutions quickly and has solid partnerships with VARs, OEMs, ISVs, SIs, resellers, and electronics retailers/product distributors to deliver services in technology adjacent to MDM.
AirWatch AirWatch partners include 2GO Software, AccuCode, Apple, AT&T, Barcoding, DAP Technologies, dpi, EMS Technologies, Firehouse Wireless, HTC, Homecare Homebase, Intermec, LXE (Honeywell), Mobile Mentor, Motorola, Opticon, NitroDesk, RMS Omega, Samsung, Sollos Technology Solutions, Teamstudio, Voalté, Voxware, Vox Mobile.
AirWatch partners with carriers, OEMs, ISVs, resellers and SIs, providing technical training/certification, lead registration, joint marketing programs, and sales/technical support. AirWatch offers an MDM SDK for ISVs to integrate into custom business applications.
AT&T AT&T has partnered with Mformation since 2008 to provide device protection and control. Since then, AT&T has formed relationships and resale agreements with three key MDM vendors: Good Technology, McAfee, and MobileIron. AT&T is also working with Juniper Networks on VPN connectivity and, through its relationship with MobileIron, AT&T is working with Cisco. AT&T is partnering with Enterproid to utilize the Divide platform, with Verivo for MEAP capabilities and with Apperian for an internal storefront capabilities for enterprise apps.
AT&T has chosen to work with partners instead of developing MDM capabilities in-house due to the fast-moving nature of the mobility market. AT&T continues to evaluate MDM vendors and will expand its list of partners and strategic alliances if it finds a “good fit.” AT&T will also mix and match solutions between partners. For example, AT&T may leverage Apperian’s EASE platform on MobileIron or McAfee’s platforms.
BoxTone BoxTone has a variety of partner categories, including Technology partners: 3LM, Accellion, Apperian, Apple, Aruba, CISCO, Good Technology, Google, HP, IBM, Microsoft, Mocana, RIM, and LogMeIn. Carrier partners: AT&T, Sprint, Telefonica, Vodafone, and Verizon. MSPs/Hosters: BT, CSC, Dell Services, Fujitsu, HP Services, and Xerox/ACS. Resellers: CDW, Ingram Micro, and Vodafone.
BoxTone partners are geographically diverse and cross partner categories. BoxTone is working with best-of-breed partners to “bring it all together” behind a single pane of glass. BoxTone believes the only way firms can be successful in the MDM market is to partner because no single vendor can cover everything across enterprise mobility and IT.
Fiberlink Fiberlink partners include: Technology: Apple, Google, Microsoft, Samsung, NitroDesk, Qualcomm, Zscaler, Echoworx, Checkpoint, Cisco, IBM, Iron Mountain, Juniper Networks, OPSWAT, and RSA Security. Carriers: AT&T, O2, Verizon Wireless, and Vodafone Resellers: Extra IT, Mobility in Cloud, NetXactics, and WirelessWorx Distributors: CDW, Brightstar/TechData , and Wick Hill Managed Service Providers: ProfitLink, Vox Mobile, and Weidenhammer
Dubbed the “MaaSters” Partner Program, Fiberlink’s partner program has Referral, Reseller, and Service Provider components, in addition to a Technology Partner Program. Fiberlink believes that partners are essential in keeping pace with the rate of change. Partners also help Fiberlink extend its offerings to markets that may otherwise be out of reach.
90 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 11: Mobile Device Management Technology Partnerships (continued) Vendor Key Partners Significance
Good Technology
Good is one of three vendors providing AT&T with an MDM platform to resell to AT&T customers. Good offers its Good Dynamics Developer Network (GDN) Program to ISVs and SIs, allowing partners to combine their mobility and application development expertise with Good Dynamics’ mobile application platform technology. Partners receive an SDK, access to Good’s network operations infrastructure and security, and online community support. Good Dynamics partners include Accellion, Aji, Box, GroupLogic, MeLLmo (Roambi), MicroStrategy, Quickoffice, Unisys, and Verivo.
In early 2012, Good opened its Good Dynamics Developer Network (GDN) Program to independent mobile application developers, discontinuing its invitation-only approach after successfully recruiting over 230 developers and 30 ISV partners. In addition to GDN, Good also partners with VARs, network carriers (AT&T, Orange, Sprint, T-Mobile, Verizon Wireless, and Vodafone), device manufacturers (Apple, HTC, iNQ, LG, Motorola, and Nokia) and other MDMs (BoxTone). Good views partners as essential in helping it reach new customers.
McAfee McAfee is one of three vendors providing AT&T with an MDM platform to resell to AT&T customers; AT&T offers full services for EMM, from deployment services to bundling. Other MDM partners include I.T. Security Experts, LG Electronics, and NTT DOCOMO. McAfee is working with partners on a cloud-based EMM offering.
McAfee believes that a partner ecosystem is important in expanding its offerings to as many geographic and customers markets as possible.
Mformation Mformation partners include Accenture, Acision, Amdocs, ASUSTek Computer, Bridgewater Systems, Echoworx, Elitecore Technologies Limited, F5 Networks, HP, HTC, Huawei, IBM, Intel, JBoss, LG Electronics, Microsoft, Motorola, Nokia, Oracle, RIM, Samsung, Seowon Intech, Sequans Communications, Sony Ericsson, Symbian, and ZTE. Additionally, Mformation is partnering with MEAP and MAM vendors to integrate its offerings and enable cross-selling and bundling of MDM solutions as part of its core value proposition. In December 2011, Mformation announced a partnership with Echoworx for email and data encryption on mobile devices.
Mformation describes partners as critical to enterprise mobility and its enterprise strategy, which is to support critical MDM functionality on the Mformation Enterprise Manager platform. Enterprise Manager is architected to easily integrate with other best-of-breed mobility solutions, providing MSPs and end-user organizations deep functional coverage across all key mobility solution areas (MDM, expense management, MEAP, encryption).
MobileIron MobileIron states that it increased global distribution through partnerships with 13 of the largest mobile operators during 2011, as well as over 150 Mobile IT VARs worldwide. MobileIron is one of three vendors providing AT&T with an MDM platform to resell to AT&T customers. MobileIron partners with different categories of partners, including Carriers: AT&T, KDDI, SingTel, Softbank BB, Swisscom, Verizon and Vodafone. AppConnect Partners: Accellion, Box, GoodReader, GroupLogic, NitroDesk, Quickoffice, Roambi, Wyse PocketCloud, and Xora. System Integrators: Anderson Consulting, KPMG, Tata Consultancy Services, Wipro. Technology Partners: Cisco, LG Electronics, Samsung. Other Partners: Aptus, dpi, EDB ErgoGroup SYSteam Lesswire, Gijima, I.T. Security Experts, ManageNET, Mission Critical Wireless, Mobilise IT, Sapphire, Set Solutions, and Vox Mobile.
MobileIron has an active partner program and is fostering ongoing relationships with application vendors, carriers, system integrators, VARs and technology partners. MobileIron’s AppConnect Policy, introduced in September 2011, includes partnerships with nine firms that provide enterprises with a tool to secure application ‘data at rest’ and ‘data in motion’ across the application lifecycle. “MobileIron University” trains partners on MobileIron’s offerings so partners can offer these solutions with their own offerings. MobileIron University also serves as a certification center.
91 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 11: Mobile Device Management Technology Partnerships (continued) Vendor Key Partners Significance
Motorola Solutions
Motorola Solutions partners with ISVs, Premier ISVs, Solution Partners, Premier Solution Partners, Business Partners, Premier Business Partners, VARs and resellers, including 42Gears, Enforce Global, Field ID, Lowry Computer Products, Salamander Technologies, Simat Technologies, Supply Insight, and Voxware. Motorola Solutions also has Alliance Partners, including Datamax-O’Neil, IBM, Infosys, Microsoft, Oracle, SAP, and Zebra.
Motorola Solutions has a strong and large community of ISPs that write line of business and custom applications for Motorola Solutions’ devices and software, including MSP. Motorola’s Solutions Center allows partners to test key apps prior to launch to ensure products and apps are fully integrated and functional.
SAP In 2010 SAP structured partnerships with Accenture, Orange Business Services, VeliQ and Verizon to offer Afaria MDM as a hosted solution. These partners have built a user interface portal on top of SAP’s on-premise Afaria offering; it has the same look and feel and same implementation but partners package and sell it according to their specific target markets. SAP also partners with global firms worldwide and “continues to invest heavily” in its partner community.
SAP has an active application development partner community. SAP partners have created over 200 applications for the Afaria platform that are available directly from partners or SAP. This provides partners with a “large ecosystem” that gives them confidence in their mobile environments.
SOTI SOTI partners include Acteos, AML, Apple, Aruba Networks, Astea, AT&T, Avanti, Barcoding, Bell, Blackbay, CipherLab, Datalogic, Data Ltd. Inc., Daxium, DENSO, HighJump Software, Honeywell, HTC, Intermec, Janam Technologies, LG, LXE (Honeywell), Microsoft, Motorola, Naurtech, NitroDesk, O2, Palm, Panasonic, Pidion, Psion, RedPrairie, RIM, Rogers, Samsung, Sprint, Strategic Telecom Solutions, Symbol, TABLETmedia, TEklogix, Telefonica UK, Telus, Telstra, Unitech, Verizon and ZTE.
SOTI has over 400 VARs and distributors worldwide and reports that it is seeing increased uptake in partner activity in Latin America, EMEA and APAC.
Syclo Syclo MDM partners include Global Alliances with Accenture, CIBER, CSC, IBM Global Services; Solution Implementers including ASCOM, Barcode Gulf, ENERGY4U, EDI, EIS, Gemba, General Dynamics IT, Interprocom, Logistics International, Path AS, Peacock Engineering, Serco, Smiths Consulting, Strategic Maintenance Solutions, Triad Technology Partners, Vesta, Vetasi; Solution Providers including AssetPoint, COINS, CUES, IBM Maximo, Mainstream Software, SAP, Systems & Software, TRIRIGA, Ventureforth; and Technology Partners including AT&T, ESRI, Intermec, Microsoft, Motorola, Panasonic, RIM, and ServicePower. Syclo also partners with Infosys, Tata Consultancy Services, West Interactive and Wipro; these firms offer Syclo Agentry MDM as a cloud-based solution. Additionally, Syclo works with Oracle, Ventyx, and Datastream, as well as over 2,000 developers to provide new applications for the Agentry platform.
Syclo uses a model-driven platform approach in which it provides training to partners who develop and deploy Agentry on Syclo’s behalf. Syclo believes that partners are essential, recognizing that “this enables us scale to deliver a large number of deployments worldwide.”
92 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 11: Mobile Device Management Technology Partnerships (continued) Vendor Key Partners Significance
Tangoe Tangoe provides TEM and MDM solutions to many system integrators, outsourcing firms, and consulting firms, including Advocate Networks, Dell, Gibson Quai – AAS Consulting, IBM, Insight Networking (formerly Calence), Intersel, ISI Telemanagement Solutions, Mobilit, Pivotél, Secure Path Networks, and Webb. Tangoe also partners with technology vendors who combine Tangoe’s solution capabilities with their offerings. These include Altova, Visual Mining, RIM and Microsoft.
Tangoe believes that partnerships and alliances are very important to its customers’ success.
Wavelink Wavelink’s Partner Program includes Platinum, Gold, and Silver tiers, as well as a sales referral program. Certified partner training is provided to Platinum and Gold partners. Partners include AirMagnet, Aruba Networks, BCI, DecisionPoint, Cisco, DENSO, Ericsson, ExtenData Solutions, Funk, Handheld Products, HP, Intel, Intermec, iPad Enclosures, InfoLogix, Ipswitch, LXE (Honeywell), Millennium Technologies, NitroDesk, Nuance, Peak Technologies, PSC, Psion-Teklogix, Retek, SYSTIMAX, and Zebra.
Wavelink seeks out best-of-breed partners, including value added resellers, device manufacturers, system integrators and distributors. Partners provide support for Wavelink’s MDM offering: “Our partners are well trained and with our large installed base, we couldn’t do it all ourselves.”
Zenprise The Zenprise Partner Network includes relationships with VARs, system integrators, MSPs and technology alliance partners. Zenprise offers two levels of partnership: Authorized and Premier; the latter provides rebates and lead sharing. Partners include dpi, Ferrata Solutions, igxglobal, LINEAS Informationstechnik, Microsoft, RADPOINT, RIM, Trace3 and Vox Mobile.
Zenprise states that its partner strategy is highly focused and that the company only has plans to team with partners that are a good fit for its business. Zenprise looks for “best-of-breed” vendors, such as Trace3, a VAR focused on security with existing trusted relationships.
93 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MOBILE DEVICE MANAGEMENT GEOGRAPHIC COVERAGE Most of the mobile device management vendors profiled in this report are based in the United
States or North America. As MDM players expand to reach new markets, they are opening
offices in global locations. For example, Zenprise opened a European headquarters in Paris,
France during 2011, as well as sales offices in Germany, the Netherlands and the United
Kingdom. Zenprise officials note that they plan to hire a general manager for Asia Pacific and
open an office in this region. During 2011 MobileIron expanded its global installed based with
customers in over 30 countries.
While large companies typically have offices worldwide, smaller players must often rely on their
strong ecosystem of partners – including distributors, VARs and system integrators – to
represent them in some geographic regions, particularly Latin America. None of the smaller
MDM players highlighted plans to open Latin American offices in the near term, indicating that
they have been able to effectively rely on partners to provide coverage to this market.
Additionally, MDM vendors who sell to multi-national corporations often interact with the
headquarters locations for procurement and deployment discussions. As the markets in under-
represented regions present greater opportunities for MDM players in the coming years, we
expect key players to establish a physical presence in these locations.
Table 12 highlights the geographic coverage provided by top-tier MDM players, including their
headquarters locations and regional offices.
94 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 12: Mobile Device Management Vendor Geographic Coverage
Vendor HQS
Location North
America Latin America EMEA Asia Pacific
Absolute Software
Vancouver, Canada
Austin, TX NA Newberry, UK NA
AirWatch Atlanta, GA Atlanta, GA and Washington, DC
Supported from Atlanta, GA
Milton-Keynes, UK
Melbourne, Australia; Bangalore, India
AT&T Dallas, TX Offices throughout US &
Canada
Offices throughout Latin America
Offices throughout
EMEA
Offices throughout APAC
BoxTone Columbia, MD
NA Sell through partners, including
CSC, HP, IBM or supported directly
Sell through partners,
including, CSC, HP, IBM or supported
directly
Supported through partners, including CSC, HP, IBM or supported
directly
Fiberlink Blue Bell, PA
San Mateo, CA; Chicago, IL; Atlanta, GA; Dallas, TX;
Washington, DC
Supported primarily by HQS Inside Sales team
Munich, Germany;
London, UK
Bangalore, India; Tokyo, Japan
Good Technology
Sunnyvale, CA
San Diego, CA; Red Bank, NJ;
NY, NY; Farmers Branch, TX; Seattle, WA
Supported via international VARs
& SIs
Paris, France; Frankfurt, Germany;
Milan, Italy; Madrid, Spain;
London, UK
Sydney, Australia; Beijing & Tianjin, China;
Seoul, Korea
McAfee Santa Clara, CA
Santa Clara, CA and Markham,
Ontario, Canada
Offices throughout Latin America
Offices throughout
EMEA
Offices throughout APAC
Mformation Edison, NJ NA NA Belfast, Ireland; Windsor, UK
Bangalore, India; Tokyo, Japan; Beijing, China;
Kuala Lumpur, Malaysia; Melbourne,
Australia MobileIron Mountain
View, CA Mountain View,
CA Uses partners to address market
Hilversum, Netherlands
Tokyo, Japan; Hyderabad, India
Motorola Solutions
Schaum-burg, IL
Schaumburg, IL and Markham,
Ontario, Canada
Offices throughout Latin America
Offices throughout
EMEA
Offices throughout APAC
SAP Walldorf, Germany
Offices throughout US &
Canada
Offices throughout Latin America
Offices throughout
EMEA
Offices throughout APAC
SOTI Missis-sauga,
Ontario
Salt Lake City, UT; Atlanta, GA
Supported from headquarters
Birmingham, England
Melbourne, Australia
Syclo Hoffman Estates, IL
Chicago, IL Miami, FL Surrey, UK; Stuttgart, Germany
Supported from headquarters
95 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 12: Mobile Device Management Vendor Geographic Coverage (continued)
Vendor HQS
Location North
America Latin America EMEA Asia Pacific
Tangoe Orange, CT Alpharetta, GA; Austin, TX;
Columbus, OH; Greenwood Village, CO;
Parsippany, NJ; Pueblo, CO; San
Diego, CA; Waltham, MA;
Montreal, Canada
Supported from headquarters
Amsterdam, Netherlands
Kunshan, China
Wavelink South Jordan, UT
Atlanta, GA; Chicago, IL; Phoenix, AZ; Seattle, WA;
Supported from headquarters
London, UK; Milan, Italy;
Germany
Singapore; Sydney, Australia
Zenprise Redwood City, CA
FL, GA, IL, NJ, NY, TX, WA
Uses partners to address the LA
market.
Paris, France HQS, Germany,
Netherlands, UK
Uses partners to address the APAC
market; plans to hire GM, open office.
96 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MOBILE DEVICE MANAGEMENT SUPPORT
Support for mobile device management customers includes installation, configuration,
monitoring and professional services/support. Many of the offerings provided by key MDM
vendors are typical of the software and services model used by other information technology
firms. For example, global support is provided on a tiered basis, with premium support
customers privy to enhanced levels of service. Knowledge bases, online user groups, and
upgrades and patches are provided by MDM vendor support teams, as well as partners in some
instances.
Installation services are migrating towards “self-service” in keeping with the increased desire of
customers to install their systems directly and at a more rapid rate than the step-by-step
approach taken by vendors in the past. Instead of an installation process taking days, typical
MDM installations can now be completed in several hours, or even minutes.
Configuration services include user authentication, group-based policy configurations, and Wi-
Fi and VPN settings. Vendors can provide different configuration profiles based on whether a
device is a personal or corporate device.
Monitoring services generally include dashboards and reports. MDM vendors are increasingly
adding robust analytics to their offerings, including both standard and custom reports. A
centralized console is assumed, and real-time telecom expense management is increasingly
being offered to customers as a way of controlling spending costs and making profile
adjustments 'on-the-fly.'
Professional services teams provide design, implementation, integration, training, and
certification programs to customers. Professional services can be provided in a variety of ways,
including application development assistance directly to customers, training partners to
develop and deploy applications, or training customer IT departments to develop and deploy
the applications themselves.
Table 13 provides greater detail about the support offerings offered by the mobile device
management vendors highlighted in this study.
97 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 13: Mobile Device Management Vendor Support Offerings Vendor Installation Configuration Monitoring PS/Support
Absolute Software
Absolute Software provides assistance with questions about pre-configuration, master image creation, and SSH keys.
Configuration assistance includes ports used, pre-configuration prior to deployment, and patch management behind a proxy server.
Includes answers to questions about volume software licenses, application deployment without user interaction, OS patches, and silent updates.
Support provides answers to functional questions, OS re-imaging, fixes, upgrades, and defects. Includes online customer and user forums, Knowledge Base, and self-service for IT administrators. Customers can contact global support through email/ phone. International support provided by partners.
AirWatch AirWatch offers on-premise, appliance or SaaS models and provides a multi-tenant environment with users, device groups and profiles for enrollment. For SaaS and Appliance installations, there is no software to install by the client; an appliance comes pre-installed and simply needs to be connected to the network and configured before use. For on-premise deployments, AirWatch installs its application on Windows 2008 servers utilizing an install shield wizard process.
AirWatch can configure and update corporate policies, settings and restrictions; integrate with existing systems to provision access to email, VPN and Wi-Fi; integrate with certificates and cloud-based PKI; automate configuration by user role, device type, or group; and reconfigure devices based on user, location or shift.
AirWatch monitors devices for policy violations, exceptions, and threats in real time; provides notifications with exceptions via email, SMS or dashboard messages; provides automated business rules for policy violations, exceptions and threats; and offers over 100 customizable reports with automated distribution. In addition, AirWatch offers a full Data Mart.
AirWatch professional services include on-site training, mobility best practices, integration services and technical solutions to improve business processes and reduce operational costs. The company is experienced in building, implementing and scaling enterprise software solutions. Additionally, AirWatch provides technical support for customers from its corporate headquarters in Atlanta, GA as well as from global offices. Support services include an online support portal; standard, extended and 24x7x365 support; dedicated support contacts; and online, remote and on-site upgrade support.
98 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 13: Mobile Device Management Vendor Support Offerings (continued) Vendor Installation Configuration Monitoring PS/Support
AT&T AT&T provides a pre-installation checklist and calls to review data. Installs MDM software on server; configures software and registers up to 10 devices; tests registered devices for compliance.
Dependent upon which MDM vendor is chosen (Good Technology, McAfee, or MobileIron). Generally, solutions provide device configuration and multi-OS device management, as well as application provisioning, configuration and troubleshooting.
Dependent upon which MDM vendor is chosen (Good Technology, McAfee, or MobileIron). Generally, solutions provide visibility & reporting, activity analysis, service quality monitoring, and usage visibility.
AT&T provides PS for installation and administrator training, readiness workshops, and consulting services to assess risk. Custom PS are available for multi-server installations. The MDMs with whom AT&T partners provide their own system support for on-premise solutions. AT&T will support hosted customers.
BoxTone Users are authorized and configured OTA based on Active Directory group policy. Employees who depart are automatically removed/blocked in Active Directory and removed from access OTA. Installation includes training and assistance from on-site consultants. BlackBerry customers do not require software installed on their BES.
BoxTone automatically configures devices during provisioning and its configuration management tool automatically adjusts device configurations OTA based on changes to mobile and enterprise policies.
Security Management Dashboard monitors customers’ security and compliance status; includes trend data and identifies security gaps and non-compliance. Compliance Management monitors security status of all devices, apps, services; detects, remediates, and logs violations. Incident & Performance monitors real-time health, availability & performance of all users, devices and apps, providing dashboards & alerts of outages & repair recommendations. Infrastructure monitoring tools include Microsoft’s SCOM and HP’s Operations Manager.
BoxTone’s centralized help desk includes 4 severity levels: Critical, Severe, Medium, Low. BoxTone monitors all users, devices and apps, providing service desk with console to look up real-time status, auto-diagnose issues and repair them remotely using embedded expert knowledgebase. MSPs use BoxTone’s tools to deliver support services directly to customers.
99 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 13: Mobile Device Management Vendor Support Offerings (continued) Vendor Installation Configuration Monitoring PS/Support
Fiberlink MaaS360 can be “installed” in less than five minutes. A typical full-system configuration takes 30-60 minutes. If necessary, remote assistance is provided. Typical follow-up calls concentrate on platform navigation and best practices for device management. Additional assistance is available directly from masters.maas360.com. There are over 80 recorded technical and training webinars at the customer’s disposal.
Fiberlink uses polices to govern devices, including Wi-Fi and VPN settings. MaaS360 automatically pushes profiles to the appropriate devices without manual intervention from IT. IT administrators can set up policies to enforce passcode use, enforce encryption and restrict specific features and applications.
MaaS360 creates policies in the Policy Management module and can be set up to monitor devices globally in real-time to enforce passcode settings, automatically lock the device if it has been idle for a specified time, and erase all data on the device if an incorrect passcode has been entered for a specified number of times. Monitoring also includes many additional policy settings such as jailbrake/root detection, app compliance, and MaaS360 enforcement among others. Customers can monitor a Watch List to determine the number of devices that are out of compliance. Drill-down menus provide additional information on specific devices, reasons for non-compliance, and security-related information.
Fiberlink offers assistance with: Requirements Definition & Scope; Solution Definition & Cost Estimate; Project Planning & Management; and Solution Delivery & Acceptance. All support is provided 24x7x365 via phone/email for no charge. Partners provide the first tier of support for partner and direct customers. Partners escalate calls to Fiberlink’s Global help desk if necessary. Fiberlink also offers an online portal for user self-help and system administrator training.
Good Technology
Good servers are deployed behind the firewall with a secure outbound connection using standard port 443. Over-the-air transmissions, enterprise data-at-rest and on the device are secured with AES-192 encryption.
Good for Enterprise includes a secure browser that enables employees to access corporate resources behind the firewall without enabling VPN.
Remote monitoring allows IT administrators to access a dashboard via a Web browser to see all mobile devices on the network. IT administrators can provision new devices, enforce passwords, distribute custom or third-party enterprise applications, and establish role-based policies.
Good offers Basic, Extended, Extended Plus and Premium support plans. Good Training & Professional Services includes consultation, implementation, training and certification programs. Training includes two options for remote training and one option for on-site training.
100 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 13: Mobile Device Management Vendor Support Offerings (continued) Vendor Installation Configuration Monitoring PS/Support
McAfee A pre-install helper ensures software and firewall ports are open and creates MDM certificate request for Apple. Sets up console to use Active Directory or Domino LDAP credentials. PKI users set up Enrollment Agents and Certificate Authorities. Create groups, policies and assign policies to groups. Define connections/services users can access (VPN, Wi-Fi, apps, etc).
McAfee provides group-based policy configuration (tied to Microsoft Active Directory or Lotus Domino LDAP) and automates the configuration and connectivity of VPN, Wi-Fi, PKI, and native email sync. Can personalize device configuration to enable user access to IT services.
Provides centralized reporting, policy management, and role-based access control for administrative and help desk personnel. Includes monitoring of users trying to connect to network, automatic policy enforcement, and the requirement that devices are registered, current on policies, and have refused connections to jailbroken devices.
McAfee users self-deploy, allowing very low IT support overhead. Users access and download EMM through the enterprise app store and authenticate using email credentials. McAfee provides support to system administrators.
Mformation Software Manager allows intelligent OTA management of device software and firmware. Apps can be distributed, updated and managed on devices that support standardized and pre-standardized versions of software components (SCOMO), as well as devices using Mformation’s extension to the SCOMO specification.
Configuration Manager allows MSPs to configure settings of new data services and add them dynamically. MSPs can automate the configuration process with Automation Manager modules. Can be integrated with call centers to allow representatives to troubleshoot mobile device issues.
Enterprise Manager can monitor performance and device usage, request a list of installed applications, change and enforce password policies, and monitor real-time device information such as current location, memory, password, and battery status.
Customers can manage private apps through Mformation Enterprise Manager or develop apps through one of Mformation’s MEAP partners. Mformation offers follow-the-sun support, with support centers and staff worldwide. Mformation generally provides 3rd level support since MSPs handle 1
st & 2
nd level
support issues.
MobileIron MobileIron and partners provide guided assistance for customers who are installing VSP, including training and deployment services.
MobileIron’s self-service support portal provides support for US customers and MobileIron’s worldwide partner network. EMEA and APJ customers receive support through suppliers and partners.
MobileIron provides real-time event and application monitoring. VSP will warn IT administrators of non-compliant users. MobileIron Intelligence provides near-real-time activity monitoring for international roaming and voice/SMS/data usage. Provides real-time TEM monitoring.
Users are referred to a self-service portal where they can log new cases, view case status and gain access to the Support Knowledgebase. MobileIron VARs provide Tier 1 and Tier 2 support to IT administrators.
101 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 13: Mobile Device Management Vendor Support Offerings (continued) Vendor Installation Configuration Monitoring PS/Support
Motorola Solutions
Customers are provided with a MSP Client Software Guide which outlines MSP client software; device reboots, shutdowns, and persistence; network adapters; settings classes; condition classes; and control modules.
BYOD devices are self-enrolled; IT configures all corporate information to ensure security and manageability. IT configuration includes installation of report applications, device inventory, VPN access, Exchange settings.
Monitoring includes remote OTA provisioning and analysis, including application distribution and updates, remote troubleshooting, and data collection (such as cellular metrics, battery, app usage).
Motorola Solutions provides IT with “touchless” staging and registering of smartphones and tablets. Customers may access online and phone product support. Some partners provide support.
SAP Depending on customer preference, SAP will send out a consultant to provide implementation assistance or customers can self-install Afaria using a virtual machine appliance “in about 1 hour.”
Consultants set up the configuration process and walk customers through step-by-step if on-site configuration assistance is required. Otherwise, customers step through configuration set-up through self-installation.
IT managers can view entire device fleet from centralized console. Real-time telecom expense management and monitoring provides IT and users current details on spending patterns and allows IT to make profile adjustments.
Through its Mobile Enterprise Technical Support website, SAP provides customers with a Knowledgebase, the ability to download software updates, and product documentation. Users can log issues online, via email or phone. SAP SaaS partners also provide support.
102 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 13: Mobile Device Management Vendor Support Offerings (continued) Vendor Installation Configuration Monitoring PS/Support
SOTI MobiControl uses a database to store configuration information. Customers can install the database on the same computer as other MobiControl components, or on a separate computer. MobiControl supports Microsoft SQL Server 2005 (Express, Standard, Workgroup, Developer, Enterprise) and 2008 (Express, Standard, Workgroup, Web, Developer, Enterprise) databases.
Device configuration varies depending on device type. Android: Can sync files with managed devices, deploy encrypted configurations OTA to customize device settings and enforce corporate security policies. Can customize personal and corporate devices, configure corporate Wi-Fi connections and enforce strong password policies. iOS: Can deploy encrypted configuration profiles; customize personal and corporate devices and push custom web clips to devices; configure MS Exchange for secure sync of email, calendar, & contacts; customize Wi-Fi, VPN, APN and password settings; and restrict Safari, YouTube, camera, and apps.
Includes real-time remote control, dashboard with details on security breaches, connection status, platform distribution, device activity, data roaming, installed applications, corporate email access, whether or not encryption is enabled, and system health.
Free first year maintenance; additional years are 25% of paid license cost (includes all product upgrades). MobiControl support is provided via phone, email, portal. SOTI provides consulting/mentoring services with best practices, as well as packaged service offerings (assessment and migration services) and short-term assistance. Depending on the issue, partners or SOTI will provide Tier 1 support ; SOTI also provides Tier 2 support. Professional Services includes SOTI Solution Architects and training.
Syclo Industry-specific teams develop business analysis and needs assessment, then build and execute system design, development, integration, training and ongoing technical support.
Most Agentry-based solutions are deployed directly on users' devices. Configuration includes office Wi-Fi or cellular connectivity. Transmitted data is encrypted.
Agentry MDM provides centralized control over all mobile devices. Agentry Analytics includes systems performance analysis and business process analysis.
Professional Services: presales consulting, design, development, implementation, post-sales technical support and training. Support and Maintenance Program provides email, phone, & web support. Provides integrated support with IBM and SAP.
103 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 13: Mobile Device Management Vendor Support Offerings (continued) Vendor Installation Configuration Monitoring PS/Support
Tangoe Tangoe assigns users to mobile servers based on pre-configured rules that manage the relationship between the server infrastructure and mailbox servers.
Includes user authentication against corporate LDAP/AD and user lookups for MDM rules framework and security roles.
Includes mobile server user capacity and warning limits, the ability to manage/monitor enterprise applications, and centralized web-based management.
Support includes Tier 1 End User Support, Tier II Help Desk Escalations and Tier III Engineer-to-Engineer Support.
Wavelink Installation varies depending on Mobility Center or Site Edition licenses. Customers obtain the installation file for Avalanche MC or SE, install the software, specify a password, and select the type of installation desired for MC (custom or enterprise). Avalanche is installed to a default installation folder.
Avalanche Enabler automatically finds the Avalanche system. Scan-to-Configure allows configuration parameters to be set using scanned, secure barcodes. Profile-based management defines network and configuration settings and applies to groups of devices.
Two-way messaging allows console operators to send a text message to one or more devices, view acknow-ledgements and message history, and resend messages where appropriate. Device users can “chat” with a console operator. Alerts and notifications send information about critical events. Predefined and custom reports are available.
Supports customers from Utah headquarters 7 am – 7 pm MT. Planning to add staff and increase coverage to 24x7. Remote support allows IT to control a device as if they were physically holding it. Wavelink partners also provide support.
Zenprise Zenprise offers a Quick Start program in which MobileManager is fully installed, initial test devices are enrolled, and technical personnel receive basic hands-on training. Zenprise’s Mobile Policy Implementation service includes Policy Definitions, Best-Practices Guide, and a Questionnaire to assist customers with mobile device management.
Zenprise can establish different configurations and policies for IL & CL devices. Can configure enterprise (Wi-Fi, VPN, APN, AD or LDAP, PKI, & 2-factor authentic-cation) and security resources (encryption of data-at-rest and mobile app tunnels). Can also configure corporate email and 3rd party email containers. Allows white/black listing of apps, management of mobile apps via enterprise app store, and setting of dynamic/context-aware policies.
MobileManager includes the ability to detect user, device, system and service issues; maintain application inventory; maintain hardware inventory; report on device statistics; and report on service details (roaming, location, user inactivity, and expenses).
Zenprise offers custom professional consulting services, including architectural best practice implementations, package deployments, server hardening and server OS or database configuration. Support plans include Gold (24x7x365 for P1 issues and local business hour support for P2-4 issues) and Silver (local business hours M-F and 24x7x365 online access).
104 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
KEY CONSIDERATIONS WHEN EVALUATING AND CHOOSING A MDM
VENDOR
POLICIES AND PROCEDURES
MDM TRENDS ON THE HORIZON
CONCLUSIONS & MDM INDUSTRY SWOT ANALYSIS
105 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
KEY CONSIDERATIONS WHEN EVALUATING AND CHOOSING A MDM VENDOR
There are many vendors in the mobile device management market today – over 60 companies
that claim to offer some sort of mobility management solution. Moreover, MDM vendors will
readily admit that MDM functionality is all “pretty much the same” with limitations, particularly
by Apple, on what MDM players can do with the mobile operating systems beyond nuances
related to user interface and customer experience. MDM is quickly moving into a commodity
market.
If this is true, how are MDM players differentiating themselves in this crowded market?
Vendors take different approaches, emphasizing partnerships, integrations, financial stability,
“fit” with existing corporate infrastructure, and variety of delivery mechanisms. Other
differentiators include vertical expertise, customer references, and professional services and
support. In essence, it’s what vendors wrap around MDM that provides the most value to
customers.
Given the widespread implications of enterprise mobility growth, what are the critical issues
enterprise IT managers should be considering when evaluating MDM solutions, both internally
within their own organizations and when they are considering MDM vendor selection? What
considerations do customers need to discuss internally before engaging with an MDM vendor?
And what questions should customers ask to ensure their chosen vendor will provide the best
solution to meet their needs?
We offer the following suggestions, based on extensive interviews not only with senior
executives at mobility vendors, but also with customers who recently deployed MDM solutions,
as well as partners who are intimately familiar with these solutions in customer environments.
The recommendations are both strategic and tactical in nature and provide a starting point for
discussions with MDM providers.
Consider MDM as a Long-Term Strategy: Customers should ensure that they are taking
a long-term view of their mobility deployments by preparing for different market
scenarios, including multiple devices and platforms that may be introduced, or that may
disappear. Mobility must be considered in the larger context of not only corporate IT
planning, but overall business strategy. How will mobility help the business gain a
competitive advantage, increase productivity, and realize greater efficiencies? What
areas are ripe for mobility infrastructure, and what areas need more planning before
mobility can be introduced? As Kelly Ungs, Senior Director of Channel Sales at Wavelink
states, “Make sure that what you decide to purchase covers your needs today, but also
make sure you don't make any self-limiting moves and buy something that's going to
force you into a particular configuration tomorrow. Give yourself room to grow.”
106 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Determine Vendor Support for Heterogeneous
Environments: In considering MDM
alternatives, it is important to determine the
depth and breadth of vendors’ abilities to
support many types of devices and mobile
operating systems, particularly if you are
operating in a heterogeneous environment.
While most top-tier MDM providers support a
range of mobile operating systems, device
fragmentation necessitates that customers
inquire about specific MOS levels supported
across the various platforms. Not only are each
of the mobile operating systems different, but
specific devices using a specific MOS are
typically different from each other as well. In a
heterogeneous environment, can all devices be
supported using a single pane of glass? Can the
solution bulk provision across multiple MOS
platforms? Can customers see how user
profiles have evolved over time? Additionally,
while there are very few homogeneous mobile
environments today, some continue to exist,
such as in government offices that mandate
that employees use certain types of phones. If
you are operating in a homogeneous
environment, will the vendor support this?
Ask Questions about Scalability: It is important
to ask vendors the size of their largest
deployments. A solution for a small company
with 200 employees may be vastly different
from that of an organization with 20,000 or
even 200,000 employees in terms of duration,
timing and complexity of deployment; reporting
needs; and scalability. Customers that require
vendors to scale to support large numbers of
users must insist on customer references to
ensure solutions actually scale to promised
AirWatch Scales with Global Customers
AirWatch has helped MNCs deploy thousands of mobile devices:
Coca-Cola deployed 25,000 iOS and Windows Mobile devices and will eventually scale to over 110,000 devices, supporting delivery trucks and CL/IL devices in a global roll-out.
DynCorp has deployed 11,000 iOS devices for Army logistics throughout the Middle East. Critical capabilities include multi-tenancy, high availability, scalability & functionality.
GE has a mixed environment of iOS, Android, Windows Mobile and Symbian devices. GE deployed 15,000 devices in Q12011 and plans to increase this level significantly across all platforms and business units. Emphasis is on tight integration with GE’s current internal infrastructure.
Home Depot deployed over 50,000 Windows Mobile Motorola devices for its retail stores and logistics operations, including the integration of Data Mart reporting with MicroStrategy mobile business intelligence.
Medtronic rolled out over 11,000 iOS and Android devices in 2011 after an
extensive pilot program.
107 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
levels.
Determine if you will Allow BYOD in your Organization: If you do allow employees to
bring their own devices to work, determine how broadly you will implement this policy.
Will you only allow certain devices onto the corporate network? If so, which ones? Can
the solution support segmented work populations with both individual liable and
corporate liable devices? How does the solution isolate corporate and personal data?
As John Herrema, SVP of Corporate Strategy at Good Technology points out, “If
companies aren't defining their BYOD policy, their users are going to do it for them and
IT may regret that outcome. Be pro-active. Figure out what you're going to do with
BYOD now.” Herrema adds that “Solutions that work for BYOD will also work for
environments in which companies supply their own devices, but the reverse is not
always true.”
Ease of Use: How easy is it to get up-and-running on the MDM platform? Will it take
minutes, hours, days or weeks to set up the system? Is the MDM platform integrated
into the LDAP system? What is the process for adding new users or deleting departed
users? Can a single user be mapped into multiple groups? Can changes be deployed
without user involvement? How easy is it to use the platform on a daily basis?
Determine your Goals. Ask: “What am I hoping to accomplish with my mobility
strategy?” IT managers need to determine if their goal is device management or data
management. Are you trying to lock down devices or control information and access to
the information? The answers to these questions may guide IT managers’ final decision
of whether to utilize a vendor that offers a platform approach or a container approach,
for example.
Put Corporate Policies and Business Needs Ahead of IT Tools: Policies and strategies
need to come before devices and MDM software so that the MDM solution is aligning to
the customer organization, and not vice versa. Customers must ensure that any
solution they choose fits well with their existing environment, including the servers,
networks and overall organization. What infrastructure does your organization already
have in place for policy control and data? Will the company infrastructure need to be
changed to accommodate the MDM solution, or is the MDM solution flexible enough to
adapt to the organization, including role-based management, the grouping of devices,
and the system’s overall technology? What business problems are you trying to solve
and how can you map technology to meet those needs? How can you equip employees
to make them more productive?
Evaluate your Current Infrastructure: Really understanding your own environment and
the problems you are trying to solve in that environment are basic but critical in the
108 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“Approximately 75 percent of the
companies we work with don't have
adequate security for their current
laptop mobile infrastructure, which
means that mobile is just going to
extend the problem and make it
worse.” Alan Arenas-Grube, Mobility
Practice Manager at Paragon
Development Systems
MDM evaluation process. For example, is your organization a series of silos where
mobile device management will be a separate infrastructure from laptops or desktops?
MDM solutions are often more cost effective and secure when customers integrate
infrastructure silos. Understanding which groups within your organization have
responsibility for mobility is also key. Is it a group within IT that is responsible for the
email messaging infrastructure? Or do smartphones and tablets reside in a different
organization? Stopping vendor discussions to understand who has internal authority
and control over infrastructure can slow down negotiations.
Understand the Needs of Business Units: Organizations need to understand not only
the requirements of the IT department, but the critical business needs and processes
that individuals use with mobility and mobile applications. How is work flow organized?
What impediments stand in the way? What efficiencies can be gained? By
understanding these key components, mobility can be used to propel organizations to
higher levels of efficiency, productivity and competitiveness. Tying mobility projects
back to business improvements within the organization will also provide added
credibility to IT managers and help fund future projects.
Evaluate Mobile Security in Light of Other IT Policies: Mobility is one piece of an
organization’s overall infrastructure. The way in which companies manage security for
their non-mobile devices is often indicative of
the types of security policies they will put in
place for mobility. Consider how well you are
securely managing your non-mobile IT assets,
such as desktops and laptops, and determine if
this level of security is adequate. Companies
that do not secure documents at existing end-
points will not effectively secure documents
on mobile devices, and vice versa. According
to Alan Arenas-Grube, Mobility Practice
Manager at Paragon Development Systems,
“Approximately 75 percent of the companies
we work with don't have adequate security for their current laptop mobile
infrastructure, which means that mobile is just going to extend the problem and make it
worse.”
Drill Down on Security: Given the significant security implications that mobile devices
can have on enterprises environments, it is critical that IT managers fully understand the
security ramifications of the MDM solutions they are considering. This is particularly
important for organizations planning to support Android devices due to lingering
109 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
concerns about security on Android platforms, as well as those contemplating a cloud-
based solution. How are certificates authenticated when users are enrolling their
devices onto the corporate network? Is the vendor using device-level VPN or
application tunnels to ensure secure access to applications? How does the solution
enforce security policies that prevent data security breaches? How does the vendor
control what data each user has access to? How do vendors ensure that sensitive data
is removed when a device is lost or re-purposed? Can vendors guarantee that
unsynchronized data will not be lost? Does the vendor utilize a multi-tenancy
architecture? If so, how well is the data secured and what tests have been conducted?
Request assurances and proof that private enterprise information will not be accessible
via the public Internet.
Determine the Features and Functionality you Need and Question Potential Vendors
about their Capabilities: Certain features and functionality are more important to some
firms than others. Can the vendors you are evaluating provide the capabilities you really
need and, if so, to what depth? For example, how many and what types of security
standards are supported by prospective MDMs? While many MDM vendors provide
support for devices at an OS level, they may not support specific features inside the
devices. Choosing a more generic capability may be less expensive, but it may also
result in less functionality at the device level, particularly with ruggedized devices.
Organizations may also want to determine what mobile operating systems they plan to
support in the future. Knowing this is important because MDM vendors can typically
mandate that users’ devices be at a specific OS level in order to access the corporate
network.
Another important consideration related to functionality is form factor: What form
factors does your organization support – smartphones only or other devices too? How
will this evolve over time? Additionally, prospective customers should ask MDM
vendors what features are supported with each delivery model (on-premise, cloud,
appliance). Customers may also want to know if vendors can schedule 2-phase
deployments to gradually download files and install on a given schedule, or if the
solution has pro-active memory management. Experimenting with solutions “hands on”
will also help to clarify which solution best meets your needs.
Go Slow: Organizations new to MDM are advised to start with the basics and not try to
“boil the ocean.” Greater research of MDM technology and vendors upfront will
actually speed eventual deployment in the end. While it is recommended that a
mobility strategy and vision are in place, companies can start with basic tools before
embarking on an overly aggressive implementation. Once organizations are
110 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“We’re in the middle of the ‘hype
cycle’ of MDM. If PowerPoint
presentations worked and if press
releases were always true, we’d be in
nirvana. But we all know that in
technology, that’s not always the
case.” Alan Dabbiere, Chairman of
AirWatch
“There are a ton of organizations
that have sprung up within the last
couple of years. A lot of them are
just one-trick ponies in the MDM
space. Are they still going to be
around in two years? Five years?”
Tim Williams, Director of Product
Management, Absolute Software
comfortable managing the basics, they can leverage best practices and more
sophisticated tasks, such as analytics or integration with back-end applications.
Trust but Verify: Customers must do their due diligence in verifying vendor claims,
particularly around issues such as scalability,
usability, and security. Customer references
can be used to press on “hot button” issues,
but IT managers must go beyond supplied
references, seeking out non-reference
customers from industry contacts and other
knowledgeable sources. Asking specific
questions will also help to determine if a
solution will meet specific needs. Avoid being
drawn in by vendor graphics and fancy GUIs.
Bill DeWeese, IT Manager for Enterprise
Mobility at DynCorp International, provides a good example: “I started interviewing
MDM providers. I didn't know what I didn't know. I got a lesson on what I should be
doing, based on the vendors' marketing spiels. From there, I did my research, asked
more questions, and kept researching.”
Understand Vendor Structure: How will your vendor provide its solution, as one that is
developed and built in-house, or as something it provides through partnerships? While
neither approach is inherently good or bad, the structure of an MDM’s business may
impact how solutions are architected, implemented and integrated within a customer’s
existing infrastructure. In the case of partnerships, it may also impact the purchase
process – buying from multiple vendors instead of one. Additionally, customers will
want to determine if development is done in-house or through third parties, how new
features are provided, how often customers can expect updated functionality, and how
they can get access to those new features.
Understand Vendor Financial Stability
and Corporate Background: Given the
rapid entry of new firms into the mobile
device management market, customers
need to fully understand the financial and
operational strengths of the MDM vendor
they choose. Other considerations include
the length of time the company has been
in business; whether the firm is public,
private or venture capital funded; the
111 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
firm’s long-term prospects for success (particularly if the company is a start-up); vendor
profitability; and the vendor’s overall strategic plan and vision. Additionally, customers
should consider related technologies their suitors may be offering, the firm’s depth and
breadth of partnerships, the ratio of technical personnel to sales and marketing
personnel, and the company’s historical frame of reference.
Decide on a Point Solution or MDM as Part of a Larger Offering: Some MDM players
sell MDM solutions as their primary offering, while others provide MDM as part of a
larger offering, selling additional technology that includes client life cycle management,
terminal emulation, voice technology, and communications products and services, for
example. Customers need to decide if they are more comfortable with a “best of breed”
approach or with an integrated approach. Stewart Hubbard, VP of Technology
Operations at Coldwater Creek, believes that an integrated approach is important for
organizations needing to manage a large number of devices. Regardless of which
approach is selected,, MDM integration with existing products and third party solutions
is critical. Avoid vendors that are “islands” unto themselves.
Determine how much Support IT Administrators and Users Need: Vendors typically
provide direct or partner support for IT administrators, sometimes as tiered support
depending on the contract value, but this support is not always 24 x 7. If continuous
support is important to your firm, make sure your MDM vendor offers this as an option.
If direct support is important, make sure the vendor does not outsource support to
partners or other third parties. Ask about the amount of training needed to fully
understand the system’s capabilities, as well as professional service offerings. Inquire
about the vendor’s global support footprint. Determine if vendors offer the ability to
“talk” with other customers in on-line forums about best practices or common
challenges and concerns.
User support is generally provided in the form of an end-user portal. Can users self-
deploy their own devices, allowing for lower IT overhead? Do users need a specific
account for device enrollment (such as a Google email account if they are enrolling an
Android device)? If users call their IT administrators for assistance, can IT provide
remote support? Can IT see the same information on the user’s device that the user can
see? Is there local language support?
112 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“For every customer who is glad to
have Apperian as a cloud-based
provider, there’s another customer
who says they’re not ready to accept
a cloud-based solution. There’s a lot
of money to be made in the mass
confusion and hysteria of mobility
and the cloud.” Alan Murray, VP of
Product, Apperian
Decide on a Delivery Model: Are you most comfortable with an on-premise solution, a
hosted solution, an appliance, or some
combination thereof? If you choose one
option today but want to switch to a different
delivery model in the future, will your vendor
support that? At what cost? Are public,
private and hybrid options available for cloud-
based solutions with the vendors you’re
considering? While some MDM vendors
provide both on-premise and cloud-based
solutions, not all do both equally well.
Moreover, if a vendor’s MDM solution was
architected for one model but not the other,
transition may be difficult, if not painful.
Ask hard questions to potential vendors and make reasoned and deliberate choices
when deciding on a delivery model. Although Apperian offers only a hosted option, Alan
Murray, SVP of Product at Apperian notes that, “For every customer who is glad to have
Apperian as a cloud-based provider, there’s another customer who says they’re not
ready to accept a cloud-based solution.” Murray adds that, “There’s a lot of money to
be made in the mass confusion and hysteria of mobility and the cloud.”
Determine if Telecom Expense Management is Important: Telecom Expense
Management, or TEM, seeks to understand and control costs associated with telecom
equipment and services, including mobile devices and services plans. TEM uses
software to inventory telecom assets, enforce business processes, and manage access to
telecom infrastructure information. As network bandwidth explodes, TEM is expected
to play an increasingly critical role in mobile expense control, with real-time reporting of
user overages a key differentiator for some firms to get in front of the cost curve before
employees overspend their monthly allowances. Some MDM vendors, such as Tangoe
and Wavelink, offer robust TEM plans and come from deep TEM origins, while others
de-emphasize TEM or outsource this element to third parties.
Additional Considerations for Selecting a Mobile Device Management Vendor
Organizations that are implementing mobile device management or enterprise mobility
management infrastructure are strongly encouraged to take a holistic and strategic approach
toward implementation. This extends to the individuals who are part of the decision making
113 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
process. Individuals from the following organizational departments should be invited to
participate in device management decisions:
Information Technology, including:
o Security
o Networking
o Enterprise Mobility
o Developers
o Business Intelligence
o Global Consignment
o Technology Strategy
o Operations
o Software Development/Engineering
o Information Architects
o Engineering Client Services
o Business Information Systems
o Help Desk/Support Personnel
o Application Teams
Telecom
Business Group Users, including Sales, Marketing, Strategy and Logistics
Strategic Planning
Human Resources
Finance/Accounting
Executive Team
Furthermore, organizations should consider the creation of an ongoing working group
comprised of individuals from the groups mentioned above whose mission is to understand the
needs of the organization as they relate to mobility management. Questions that should be
answered include:
What is the organization’s policy on employee-owned versus corporate-owned devices?
How will the devices be used within the organization?
How can mobility improve customer satisfaction through greater efficiencies?
How can mobility improve employee morale while not wasting corporate time?
Where are areas that mobility could improve ROI by lowering or eliminating costs and
unnecessary procedures?
Who will pay for the devices and service contracts?
What happens if a device is lost?
What policies need to be in place when an employee leaves the company?
114 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
How will applications be downloaded (company store or market store)?
How will market apps be paid for (corporate volume purchase program)?
How much “roaming” do employees typically do and what roaming policies will be put in
place? What happens if there are overages?
POLICIES AND PROCEDURES Despite – and perhaps because of – the increased momentum of the BYOD movement, many
organizations continue to struggle with policies and procedures surrounding their employees'
use of mobile devices within the work environment. Should the IT department support the
personal devices employees bring to work and, if so, which ones? Or should IT managers force
employees to use devices the organization provides to the workforce to gain better control
over devices and applications, thereby lowering security risks? Who pays? How much? With
what frequency?
Table 14 provides suggestions for key criteria organizations should consider including in their
policies and procedures. It should be noted that mobile device policies and procedures are
highly individualistic, based on the needs of each organization. However, there are some
common threads that can be considered across companies and, in some cases, across
industries.
115 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 14: Considerations for Implementing Mobility Policies and Procedures
Topic Considerations
Purpose Explains the purpose of the document and the purpose of mobile device usage within the organization, including likely benefits, such as productivity gains and access to
information and individuals on a 24/7 basis. Policy Statement Provides the organization’s policies toward mobile device usage for business-related
purposes. This section may include high-level statements about the organization’s general policies toward employees using mobile devices, such as “If the organization requires an employee to carry a wireless communication device in order to perform his/her duties, the employee, with approval from his/her immediate supervisor and
appropriate senior administration officer or designee, will obtain a personally owned wireless communication device and access/service plan.”
Definitions These are typically listed at the beginning of the policy but could also be placed at the end. Common definitions include “departmental cell phones,” “wireless
communication devices,” “mobile communication devices,” and “wireless communications stipend.”
Eligibility This section defines who within the organization is eligible to be covered under the organization’s mobility policy. It answers questions such as: Will the organization
only provide support and/or reimbursement to senior officials, such as those employees at the director level and above, or will support be provided more broadly?
How will employees who only occasionally need support or reimbursement be handled, such as those who infrequently travel?
Tax Considerations If an organization provides a stipend to workers, policies and procedures should include a statement about reimbursements being subject to taxes, such as FICA,
Federal and State taxes.
Wireless Communications Contracts
Includes language around whether or not employees are responsible for choosing a service provider and negotiating and managing their personal contracts, procedures for payment if monthly minutes exceed allowed minutes, and policies surrounding
employee termination with the organization, vis-à-vis the mobile device. Employee Responsibilities
Includes requirements surrounding employee usage of the device, including personal versus business usage, usage and availability during business hours, renewal
guidelines, adherence to security standards, notification of telephone number changes, reporting lost or stolen devices, device contract termination, employment
termination vis-à-vis the device, and any requirements for justification of the device.
Departmental Responsibilities
Includes requirements for determining budgeting impacts for employee devices; mobile device needs of departmental employees; communication with payroll
regarding approvals, cancellations, or changes to departmental policies; and annual review of employees’ business-related mobile device usage.
Corporate Responsibilities
Includes verbiage surrounding the organization’s responsibility to inform departments, managers, and/or employees of any changes or updates to mobile
device usage policies. Reimbursement Policy
This section usually includes some type of matrix and lays out different levels or tiers of reimbursement for employee devices.
116 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Table 15 provides a sample reimbursement policy for different tiers of users, depending upon their mobility usage. This is an example for illustrative purposes. Organizations should take their own individual circumstances into account before finalizing any mobil ity reimbursement policy.
Table 15: Sample Reimbursement Policy Matrix
Tier Monthly Stipend Description
Tier 1 – Light Users $40 Light usage of mobile devices (450 minutes/month)
Tier 2 – Medium Users
$60 Medium usage of mobile devices (up to 900 minutes/month)
Tier 3 – Heavy Users $90 Heavy usage of mobile devices (over 900 minutes/month)
Tier 4 – Corporate users
$60 Users who require a mobile device for corporate email, calendar, and Internet access. May be provided as a
standalone option or in combination with Tier 1, 2, or 3.
117 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MOBILE DEVICE MANAGEMENT TRENDS ON THE HORIZON During the time we spent intensely researching the mobile device management market, we
kept a watchful eye on trends developing on the mobility landscape. We also asked senior
mobile device management executives, along with mobility vendors in adjacent markets and
MDM customers and partners, to share their insights on current and future trends. In the
following section, we highlight and discuss this collection of insights.
Mobility on Corporate Intranets: Many IT executives are looking toward mobility to
harness and distribute the wealth of corporate information that currently resides on
their company intranets. Nearly all companies have made significant investments in
terms of the information and content they put on their corporate intranets. Corporate
directories, marketing collaterals, and human resource information are examples of
typical content that workers could gain quick and easy access to anytime, anywhere if
made available to them on their mobile devices. The application store paradigm is often
cited as a model for distribution. Numerous MDM executives interviewed for this study
cited enterprise CIOs who plan to support intranet access, including opening up
SharePoint to mobile devices.
Analytics Will Play a Greater Role in MDM: Analytics is expected to play a growing role
in mobility in the coming months, as organizations increasingly identify and improve
processes on the back-end, improving relationships with key internal and external
customers. Areas where analytics can prove useful include:
o User Adoption and Productivity: User performance analysis.
o Infrastructure Reliability: Support cost analysis, service improvements, battery
analysis.
o Help Desk Operations: Help Desk analysis by group, Help Desk analysis by Help
Desk operators.
o Asset Utilization: Device utilization count by day, devices out of contact, unused
device count by group, unused device count by device type.
o Mobile Business Process: Key process analysis by group, key process analysis by
device type, key process analysis by user.
Blended analytics combines information from many different devices and can be used to
perform even greater analysis. For example, an organization could overlay operational
analytics (information gathered about specific technology and processes) on top of
118 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
application analytics to understand the impact from one area to another, such as usage
patterns and help desk usage when new features, device drivers, or applications are
added.
Document Management and Distribution through Mobile Device Management: MDM
vendors are increasingly offering document management through their solutions. In
this scenario, documents – such as Word, PowerPoint and Excel files – are pushed out to
user’s devices via corporate networks, obviating the need for an Internet connection
and lowering security risks at the same time. In cases of highly sensitive information,
users can only “view” the documents and not edit or copy them. In other cases, the
documents are only available during a certain window of time, during a scheduled
meeting, for example, and are then wiped from the device. Typical use cases for
document control include high-level Board of Director meetings and discussions
between government intelligence officials about classified information.
Cloud and Mobility are Increasingly Linked: Mobility and the cloud are increasingly
converging as organizations consider alternatives to on-premise installations.
Increasingly, back-end systems that mobile devices are “talking to” are tied to the cloud.
This is particularly true for companies that do not store highly confidential or personally
identifiable information in the cloud. While there remain security concerns about cloud-
based MDM, vendors are working hard to advertise their multi-tenant architectures,
along with separate databases for separate clients.
Technology is becoming highly complex and customers do not have now, and are
unlikely to have in the future, enough IT resources internally to dedicate to mobility
management. Officials at AT&T who are responsible for MDM solutions believe that
customers expect vendors to do more to help with their mobility needs, including
providing dashboard reporting and more detailed billing that includes MDM solutions.
The following testimony from one customer aptly describes the frustration felt by many
IT customers with regard to infrastructure management, and their resulting decision to
move mobility to the cloud:
119 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Transition from Device Control to Data Control: As the mobility market evolves, there
will be an increased emphasis on data control and less of a focus on device control. This
is the next logical step for companies who want to deliver and secure data and
applications, particularly as mobile devices increasingly leave the “walled garden” of the
corporate network.
Greater Emphasis on Authentication and Verification: Because users may have
multiple devices and data can be accessed from different places across devices and from
the cloud, identity management and single sign-on will be increasingly important in the
mobility market.
Mobility and Social Media: Along with the trends of BYOD and consumerization of IT,
social media is creeping into the enterprise. CIOs are wrestling with issues such as how
to handle Facebook accounts within a containerized environment supporting BYOD
users. Social media is also driving questions about which enterprise groups are driving
internal requirements. While the IT department has historically been responsible for
internal requirements, increasingly this is now falling to individuals from line of business
roles, including finance and marketing.
Some vendors report that IT managers are sometimes being by-passed, particularly
when mobile application vendors are involved. For example, Apperian describes
scenarios in which line of business managers in charge of increasing corporate revenue
“I'm tired of downtime. I'm tired of maintenance weekends. I'm tired of the DBA team having to take down my database for a weekend so they can do their patching and their upgrades. I need 24 x 7 support. If this department were my own business, I would expect a certain level of service from the infrastructure team, the server team, the database team, the web server team … and if I didn't get it, I would be able to fire that group and hire someone who can provide that service.
I don't have that in a corporate IT environment. I can't just fire the server team. But I could fire a vendor if that vendor wasn't performing, and I could go and find another suitable vendor.
I need uptime, I need reliability. And that's why I want to go to the cloud. The cloud vendor has more skin in the game to protect their data than I do. They don't want to be embarrassed and they're going to focus on that more than a full -time employee on my staff would.”
Bill DeWeese, IT Manager for Enterprise Mobility at DynCorp International
120 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
through applications build and roll-out the applications within their business groups,
only bringing IT in at the end to assuage any concerns about security or demonstrate
product functionality. Typically, the final decisions have already been made and IT
becomes an “Oh, by the way…” group.
Virtualization on Android Devices: A new development that has received increased
attention in recent months is the addition of virtualization on mobile devices. Why is
virtualization an increasingly vibrant topic in the MDM community? Virtualization is an
attempt by vendors to separate the personal and business components of the device,
particularly as BYOD surges in popularity. Most MDM vendors support the idea of
segregating a corporate sandbox environment on a device that allows it to be selectively
wiped if the device is lost or stolen, or if a person leaves the organization and takes the
device with them. At the same time, many MDM vendors prefer to remain agnostic in
terms of how they react to virtualization efforts by device manufacturers and other
firms. In addition, many MDM players have developed their own strategies for
sandboxing and segregating corporate and personal data, stating that virtualization is
not always relevant on their platforms. Even so, MDM players will continue to keep a
close eye on this technology in the coming months.
Several vendors have been developing mobile virtualization solutions to help enterprise
customers manage mobile devices in an increasingly BYOD world. Examples of
companies developing solutions in this area include Citrix, Red Bend Software and
VMware:
o Citrix is working with device manufacturers to integrate its virtualization capabilities
into the device hardware directly, offering a Type-I, or bare metal, hypervisor.
Citrix’s product, XenClient, divides the physical resources of the device, allowing
multiple operating systems to run side-by-side securely in complete isolation.
Corporate data is protected with disk encryption. XenClient is based on the same
technology as XenServer and integrates with Intel vPro hardware virtualization
technologies. Citrix offers three versions of XenClient:
XenClient: Targeted at enterprise customers for use with XenDesktop.
Delivery options include local, streamed, personal, shared and on-
demand apps.
XenClient XT: Targeted at organizations with very high security
requirements, including public sector customers. A thin Type-I client
hypervisor with hardened components and network isolation service VMs
allows multiple security domains and multiple networks on the same
system.
121 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
XenClient Express: Provides free bare metal local virtual desktops for
standalone use by IT professionals and software developers/testers.
Citrix XenClient partners include Dell, HP, Intel, Lenovo and Microsoft.
o Red Bend Software is promoting its mobile virtualization vision through its vLogix
Mobile solution. vLogix Mobile allows multiple guest operating systems to run
simultaneously on the same single- or multi-core processor. vLogix Mobile uses a
bare-metal architecture with a thin abstraction layer that sits directly on the device
processor and manages system resources to isolate the operating systems from the
underlying hardware. Resources that are common to more than one guest OS, such
as the CPU and real-time clock, are virtualized so that they can be shared between
various guest OSes that need to access such a resource.
o VMware has been working with Samsung and LG to build its hypervisor onto their
Android devices through Horizon Mobile, an effort to allow mobile devices to run a
second instance of the mobile OS, similar to the way in which virtualization works on
servers and desktops. Users can essentially see two phones running on a single
device and can switch from personal to business usage by touching an icon.
VMware’s offering – Horizon Application Manager – is based on its Mobile
Virtualization Platform, a Type II hypervisor that runs as a layer on top of an existing
operating system and provides access to Windows, SaaS and enterprise web
applications across different devices. Horizon Application Manager allows IT
managers to extend users’ on-premise identities in systems such as Microsoft’s
Active Directory to the public cloud, providing a single enterprise identity for each
user. Users can access a variety of applications with a single sign-on and IT
managers can track user activity through usage reports.
In this new twist on “sandboxing” – separating corporate from personal data – vendors
are offering partitions, using virtualization to sandbox the entire mobile operating
system. The result? Users can run two different operating systems on the same mobile
device, one for personal use and one for business use. As a result, users and IT both
retain control over their respective areas of data.
Because deep virtualization is currently limited to non-Apple devices, many MDM
executives are skeptical that it will see widespread acceptance. Additionally, MDM
vendors have been developing their own solutions for segmenting corporate and
personal data. As a result, while most MDM vendors are continuing to watch the
virtualization market as it relates to mobility management, virtualization on the device is
considered a “no-go” by several key players at the present time:
122 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
o Absolute Software, while convinced of the virtues of sandboxing, does not
necessarily see virtualization as the path to get there. Tim Williams, Director of
Product Management, notes that iOS is already sandboxed and that Absolute
Software leverages this in the way it manages iOS. Moreover, AbsoluteSafe is
Absolute Software’s homegrown solution for segregating and managing
documents and media files.
o Good Technology believes that there is a class of applications that, by the nature
of how they are being used, must be deployed as apps that run on the device
itself in order to deliver the best possible user experience, enable work to
continue even when connectivity is not available or is of variable quality, and to
take advantage of integrated device capabilities, such as telephony, location and
camera integration.
o McAfee believes that virtualized desktops are not a viable mobile solution yet
due to inherent problems of dealing with a smaller device, along with bandwidth
issues. This may improve and the industry is moving in the right direction but it
is not “nirvana” yet.
o Mformation believes that mobile devices increasingly have several
“personalities,” particularly given recent BYOD trends. Mformation is evaluating
virtualization technologies from VMware, Enterproid and other vendors who
provide virtualized MDM.
o Officials at SAP, while noting that they are actively working on virtualization
offerings and have already virtualized Afaria on the back-end, believe that the
market is not yet ripe for device virtualization, primarily due to issues with
carriers, who are unaccustomed to virtualized copies of phones, as well as
consumer advocacy groups, who may be opposed to pricing that moves toward
per mega-byte plans.
o Tangoe believes most customers do not fully understand mobility virtualization
or even care if a device is virtualized, as long as they can effectively segregate
personal and corporate data on employees’ mobile devices.
o Zenprise believes that, until virtualization works on iOS devices, it will be
challenging to adopt this technology for mobility because of the desire to
manage all devices on a single platform. In the meantime, Zenprise is moving
forward with its container approach (selective wipes of corporate email,
calendar and contacts, as well as selective wipes of documents), which it believes
achieves the same objective of protecting enterprise data.
123 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Mobile Phone Manufacturers Increasing Processing Power: In the coming months,
mobile phone manufacturers are expected to increase the processor power for mobile
devices. To work effectively, virtualized mobile phones need a dual-core device, which
is the case for most new Android devices.
124 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
CONCLUSIONS AND MOBILE DEVICE MANAGEMENT INDUSTRY SWOT ANALYSIS
With the speed, dynamics and ongoing changes within the mobility market, where does this
leave IT managers who are considering the deployment of a mobile device management
solution? The ensuing SWOT analysis, followed by additional commentary, provides a
summary of the MDM market, highlighting areas of both promise and caution for vendors and
customers.
STRENGTHS
MDM is a fast-growing market due to BYOD and consumerization of IT trends.
The MDM client base is highly motivated to select and implement MDM due to security concerns.
The expected continuation of device and OS fragmentation will further drive the need for MDM.
Many MDM vendors have received strong backing from venture capital firms, signaling confidence in this market.
Vendors will continue targeting enterprise customers not yet using MDM solutions.
The SMB market is largely untapped. International markets, particularly in
EMEA and APAC, represent real opportunities for MDM expansion.
Partnerships will continue to drive growth, resulting in mutual benefit for vendors and customers.
MDM players will continue to expand their offerings, including apps, security and TEM.
WEAKNESSES
The MDM market is very crowded, with over 60 players currently jockeying for position.
MDM vendors admit they have a hard time differentiating their offerings.
Customer concerns about security persist for cloud-based offerings.
Historic MDM ties to IT managers may preclude discussions with business groups, giving other category segments, such as MAMs and MEAPs, a competitive inroad.
Key competitive threats include MAMs and MEAPs, who offer a greater focus on end-user experience and are adding to their MDM capabilities.
Price erosion will continue as the MDM market becomes more commoditized, driving down margins.
Mergers & acquisitions have begun (SAP/Sybase, McAfee/Trust Digital) and are expected to accelerate in the coming months.
125 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Based on this SWOT analysis, we offer the following conclusions for consideration:
Mobile Device Management is now Mainstream: While MDM solutions were
considered novel only a few years ago, they are now a common part of most IT
infrastructures. Given the choice of delivery models, the range of players in the market,
and the manageable pricing – particularly for SaaS-based offerings – MDM solutions
offer a good value for organizations who want assurances that their corporate data will
not be compromised, particularly in an increasingly BYOD environment.
Additional Consolidation in the MDM Industry is Likely: While the MDM market is large
and growing, there are too many players to comfortably sustain this growth over the
long term. When evaluating MDM solutions, consider the possibility, indeed the
likelihood, that your chosen vendor may merge with, acquire or be acquired by another
player. Mergers and acquisitions are also a strong possibility between MDM and MEAP,
MAM and/or TEM players as companies seek to offer comprehensive solutions with a
broad portfolio of offerings in adjacent markets.
SMB and International Customers Will Increasingly be Targeted: While selling to
enterprise customers, particularly those in North America, has traditionally been the
preferred target market for most MDM players, attention is now shifting to new
markets, including small and medium businesses and international customers.
Strategies for attracting customers in these segments, including features and pricing
specific to these groups, is being developed and rolled out.
Data is King, Devices are Secondary: While device management had traditionally been
the focus of MDM vendors, data management is now key. The ways in which personal
data is kept separate from business data will be an ongoing debate in terms of vendors
offering a platform approach versus those who offer a container approach. Device
virtualization will also be a technology to watch.
User Experience and Security will Come Together: While MDM has traditionally
focused on security while MAM has stressed user experience, vendors recognize that
both are important. As such, there will be a gradual but steady movement toward the
center for these two paradigms, along with a corresponding shift in the offerings,
partnerships and collaboration efforts between firms in both spaces.
Finally, research and investigation of MDM portfolios will be critical to find the best
solution to meet individual organizational needs. MDM vendors, while similar on the
surface, are different in terms of a number of key factors, including the type of delivery
models they use, their partnership ecosystems, the ways in which they provide
administrator and end-user support, and their approach to security. In our discussions
126 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
with MDM executives, we were repeatedly told that “the devil is in the details,” “trust
but verify,” and “look beyond the hype.” Speaking with reference customers, non-
reference customers and partners is essential in gauging satisfaction and the best “fit”
between organizational needs and MDM solution offerings.
127 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
APPENDIX: VENDOR PROFILES
Mobile Device Management Vendors
Absolute Software www.absolute.com Mobile Platform Support
Apple iOS 4 and later
Android 2.2 and later
Windows WP 7 (future)
Absolute Software describes itself as a leading provider of firmware-embedded endpoint
security and management for computers and mobile devices, providing organizations with
visibility and control over all of their endpoints. As such, Absolute Software has traditionally
viewed mobile device management as a larger component of the IT ecosystem, and client
lifecycle management as a part of its end-point management and end-point security model.
Tim Williams, Absolute Software’s Director of Product Management, states that the ability to
provide truly unified management tools for client lifecycle management and mobile device
management is relatively unique within the industry and a critical differentiator for Absolute
Software.
Absolute Software believes that its approach to mobility fits well with the trends that are taking
place in the market today – the convergence of security and management, along with a device-
agnostic approach to management. Absolute Software has solid relationships with desktop
support groups that are already managing computers and software and believes the same
individuals who perform software license work are also managing applications for mobile
devices.
When addressing customer concerns about consolidation in the mobile device management
market, Absolute Software stresses its longevity as a provider of end-point security systems –
18 years – adding that it “did not just emerge to chase a trend.” Instead, Absolute Software
believes that MDM is integral to what it has been doing throughout its history.
Absolute Software believes that mobile device management infrastructure must integrate with
customers’ existing environments. Tim Williams states that while end-point devices may
change frequently, a customer’s Windows data center will not. Similarly, most Active Directory
or Open Directory network infrastructure will remain relatively constant. Williams emphasizes
Absolute Software’s ability to leverage and integrate existing corporate resources. For
128 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
example, Absolute Manage Server, Absolute Software’s MDM solution, can be installed on
either a Windows or Macintosh system.
Absolute Manage MDM is Absolute Software’s fastest growing business and the company is
cross-selling its MDM offering with other products, using its existing relationships with
customers to promote MDM. At the same time, Absolute Manage has “opened doors” with
MDM customers to promote Absolute Software’s other offerings, such as endpoint security
solutions.
In mid-2011, Absolute Software released AbsoluteSafe, an application that provides granular
control over corporate data stored on iOS devices. AbsoluteSafe functions as an application on
a device but is managed through policies on the Absolute Manage console. Absolute Manage
can set policies that allow a device or group of devices access to certain documents based on
different criteria, such as Active Directory, a group, the company, or a department. Once a user
is assigned by policy, the documents are available on the device. Additionally, Absolute
Software can add restrictions to the documents, such as disallowing the document from being
copied outside of AbsoluteSafe. Similar restrictions apply to emailing, printing, or saving
outside of AbsoluteSafe, providing a secure alternative to services such as Dropbox.
AbsoluteSafe also provides an avenue to delete company documents if iOS users remove the
management profile on the device and opt out of device management; in this scenario the rest
of the device would not need to be wiped.
Absolute Manage can distribute in-house and market applications and can host in-house
applications. Absolute Apps is an on-device, self-service portal that allows users to get
applications that are assigned to them by policy, whether they are third party or in-house
applications. Absolute Apps allows users to tap and install from a single user interface, thereby
avoiding a trip to Apple iTunes or Android Market. Absolute Manage is still going to these sites
“under the covers” but it allows users a more seamless experience by presenting the
applications in a single location.
Absolute Manage also integrates with Apple’s Volume Purchase Program, attaching and
embedding VPP codes and centrally reporting the codes when they have been redeemed.
Absolute Software does not provide any of its own application development, preferring instead
to allow large enterprises to continue with their work in this area as a continuation of the
application development they have done in the past on desktops and mobile devices.
While Absolute Manage has no inherent limits to scaling, the largest current customer
installation is approximately 50,000 end-points. While it can see when users are roaming and
report on that activity, Absolute Software does not provide telecom expense management
services currently, noting that this functionality is “well outside” of the purview of IT today.
129 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Absolute Software’s Tim Williams notes that the company is exploring partnerships with TEM
vendors because it “makes sense as an adjacent space.”
AirWatch www.air-watch.com Mobile Platform Support
Apple iOS 3 and later
Android 2.2 and later
BlackBerry V4.0 and later
Symbian 3 and later, S60
Windows Windows Mobile 5+, WP7 and later, Windows CE
In business since 2003, AirWatch has seen its growth surge in the past year as more companies
realize the benefits of mobile device management solutions. Highlights of AirWatch’s success
include:
Five of the top 10 US retailers are AirWatch customers. AirWatch is in pilot
deployments with three of the remaining top retailers and in discussions with the final
two.
A Customer base of over 1,500 customers.
Single MDM deployments exceeding 50,000 devices, growing to 100,000+.
Employee growth from 450 employees in February 2012 to an anticipated 800+ by the
end of 2012.
o Approximately one-half of AirWatch employees are focused on R&D.
The addition of 100,000 square feet of office space to support its growing operations.
AirWatch added security functionality to its MDM product in 2011, including a Secure File
Locker that allows AirWatch to secure files and email attachments so that users may view the
information but may not cut, paste, forward or view the information offline. For highly
sensitive information, AirWatch can retain the data on AirWatch servers and not push it down
to individual devices, effectively removing any ability to view a document when the application
is closed. AirWatch offers basic, LDAP and proxy user authentication and distributes content
based on a user’s role, device group or ownership. Content is fully organized and allows users
to search, filter by favorites and view by most recent documents.
130 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
AirWatch also added a Secure Browser to its MDM offering, restricting where users can go on a
corporate-liable device. For example, luxury retailer LVMH will use the AirWatch platform in all
63 of its global companies to help customers in the buying process, using iPads as kiosks. The
iPads will be locked on “Sephora TV,” for example, to help in the sales process.
AirWatch’s SDK library provides a set of security functionality for iOS enterprise applications.
Key functionality includes jailbreak detection, single sign-on, certificate integration, application
usage monitoring, data usage reporting, data encryption for data stored within an enterprise
application, remote wipe, and geo-location tracking and fencing. According to AirWatch
Chairman Alan Dabbiere, “Virtually every mobile Point of Sale vendor has ‘baked’ this
functionality into their product.”
AirWatch offers three models of its mobile device management offering, including on-premise,
SaaS and an appliance, allowing customers extensive flexibility in choosing an option that best
meets their needs. Dabbiere believes it is very difficult to pivot from a single-tenant on-
premise architecture to a multi-tenant SaaS offering and cautions prospective MDM clients to
verify multi-tenant architectural claims made by MDM vendors.
AirWatch sees partners as critical to its success and believes the AirWatch network of partners
is a key differentiator for the company. AirWatch believes that customers want to purchase
from vendors that utilize a rich ecosystem with seamless integrations between all the players
and moving parts. Dabbiere emphasizes the importance of remaining relevant to key partners
such as Apple, Samsung and HTC so that these vendors will continue to provide APIs for deep
integration. AirWatch’s Chairman also notes that, because some partners utilize AirWatch
MDM but re-brand the solution as their own, AirWatch has a larger global footprint than may
be readily apparent.
Dabbiere cautions prospective MDM customers to be concerned about vendors without a rich
partner community. Dabbiere also urges prospective customers to consider the long-term
viability of MDM vendors, evaluating the likelihood that vendors will still be viable players in
five years, along with vendors’ global footprint. A rich partner community can help in both
respects.
AirWatch typically encounters three categories of customers:
Customers who have no doubt that they will utilize an on-premise solution. These
clients are typically large enterprises who utilize mobile devices primarily within a
corporate establishment or via Wi-Fi. Customers in this category are generally not
interested in a cloud-based model.
131 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Smaller companies that do not have the infrastructure to manage an on-premise
solution. Clients in this category typically have less than 100 devices to support and do
not have the technical competence to manage mobility. These customers typically only
evaluate SaaS solutions.
Companies in between who are interested in both on-premise and SaaS but are unsure
about the direction in which they will go. Customers in this category may let
functionality or vendor persuasion determine their ultimate choice.
AirWatch customers who sign up for one model but later decide to change to another model
can do so easily, according to Dabbiere.
Alan Dabbiere believes that MDM is a necessity for IT departments today, noting that “IT
managers are not making decisions on whether or not to implement MDM. Instead they’re
making qualitative decisions on who is the best MDM to install. That’s why most of our focus is
on developing and honing our marketing to demonstrate that we’re the best value at the least
cost.” AirWatch believes it offers the greatest functionality at the lowest cost in the crowded
MDM market.
AirWatch supports customers in over 15 vertical markets, with a strong focus on government,
healthcare, retail, manufacturing, and technology. Sixty percent of AirWatch revenues come
from North America, with 25 percent from EMEA and the remainder from Asia Pacific.
Approximately 70 percent of AirWatch revenues are derived from SaaS deployments, 20
percent from on-premise and 10 percent from the AirWatch appliance.
AT&T www.corp.att.com/enterprise/manage-protect-mobile-assets Mobile Platform Support
Apple iOS 4 and later (McAfee); iOS 3 and later (MobileIron)
Android 2.2 and later
BlackBerry v5.0 and later (Mobile Iron); Basic Support (McAfee)*
Symbian Basic Support (McAfee)*
Windows Mobile v5.1 (MobileIron)
Windows Phone WP7, No EMM agent required (McAfee); WP7 (MobileIron) * Basic support includes the ability to perform remote wipe (restore factory settings) and require use of a password or PIN to unlock.
AT&T believes that mobility is a key technology driver impacting organizations worldwide.
Within AT&T itself, mobility has become a major focus at all levels of the organization. Due to
the speed at which the mobile device management market is moving, AT&T chose to partner
132 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
with best-of-breed vendors instead of building its own MDM platform. These vendors include
Good Technology, McAfee, and MobileIron. AT&T officials believe that AT&T’s ability to
compete in what is has become a “land grab” market will center on its ability to adopt a nimble
approach and continue investment in an expanded partner portfolio. AT&T will add value by
integrating with other offers and capabilities as customer needs change over time.
AT&T, which also partners with several MEAP vendors, believes that there will be greater
integration of MEAP and MDM capabilities in the future, particularly as customer requirements
become more sophisticated in terms of custom applications they can use to differentiate
themselves. AT&T believes most MDM vendors should move more quickly and aggressively in
order to exploit these opportunities. AT&T states that it will continue to invest in MDM/MEAP
integration, a category it refers to as Governance and Administration.
In working with partners, AT&T is focusing on APIs to ensure deep integrations and the ability
to leverage the full functionality of available platforms. AT&T is also pushing to expand its
partner ecosystem whenever possible, taking advantage of opportunities to partner with its
partners’ partners when there is mutual benefit. Through its partnership with MobileIron, for
example, AT&T was introduced to work that MobileIron has been doing with Cisco in Europe.
Other areas where AT&T plans to focus in the near term include enhanced application
management and integration with TEM governance and administration, as well as security,
including anti-virus, anti-malware, and anti-spam capability. Additionally, AT&T will focus on
the impact of connectivity on security (such as blended SSL/VPN connectivity). Longer term,
AT&T plans to focus on identity and personas, including ways to build better capabilities for
customers in order to manage their BYOD environments, such as segmenting and containerizing
personal and corporate data. While security will continue to be a focus for containerized
solutions, AT&T looks to provide future enhancements and development around containers for
expense management. Ultimately, AT&T envisions putting a separate voice and data plan
associated with a container on each user’s device, adding that customers have been very
enthusiastic about such an approach due to the accounting efficiencies it would provide.
Delivery models are an additional area of interest to AT&T, including not just on-premise and
cloud, but hybrid combinations as well. Helping customers decide which approach is best and
how to manage their preferred infrastructures is of critical importance to AT&T, particularly as
customers shift their preferences for different delivery models. AT&T notes, for example, that
at least 50 percent of the demand it is currently seeing for MDM is coming from customers
interested in a hosted environment.
AT&T has analyzed its maintenance and support offerings within the context of MDM in trying
to determine the best cost structure to use to effectively operationalize support. AT&T will
133 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
likely continue to target enterprise and SMB organizations, with less of a focus on deployments
of 50 users and below. As more organizations move to a cloud-based MDM model, support
becomes more comprehensive for providers in terms of taking responsibility for tasks such as
moves, adds, changes and deletions, as well as full back-end administration.
BoxTone www.boxtone.com Mobile Platform Support
Apple iOS 4 and later
Android 2.2 and later
BlackBerry 4.x and later
Palm/HP WebOS
Windows Mobile Windows Mobile 5.x and later, WP7 and later
BoxTone is unique in the mobile device management market due to its history as a provider of
enterprise systems management and performance monitoring management solutions.
BoxTone targets F2500 customers and a large percentage of federal government agencies. Key
BoxTone verticals include finance, government, insurance, healthcare, and retail. The company
also targets distribution and transportation companies (because they behave like regulated
industries), as well as professional services and legal firms (because they support regulated
industries). Additionally, BoxTone has benefited from a spillover effect: many customers
approach BoxTone with the knowledge that it supports vendors such as CitiGroup, Kaiser
Permanente, BT, or the US Department of Defense and has been vetted by these organizations’
rigorous standards.
BoxTone states it has over 1.2 million devices under management by its customers directly or
via managed service providers, including:
Four of the five largest US banks
Eight of the top 10 MSPs (include large MSPs such as BT, CSC, Dell, Fujitsu, HP, IBM, and
Xerox/ACS)
Four of the five largest US federal government agencies
BoxTone also partners with handset manufacturers and mobile operating system vendors.
BoxTone believes it has three key advantages in the highly regulated industries it targets:
134 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Customer Comfort with a Known Entity: Having an ITSM service management
background means that BoxTone is familiar to regulated F2500 companies. As Brian
Reed, BoxTone’s Chief Marketing Officer, explains, “We look, smell, act and behave the
way they run their IT departments. We speak the language. Metrics, compliance, data
accuracy, real-time statistics, and integration with infrastructure to leverage existing
systems really does matter.” Vendors that have already made a decision around BMC,
CA, HP or IBM already have processes and best practices to which they operate wrapped
around ITIL and ITSM.
Speed of a Ferrari with the Strength of a Sherman Tank: BoxTone has been providing
MDM solutions for six years and prides itself on its high performance, bullet-proof
platform and a “do no harm” mantra. Additionally BoxTone differentiates itself from
competitors by highlighting its rugged, high-availability, high-reliability, and industrial
strength capabilities that F2500 and highly regulated companies gravitate toward.
Modular Architecture: BoxTone states that, while its product can address the entire
lifecycle of enterprise mobility management, the offering is divided into modular
components so that customers can buy the platform and start with individual modules.
According to Reed, “The modular approach – buy the platform and the modules you
need – is like a razor and razor-blade model that makes it easy for customers to start
and grow. We’re a ‘low-friction’ choice.” BoxTone can run multi-tenant architectures
for customers who require this for separation of data reasons.
BoxTone provides three solution suites comprised of six modules. The BoxTone Mobile Security
Solution provides traditional MDM capabilities, focusing on security and compliance
management for deployment of devices/apps, change management and mobile data
protection, plus asset and expense management for tracking assets and utilization. Extending
from MDM, the BoxTone Mobile Support Solution includes service desk management and user
self-service for remote trouble shooting and quick repair. When mobile users have an issue
with their device or applications, the support team or users themselves can quickly look up the
status, see what the problem is through automated diagnostics, and see how to fix it with the
embedded knowledgebase of repair recommendations. Extending from MDM, BoxTone
Operations Management Solution delivers incident management and performance
management, including back-end IT operations monitoring of all the mobile services between
the data center and the devices to make sure the applications are running, the services are
reliable, VPN is functioning, Wi-Fi is working, and application response times are adequate. If
not, alerts are sent to IT when there are failures that must be diagnosed and fixed. BoxTone
believes that quality of service and security are both critical for mobility and both should be
given equal weighting.
135 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
BoxTone offers an on-premise MDM solution and a private cloud version of MDM, believing
that highly regulated and government customers who want a cloud model are more
comfortable with private clouds due to data protection issues and organizational policies.
Notes BoxTone’s Reed, “We're not trying to boil the ocean and own the whole market. We
deliver solutions to match what customers need with a focus on the complex requirements of
the F2500 and regulated industries.”
Similarly, BoxTone does not compete on price, acknowledging that it is a premium solution for
the hardened platforms it provides. BoxTone states that its platform was built as a J2EE
application and is componentized and runs on a J2EE backbone, allowing it to scale horizontally
and vertically. For example, the average BoxTone customer deployment is 2,500 devices;
BoxTone’s largest customer has over 85,000 devices on a single instance of software. A
BoxTone MSP customer has a cloud service running hundreds of thousands of devices off a
single instance in their cloud.
BoxTone provides application management, including application deployment, monitoring,
updating change management, remote wipe, and audit inventory for compliance. The company
offers an Enterprise App Catalog for customers who want internal application management and
control. For customers who want to build their own applications or are using third parties to
build applications and want a broader level of functionality, BoxTone partners with Apperian.
According to Reed, “BoxTone will never go into the app development world because it’s not
core to what we do. We’re the device and application management backbone. Apperian
provides expertise in application development and SDK development with its EASE platform.”
In BoxTone’s portfolio of modules, Apperian is one of the application development and
management partners. Points of integration with Apperian include security, configuration and
change management, all of which plug into BoxTone’s engine. As BoxTone users get
provisioned, they are also provisioned for either the BoxTone enterprise app catalog or the
Apperian EASE application catalog, with BoxTone pushing down appropriate enterprise
applications for each user. Apperian plugs in and becomes a piece of the BoxTone
infrastructure that is already servicing the users that do security compliance, asset
management, service desk automation, user self-service, and incident and performance
management. Apperian becomes another node to help BoxTone deliver application
functionality.
BoxTone’s Reed states that the company has a “really interesting constellation of partners”
with whom it integrates, providing IT managers with an abundance of choice. In addition to
BoxTone’s partnership with Apperian, the company also has a partnership agreement with
Good Technology where BoxTone provides real-time service desk, incident and performance
management for the Good FIPS-certified secure messaging container. In addition, according to
136 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Reed, enterprise IT managers can choose Good’s MDM technology, BoxTone’s MSM
technology, or both. Concludes Reed, “It’s better to partner with another company and
leverage their innovations and hard work, especially if they have the IT, installed base and
established expertise. Then you can just bring their technology into the fold.” BoxTone plans
additional partnership announcements in 2012 with both small and large best-of-breed
vendors.
BoxTone’s Reed notes that much of the integration built into BoxTone’s platform is a function
of the software already in the data center, adding that BoxTone uses high performance and
secure connections to interact with other systems. For example, a customer may have HP's
event monitor running in the data center and then request BoxTone in their private cloud.
BoxTone will send events through the customer's encrypted VPN tunnel to HP's event console,
which is already running in the customer's on-premise data center.
The founding members of BoxTone included individuals with systems management and
application performance management experience. In 2005, BlackBerry’s rapid penetration of
the enterprise drove BoxTone toward the emerging enterprise mobility market. A private
company, BoxTone does not divulge annual revenues. It notes, however, that it is growing and
doubling its revenues annually.
Fiberlink www.maas360.com Mobile Platform Support
Apple iOS 3, 4 and 5 (directly or through ActiveSync)
Android 2.2 and later (directly or through ActiveSync)
BlackBerry v5.0 and later (directly or through ActiveSync)
Kindle Fire (directly or through ActiveSync)
Palm/HP WebOS (through ActiveSync)
Symbian S60 and Symbian ^3 (directly or through ActiveSync)
Windows Windows Mobile 6.x, WP7 (directly or through ActiveSync)
Fiberlink is one of the few MDM vendors to offer a cloud-only solution – its MaaS360 offering.
MaaS360 was initially introduced in 2007 as a tool to manage laptops and desktops; in 2010,
Fiberlink added support for smartphones and tablets. Fiberlink supports mobile devices directly
from its MDM platform, as well as through Exchange ActiveSync and Lotus Notes Traveler.
Fiberlink believes that a key differentiator of MaaS360 is that it can seamlessly integrate with
customers’ existing infrastructure, such as Microsoft Exchange or Lotus Notes, sitting alongside
137 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
that infrastructure, and not in the same mission critical path. As a result, MaaS360 will never
cause a mail outage and will continue to operate even when other systems may not.
Fiberlink positions itself as an enterprise mobility management vendor, what the company
believes is a higher-level category than mobile device management. Fiberlink believes that
mobile device management, application management, document management, expense
management and security management are all just different components of EMM.
Financial services constitutes the largest industry vertical for Fiberlink, with between one-
quarter and one-third of all Fiberlink customers in this category. Financial services customers
include those in banking, securities investments, and insurance firms. Health care, another
highly regulated industry, is Fiberlink's second largest vertical and includes providers, payers
and life sciences companies. Professional services represent its third largest vertical, followed
closely by the high-tech industry.
In addition, Fiberlink notes that it is doing “quite well” with sales to the federal government,
including recent wins based on Fiberlink's cloud-based approach. In early 2011, for example,
the US General Services Administration chose Fiberlink for its cloud-based device management
solution. Fiberlink is managing GSA's smartphones and tablets, as well as desktops, laptops,
and some servers. Fiberlink also provides workstation power management services to GSA.
Fiberlink provides support for Apple, Android and Windows Phone 7 market applications, as
well as private application catalogs, including recommending applications to enterprise
customers from public application stores. The company is considering providing a service that
would highlight popular applications to customers based on data gathered from their service.
All application development at Fiberlink for MaaS360 has been done internally.
Fiberlink strives to foster a sense of community among its customers, primarily through its
“MaaStersCenter,” an online community that includes an expert’s forum, past and future
webinars, weekly tips, and a Q&A forum. Fiberlink states that it is the largest online community
solely dedicated to MDM. Fiberlink also has links to social networking sites, such as Facebook,
Twitter, and LinkedIn. Additionally, users can “Suggest a Feature” for upcoming releases.
Fiberlink’s blog has articles on cloud computing, mobility management, endpoint management,
policy management, managed services, and other topics of interest to the MaaS360
community. In the future, Fiberlink plans to leverage its cloud-based platform to help specific
customers. For examples, customers could post questions such as “What is the average pass
code length for organizations in the health care industry?” or “What is the most common
application that is blacklisted in financial services firms?” Fiberlink would like to foster peer-to-
peer interaction to share best practices.
138 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Fiberlink believes that its ability to rapidly push out new software releases is a key differentiator
in the crowded MDM market. According to Neil Florio, Fiberlink's VP of Marketing, “Our
approach is to do a release every three weeks, sometimes sooner. These are typically releases
with new features and functionality added, and we make this available instantly to all of our
customers with no action required on their part.” Jonathan Dale, Product Marketing Manager,
adds that, because of MaaS360’s one-to-many relationship, all Fiberlink users are on the latest
software release at the same time while also maintaining the ability to configure their own
systems to meet their individual needs, such as leveraging specific features and editing
customized reporting.
Fiberlink uses its own infrastructure for cloud hosting, built since 2007 using in-house
technology. Hosting is done at a data center located at Fiberlink’s headquarters in Blue Bell,
PA, as well as additional data centers that are geographically located for redundancy and fail
over. Dale notes that, with its history of over three billion mission critical authentications
worldwide across its network, Fiberlink felt that it had sufficient expertise to build its own in-
house solution.
When service providers approached Fiberlink about running the MaaS360 software, Fiberlink
agreed to let carrier partners offer their own services that are powered by MaaS360. Examples
include Vodafone UK, a long-time Fiberlink partner, and more recently O2. In essence, Fiberlink
will allow any partner, including carriers, VARs or resellers, to brand an instance within
MaaS360 and offer it as their own. On-boarding partners is a simple process since the partner
does not have to set up any infrastructure.
Another partner category with which Fiberlink is finding success is that of telecom expense
management (TEM) vendors. Standalone TEM vendors may have a customer base without
mobile device management service. With Fiberlink’s MaaS360 platform, both parties enjoy
mutual benefits. While Fiberlink does provide some expense management services, most of its
focus is on data services, not voice services.
Fiberlink highlights its focus on end-user experience, stating that it seeks to ensure that device
enrollment is straightforward and efficient. Once enrolled, Fiberlink tries to anticipate the type
of interactions users will need. For IT administrators, Fiberlink strives to make system set up,
management and support a streamlined and straightforward process. For example, when a
customer signs up for MaaS360 service on Fiberlink's web site, Fiberlink creates a billing
account for the customer, ties it into Salesforce and Fiberlink's own internal billing and finance
systems, and assigns the customer rights and responsibilities, all in the background. According
to Dale, “The process takes only two minutes. The customer instantly gets access to the
platform to manage the devices and can begin to instantly enroll those devices under
management.”
139 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
The MaaS360 platform currently manages over 1 million endpoint devices.
When addressing customers’ security concerns surrounding cloud-based architectures, Fiberlink
points to its list of certifications, including SAS-70 Type II, FISMA, FIPS 140-2, and HIPAA. Neil
Florio notes that, “In any good multi-tenant platform such as Fiberlink’s, strong security walls
are set so that customer information is never crossed.”
Fiberlink increasingly sees managers from outside IT organizations as drivers of mobile
solutions, particularly for applications. Key mobile constituents include sales and marketing
executives who may want to distribute documents to their staff, for example. Accordingly,
Fiberlink has modified its sales messages to meet the needs of these groups.
When responding to customer concerns about consolidation in the mobile device management
industry, Fiberlink states that it has been in operation for 20 years with consistent investors and
mature processes. Fiberlink officials note that the company has been profitable and cash flow
positive for the past several years. Fiberlink representatives insist the company will remain
focused on growth and customer service.
Good Technology www.good.com Mobile Platform Support
Apple iOS 4 and later
Android 2.2 and later
Symbian S60
Windows Windows Mobile 5.x and later, WP7.5
Good Technology is best known for its container approach to mobile security and device
management. Good believes that in order for IT managers to truly prevent corporate data loss
and comply with regulations, greater emphasis should be placed on “data” management versus
“device” management, since managing the device alone is generally neither sufficient nor
necessary to prevent data loss and meet corporate security and compliance requirements,
which is the ultimate goal of most IT managers. Good focuses on ensuring security, data loss
prevention, and compliance as its primary objectives, with device management a secondary
objective.
140 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“Good solves the real problem: if IT
managers can have control of the
data and control how the data is
used in the context of the business
applications, then they don't have to
worry about data leakage because
they are deciding where the data is
being shared, not the end-user.” John
Herrema, SVP, Corporate Strategy, Good
Technology
In managing mobile data and applications, Good’s approach is to allow IT to more explicitly
control the mobile applications that actually use and store sensitive corporate information.
Through its Good Mobile Control management console, and its Good Mobile Messaging and
Good Mobile Access applications, Good has built
policy and data-loss controls into the key
applications that are most frequently used by
knowledge workers daily. This approach gives IT
managers the ability to apply policy to these apps
specifically, without impacting the user’s overall
personal experience. This includes the definition of
application password policies; policies to allow or
disallow cut, copy and paste into or out of these
applications; and policies to determine which
applications should be allowed to open or share
corporate email attachments or other corporate
documents.
In addition, IT administrators can decide if they want to allow corporate address book data to
be synchronized with the device’s native address book and, if so, which fields should be synced.
For example, corporate Address Book entries have a ‘notes’ field, which frequently contain
entire internal email threads. Good’s customers will frequently block the sync of this particular
Address Book field because they do not want third party apps using “open” native Address
Book APIs to extract and replicate this potentially sensitive data. Because the Good
applications themselves have these policy controls built into them, IT managers can decide how
much or how little data they want moving from the business environment to other applications
and vice versa. In essence, Good is using its containerization approach to not only apply
encryption, selective wipe, password controls and similar settings, but to build policy controls
that actually govern the behavior of “business” applications and how they share data with one
another.
Recognizing that it cannot build every application its customers might want, Good has taken the
same underlying “plumbing” and security framework that it uses in its own applications and has
made this available to developers as a set of libraries through its Good Dynamics mobile
applications platform. If a customer wants to build an internal application for employee use,
they can use the same security model, management framework, and compliance framework
that Good has built into its own applications, providing IT managers with the ability to manage
policy collectively across those applications. Applications are able to share data and inter-
operate with one another while limiting exposure to other parts of the device, particularly on
the personal side. As a result, Good believes customers achieve the degree of openness they
141 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
want without unnecessarily exposing corporate data to loss and leakage. This framework is
also available to third party ISVs and Good has already partnered with leading business and
productivity app providers such as QuickOffice, iAnnotate, Box.net, Roambi, and many others.
Good sees its approach to data and application security and control as the primary difference
between how it approaches the market vis-à-vis competitors, noting that MDM solutions are
limited to what the underlying platform’s MDM framework and/or APIs support. While Good
also supports these frameworks and APIs, it does not believe this model, on its own, is secure
enough to prevent data loss and leakage, especially in the current BYOD environment where
disabling app stores and services like iCloud, or “blacklisting” apps such as Dropbox, are not
realistic options. Good notes that most of its customers are security-conscious or in highly
regulated industries, such as financial services, health care, life sciences, and government.
Other verticals Good routinely supports include management and professional services, legal,
and “high technology” customers such as those in software, aerospace, semi-conductors, or
pharmaceuticals who have strict requirements to maintain the confidentiality of their
intellectual property.
Good also believes its approach toward data management helps to avoid inherent problems
with application blacklisting. For example, employees using a personal mobile device may use
services such as Dropbox in their personal lives that otherwise present security and compliance
risks in a corporate setting. Without sufficient control built into “business” applications, IT
managers may be unable to prevent employees from using Dropbox or syncing their data to
iCloud. Alternatively, they may be forced to disable or “blacklist” such apps, which leads to
unnecessary friction and impact on the user’s personal experience. While services such as
Dropbox are not malware, using them in a business setting exposes the enterprise to potential
data leakage and loss scenarios.
Good believes that a fundamental consideration enterprises need to make is whether or not
they are introducing or expanding a BYOD policy. If so, there may be implications from a
security standpoint. Explains Good Technology’s John Herrema, “At the end of the day in a
BYOD environment, IT cannot lock down the user's device because users will not accept this.
Companies will have a dilemma: If they are trying to set a password on a device because they
need to secure the device, there will be pressure from users who are annoyed they have to log
in and enter a password whenever they access their device. IT will face pressure to ‘dumb-
down’ its policies and allow a 4-digit numeric PIN, which undermines the value of encryption.”
Good believes that when companies take this approach, they are opening themselves up to
brute-force attack, even by a very mediocre attacker.
Good believes that any MDM solution – whether on-premise or hosted – must control the flow
of data and prevent data from being lost into other applications and services. Good believes
142 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
that, because the data is starting from behind a firewall, applying encryption and other security
controls in the “cloud” after the data has already moved from behind the firewall necessarily
creates man-in-the-middle security issues. As a result, Good’s approach with its own
applications and with Good Dynamics applications ensures that any piece of data is always
encrypted and compressed before it leaves the firewall and traverses any public network. Still,
many observers believe that offering both an on-premise and cloud-based approach is
important for mobile device management and Good may eventually redeploy its solution in the
cloud if it can address security concerns.
Good states that it does not utilize virtualization. Why? Good customers are using their
applications in mobile environments where connectivity is not always available, not always low
latency, or free. Because customers want off-line access to data and an optimized user
experience that takes advantage of native capabilities, Good does not believe that extending
virtualization down to smartphones is appropriate to deliver many applications, with Good
Mobile Messaging being a good example of the type of app that simply works better and allows
for greater productivity and resiliency because it is implemented as a native application, not a
virtualized application. Good believes that for many classes of applications, customers and
their end users want their data to integrate with the behavior of the device and that certain
classes of applications, due to the nature of how they are being used, where they are used or
how frequently they are used, must be on the device. One example is insurance claims
adjusters who take pictures of accidents, secure the data, attach it to a form and relay the
information back to a relevant application server. Good also recognizes that Apple does not
allow virtualization on its platform, and given the popularity of Apple devices today, believes
this is a major hurdle to virtualization.
Good provides support for customers who want to provide private and public applications to
their employees, as well as integration of these applications with back-end systems. Good
notes that it has been “doing this for years” on Windows Mobile and Treo devices. Good’s IT
customers can designate which applications they want their users to have by policy group and
Good will enable the distribution. Good notes that it has the “ultimate carrot and stick” –
because users are dependent on the messaging and intranet access to applications, Good can
take away access to user’s messaging and browsing if they do not deploy mandatory
applications IT managers have specified.
Good is unconcerned about potential industry consolidation within the MDM market, noting it
has been in business for over 10 years and is “self-sustaining.” Good points to its longevity and
willingness to “be there” for its customers, some of whom have been with Good since its
inception. Good states that growth in the enterprise segment of its business has been over 100
percent annually for the past two years and expects strong growth to continue.
143 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Headquartered in Sunnyvale, CA, Good is primarily focused on markets in the United States,
United Kingdom, Europe and Asia Pacific. Good does not have direct sales offices in Latin
America, preferring instead to rely on partners for this region. Good notes that it frequently
reaches markets such as Latin America, Eastern Europe, and Japan by selling to a multi-national
company’s headquarters and helping the enterprise deploy globally.
Good’s customer base consists of four of the Fortune five, seven of the Fortune 10 and 50 of
the Fortune 100. Good also counts eight of the top 10 largest global banks as its customers,
along with five of the 10 largest healthcare companies. In the government sector, Good is
working with the US Department of Defense and the Department of Homeland Security.
McAfee www.mcafee.com/us/products/enterprise-mobility-management.aspx Mobile Platform Support
Apple iOS 4, 4.x, 5
Android 2.2, 3.0
BlackBerry Basic support*
Symbian Basic support*
Windows Windows Mobile v5.x and later; WP7 (No EMM agent required)
* Basic support includes the ability to perform remote wipe (restore factory settings) and require use of a password or PIN to unlock.
McAfee, owned by Intel, acquired MDM vendor Trust Digital in 2010 and offers Enterprise
Mobility Management (EMM) as its MDM product. McAfee believes that coupling mobile
device management with effective security protection provides it with a unique opportunity to
help customers benefit from reduced threats and greater control over their mobile devices and
applications. Because malware can undermine the work of MDM solutions and exposes
customers to unnecessary risk, McAfee believes that MDM can only truly be successful when it
is bundled with effective malware protection.
Officials at McAfee believe there are three key components to a robust mobile security
solution:
Device Protection: Includes device management, including OTA provisioning, real-time
device access, and reporting along with EMM device agents, including password, PKI and
two-factor authentication and remote wipe; native device encryption; and support for
144 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Wi-Fi and VPN configuration and management. Device protection also includes
VirusScan Mobile (described below).
Data Protection: Provides policy-based security functionality, including backup, wipe
and lock if the device is lost or stolen, along with monitoring and prevention of
unauthorized mobile devices from accessing the corporate network. Additionally
McAfee states that data is protected even if devices are jailbroken or rooted.
Application Protection: McAfee offers app-scanning technologies for application stores
that help vendors provide customers with a safe application experience. McAfee also
provides App Alert software that provides users with insight on how applications are
accessing their personal data. Additionally McAfee has expanded its Global Threat
Intelligence offering to include mobile application reputation services; these services
identify applications that are malicious or put customers’ privacy at risk.
As a security vendor, McAfee understands the benefits of a secure container and preventing
outside applications from piercing the container to see or access corporate data. At the same
time, McAfee recognizes the unique aspects of a container approach. According to McAfee
officials, “By definition, the user experience is different than it would be without a container
because the user is using applications that are different than the native applications on the
device. Instead of using a native client, the MDM vendor would be building specific
applications for the secure container.”
EMM integrates with McAfee’s ePolicy Orchestrator (ePO) management deployment console,
with EMM software installed as an extension of ePO. EMM customers can use the same ePO
management infrastructure – a single pane of glass – to run all of their reports and have
visibility into the entire fleet of devices within their organization. The ePO dashboard can be
configured to provide a customized view of devices by platform, domain, and group. IT
managers can also see which devices are out of compliance, which are rogue, and which are
accessing corporate applications.
McAfee strives to provide customers with choice and offers EMM not only through its own
sales and partner channels, but also through AT&T. According to McAfee officials, AT&T is
offering everything from deployment services to bundling. Additionally, McAfee plans to offer
customers the choice of delivery model for EMM. Currently available as an on-premise
solution, EMM will be launched as a cloud service in 2012, both through McAfee’s partners and
as an organic offering from McAfee. In providing an EMM SaaS offering, corporate officials
note that McAfee is familiar with hosted solutions, having introduced a SaaS-based email
protection and Web protection offering in June 2010, along with the release of the next
generation of these solutions in October 2011.
145 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
McAfee offers customers an enterprise Application Store, which allows customers to identify
applications – either those they have written in-house themselves or those they have identified
in Apple's Application Store or Google's Application Market – and recommend those
applications to their employees. Customers can distribute their own enterprise applications
through McAfee’s EMM application store, where the applications appear as a tab on the
McAfee EMM device agent. According to McAfee officials, “Through EMM, McAfee provides a
vehicle through which it is easy for employees to get to applications.”
McAfee plans to introduce additional security, policy and compliance features for EMM 10.0
during the first half of 2012. On January 30, 2012, for example, McAfee announced Mobile
Security 2.0 that includes online device management, such as allowing users to remotely wipe
data on their devices and removable SD cards, as well as the ability to remotely back up the
information before the data is permanently deleted. The new version of Mobile Security also
allows users to track their phones remotely through built-in GPS and remotely lock access to
device data.
In September 2011, McAfee began offering all of its EMM customers a license of its VirusScan
Mobile (VSM) for Android smartphones and tablets at no cost. VSM provides protection against
malware, viruses, worms, dialers and spyware Trojan horses that originate via inbound and
outbound email, email attachments, instant messaging and Internet downloads. VSM scans
and cleans malicious code from files, memory cards, applications, Internet downloads, text
messages, and attachments.
McAfee officials state that they are seeing increased interest in mobility virtualization. Through
partners, McAfee offers virtualization as a value-added SaaS service. McAfee partners offer to
host a virtualized solution in their data center, providing customers with a virtualized instance
and management of that service.
146 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Mformation www.mformation.com Mobile Platform Support
Apple iOS 5
Android 4.0 and later
BlackBerry 7.0
Symbian 3.0
Windows Windows Mobile v6.x and later; WP7.5 and later
Mformation is unique among the profiled list of vendors as being the only company to sell
exclusively to Managed Service Providers (MSPs) and Communications Service Providers (CSPs),
and not directly to enterprise customers. Mformation acknowledges that most of the MDM
market is currently being served by on-premise, behind-the-firewall solutions. Nevertheless,
Mformation believes cloud-based solutions through MSPs will grow quickly as the market
expands and matures.
Mformation offers a hosted solution with a multi-tenant architecture. Mformation cites its
scalability as a key differentiator: the vendor has a live customer deployment that is designed
to support one hundred million devices on a single instance. Mformation adds that it also has
deployments where multiple instances support more than one hundred million devices per
customer. Mformation’s product strategy is to ensure that it supports core mobile device
management functionality and to partner with other providers to support other mobility
capabilities, such as TEM, MEAP, and end-point security. Additionally, Mformation states that
its relationship with device OEMs and carriers ensures that new enterprise devices and
functionality are always supported and available to corporate customers who prefer a managed
service delivery model.
Mformation recognizes customer concerns about cloud security and, to mitigate this, protects
data in transit using SSL. While native data at rest is OS dependent, Mformation has fully
integrated partners that handle both individual application wrapping (fine-grained container)
and containers (course-grained container) that protect data at rest. For access authentication
and authorization, Mformation’s security service is implemented on the concept of Access
Control Lists (roles) after user name and password credentials are successfully met.
In its work with carriers, Mformation has worked hard to ensure that it is providing a core MDM
engine in the carrier network that can cull different network elements. According to Rob
Dalgety, Mformation’s Marketing Director, “This is an architecture we’ve used across a number
147 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
of carriers that has translated well as Mformation looks at some of the MSP requirements and
deployment approaches they want to run as they integrate into an ITSM framework.”
In addition to carriers, Mformation has partnerships with mobile handset and mobile device
manufacturers, solution partners, system integrators and platform vendors:
Mobile Handset and Device Partners: Apple, ASUSTek Computer, HTC, Huawei, Intel,
LG Electronics, Microsoft, Nokia, RIM, Samsung, Seowon Intech, Sequans
Communications, Sony Ericsson, Symbian, and ZTE
Solution Partners: Amdocs, Bridgewater Systems, Elitecore Technologies, and Intel
System Integrator Partners: Acision, HP, and IBM
Platform Partners: F5, HP, IBM, JBoss, and Oracle (including BEA and Sun)
In December 2011, Mformation signed a reseller partnership agreement with Echoworx in
which Mformation will include the Echoworx mobileEncrypt ENDPOINT product in its MDM
offerings. Echoworx mobileEncrypt ENDPOINT is an on-the-device email encryption solution
that allows mobile users to send and receive encrypted messages directly on their smartphones
or tablets. Because provisioning and managing is done OTA through existing mail
infrastructure, IT managers do not have to upgrade or displace existing mail solutions.
Enterprise Application Stores are provided inherently within the Mformation platform and
customers are taking advantage of this capability, reports Dalgety. In terms of customer
approaches, for example, Mformation customer ISEC7 has a large fleet of BlackBerry devices
under management and a number of BES servers supporting different enterprises. With
Mformation, ISEC7 has been able to expand beyond support for BlackBerry devices and can
now also support iOS, Android and other enterprise devices that are relevant in the North
American market.
Similarly, Mformation customer LG Electronics has been able to provide MDM support for email
and core security functionality, such as lock and wipe, across different countries and network
technologies throughout Asia Pacific. For customers that require advanced functionality,
Mformation has fully integrated partners that specialize in this area.
148 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MobileIron www.mobileiron.com Mobile Platform Support
Apple iOS 3 and later
Android 2.2 and later
BlackBerry v4.2.1 and later
Palm/HP WebOS
Windows Windows Mobile v6.5, WP7 and later
In business for five years, MobileIron is generally regarded as a leading player in the MDM
market and has aggressively pursued market growth since its founding in 2007. It offers both
an on-premise solution – Virtual Smartphone Platform (VSP) – as well as a cloud-based solution
– Connected Cloud. MobileIron has pursued partnerships with leading global companies to
extend its market and geographic reach beyond North America.
MobileIron strongly supports allowing users to view applications natively, stating that this is the
reason mobility has become widespread and BYOD is so popular. MobileIron deploys VSP with
an eye toward preserving the native user experience, noting that employees have a strong
preference to use native applications for core functionality, including email, calendar, contacts,
and communications.
MobileIron critiques the container approach as “fracturing” the user experience and limiting
sustainability. MobileIron believes that a container approach focuses too heavily on security,
leading to lower user satisfaction, limited incremental risk management, a limited ability of IT
managers to support mobile applications, and a high cost of ownership due to upgrade, scale,
and maintenance overhead.
For corporate IT managers worried about security, MobileIron states that it can wipe corporate
email in the native email application without disturbing personal email in the same
applications, allowing users to retain their personal email experience while providing IT with
data separation. MobileIron also states that its granular privacy policies allow IT managers the
ability to selectively monitor applications, allowing IT administrators to track corporate device
locations but not personal devices. Further, MobileIron notes that it can prevent corporate
email from being forwarded to personal email accounts; for iOS devices, this functionality is
available starting with iOS 5.
To counter security concerns from IT executives about storing email attachments on the device,
MobileIron states that it can monitor applications that might access attachments and
149 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
automatically block email flow if there is a high risk of this happening. MobileIron believes that
erroneous copy/paste mis-deeds on the part of end-users are primarily acts by malicious users
and can be identified from the desktop or Web.
When asked to comment on concerns about the cost and complexity of native applications,
MobileIron responds by saying that it is “relatively easy” to develop in a smartphone and tablet
environment as opposed to traditional mid-range or terminal PCs environments from the past.
According to Adam Stein, MobileIron’s Director of Marketing, “Android and iOS development
can be done in hours or days.”
In November 2011, MobileIron released version 4.5 of its VSP platform, which provides
additional security for Android devices. Key functionality offered in this release includes
encryption enforcement for data at rest, Secure SSL VPN connectivity for data in motion,
Exchange account configuration with certificates, a single MobileIron client for all Android
devices, notification upon removal of Android administrative privileges, and hardware
lockdown for camera, Wi-Fi, and Bluetooth functionality. MobileIron’s 4.5 release also includes
support for Android 4.0 security.
MobileIron launched “MobileIron University” in December 2011. Classes are available globally,
both in real-time and on-demand. On-demand courses are online virtual classrooms, with
participants taking a test at the completion of their course work to earn their certifications. The
center provides training and certification for mobile IT professionals, including MobileIron
customers and partners, and includes programs centered around:
Application delivery
Authentication
Authorization
Certificate delivery
Enterprise controls
Security
In January 2012, MobileIron announced “explosive” corporate growth statistics from the past
12 months, including the following:
Company bookings grew over 400 percent
Experienced 600 percent year-over-year growth in its customer base, including the
addition of 435 new enterprise customers in Q4 2011
Won more than 100 of the Fortune 500 and Global 250 companies as customers
150 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Expanded global installed base with customers in more than 30 countries
Increased global distribution through partnerships with 13 of the largest mobile
operators, including AT&T, SingTel, SoftBank BB and Swisscom, and over 150 Mobile IT
VARs worldwide
Motorola Solutions www.motorola.com/mspsoftware Mobile Platform Support
Apple iOS 4 and later
Android 2.2 and later
Windows Windows Mobile v6.5.x, Windows CE
Motorola Solutions typically approaches mobility management from a holistic perspective, tying
in other aspects of its vast product and service arsenal whenever possible. Motorola Solutions
can also claim a long history in the mobility market, supporting ruggedized mobile devices long
before smartphones and tablets were popularized by consumer devices.
Motorola Solutions introduced its latest version of its MDM offering, Mobility Services Platform,
or MSP, in January 2012. Motorola Solutions believes that MSP 4.0 provides it with several key
differentiators in the crowded mobile device management market:
Scalability: Motorola Solutions publishes that its MSP 4.0 Stage Edition scales up to
250,000 licenses, and Motorola Solutions states that it has tested close to 1 million
devices. According to Mike Hulthen, VP of Development at Motorola Solutions, “Most
companies think about scale in the 20,000 user range. We think of scalability in much
higher magnitudes.”
Security: Motorola Solutions believes that it has a broad area of focus in terms of
security and the risks associated with an unsecured environment. For example,
Motorola Solutions notes that it offers the industry’s leading wireless LAN management
and security product – Motorola AirDefense – which can assist enterprises in
preventing and determining what happens when a customer’s network or device
population is compromised or breached.
Broad and Deep Functionality: Motorola Solutions believes that it goes much broader
and deeper than other players in terms of device management. In addition to deep
management and security functionality on Motorola Solutions’ own enterprise devices
151 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
and tablets, MSP 4.0 now supports consumer BYOD smartphones and tablets.
Motorola Solutions’ Mike Hulthen also notes that the company can manage non-
conventional mobile devices, such as scanners, scales, media devices and wireless
printers. Additionally, Motorola Solutions offers IT administrators the ability to utilize
rich data analytics and metrics available in MSP 4.0 to assist in troubleshooting,
ensuring devices are running current software and applications and are in compliance
with security policies.
Horizontal Product: While Motorola Solutions as a company targets specific vertical
markets, MSP 4.0 is designed to work in any industry. According to Kevin Goulet, Senior
Director of Strategy and Product Management, “We're in just about every vertical
market there is, but we're a little deeper in certain verticals due to the company's
focus.”
Single Pane of Glass: MSP 4.0 allows customers to manage their current devices,
including both corporate devices and personal/BYOD devices, all through a single pane
of glass.
Accessible: Motorola Solutions states that it built MSP to be very accessible, allowing
partners and third parties to add to it through the company’s “plug-in model.” These
partners can add features to MSP. Examples of plug-ins that have been added in the
past include features such as terminal emulation.
IT “Touchless” Approach: Motorola Solutions’ customers who are managing devices in
BYOD environments can enroll and provision users with minimal or no assistance from
their IT departments. End-users enroll via a self-service portal on the Web, a process
Motorola Solutions believes is a particularly strong selling point with customers that
have large, global deployments. Motorola Solutions authenticates to the customer’s
Active Directory (or similar database), assigns users to groups, and authenticates
certificates for their mobile devices based on users’ geographic locations.
Test Environment: Motorola Solutions, because it is a large, F500 company, typically
tests its products on its own employees before launching them into the general market.
For its MSP 4.0 product, Motorola Solutions took the recommendations of its IT
managers into account, particularly with regard to its “light” enrollment process.
MSP 4.0 is available in two versions:
Control Edition: Provides customers with control over CL and IL devices and includes
management capabilities for “hardened” Android devices (including OS improvements),
device metrics, Wi-Fi/cellular metrics, battery performance metrics, enhanced device
security, tunnel service, Active Directory/LDAP integration, asset management, real-
152 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
time remote device control for Motorola mobile devices, policy-based management,
dynamic deployment, device scripting, missing device support, background updates,
expedited updates, integrated add-on kits, and automated 802.11x certificate
deployment and renewal.
Stage Edition: Allows customers to automatically stage up to hundreds of thousands of
Motorola and non-Motorola enterprise mobile devices. Features include remote, web-
based staging; configuration via bar code scanning, cradle, SMS or a pre-defined staging
network; on-demand staging; single point of control for staging activities; standardized
platform, scalable up to 250,000 mobile units and 10 remote sites; life cycle support;
and support for plug-ins. Additionally, Stage Edition allows IT managers to create
customized messages to quickly guide users through required procedures.
Motorola Solutions describes its current installed base of on-premise customers who have
mobile devices under management as “healthy,” noting that, while there is a strong ramp in
customers interested in its cloud-based solution, there is equally strong interest from on-
premise customers who directly own and operate their systems.
Motorola Solutions frequently provides virtualized server mobile device management, primarily
because customers’ servers are virtualized and they are requesting a similar infrastructure for
their mobility platforms. Mike Hulthen states that the majority of MSP systems today are
virtualized, with customers purchasing a large piece of hardware and “running thousands of
applications on it.” MSP is typically one of the applications that is run on a large server in its
own virtual slice, so there is no interaction with other corporate data. Kevin Goulet notes that
many of Motorola Solutions’ hosted environments are run on virtualized servers as well.
Motorola Solutions supports document management through mobile device management,
including the ability to push a document out and later pull it back in.
When addressing the likely consolidation in the mobile device management market in the
coming years, Motorola Solutions states that its longevity is one of its strongest selling points,
stressing that customers must feel confident that their prospective vendor will be in business
for the short- and long-term. Motorola Solutions believes that its consistency and stability are
key selling points for IT managers.
153 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
RIM/Ubitexx www.rim.com Mobile Platform Support
Apple iOS 4 and later via Mobile Fusion (GA: March 2012)
Android Android 2.1, 2.2, 2.3 via Mobile Fusion (GA: March 2012)
BlackBerry All
BlackBerry Mobile Fusion is the result of RIM’s acquisition of German MDM vendor Ubitexx in
May 2011. Closed beta for Mobile Fusion began in January 2012 and general availability is
scheduled for late March 2012. RIM customers must upgrade their BES to the 5.0.3 release,
and BlackBerry Mobile Fusion will only support Apple’s iOS4 or later OS and Android 2.1, 2.2 or
2.3 releases. (BlackBerry Mobile Fusion is not expected to support Android 3.0 or 4.0 at this
time).
Key features in RIM’s BlackBerry Mobile Fusion include:
Asset management
Configuration management
Security management
Single, centralized console to manage all devices
Device software management
Application management
Scalability
Alan Panezic, RIM’s VP of Enterprise Product Management and Marketing, described how
BlackBerry Mobile Fusion will scale five times higher than BES, with support for up to 10,000
devices per Mobile Fusion server. IT administrators will be able to manage corporate- and
employee-owned devices from a single, web-based console. Additionally, Panezic stated that
BlackBerry Mobile Fusion will separate personal and corporate data using a 256-bit encrypted
container for corporate data. The container is automatically created and requires no special
provisioning from the IT department, other than provisioning PlayBook and BlackBerry
smartphones against BlackBerry Mobile Fusion. ISVs are also not required to take special steps,
since applications that contain corporate data go to the corporate container directly. End-users
only need to log in when they access corporate data.
154 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
BlackBerry Mobile Fusion is expected to support virtualization with no additional requirements
for hardware purchases. Future QNX devices will reportedly work with BlackBerry Mobile
Fusion and RIM will offer support for mobile operating systems beyond Android and iOS “if
there is demand,” according to Panezic. Pricing has not yet been announced although RIM has
stated that Mobile Fusion will be competitive with similar offerings.
SAP www.sap.com/solutions/mobility/afaria www.sybase.com/products/mobileenterprise/afaria Mobile Platform Support
Apple iOS 3.2.2 and later
Android 2.2 and later
BlackBerry J2ME versions 5, 6, 7
Java Java Virtual Machine 1.4, 1.5, 1.6
Palm/HP Palm OS 5.2, 5.4
Symbian 9 and later (up to but not including Symbian Anna)
Windows Windows Mobile 4.1, 4.2, 5.0, 6.5, Windows CE, OMA DM
Since SAP’s acquisition of Sybase in August 2010, the combined company has been working to
integrate its mobility offerings, pre-selling and cross-selling solutions that will benefit the
combined entity, as well as integrating mobility into SAP’s back-end systems. SAP is one of the
few MDM vendors who offers both an MDM platform (Afaria) and a MEAP platform (Sybase
Unwired Platform, or SUP). Combined, these systems offer mobility features and applications
to enterprises seeking to advance their mobility initiatives and transform their businesses.
According to Russell Fry, Senior Director and Mobility Solution Executive at SAP, “We see our
customers being able to differentiate themselves from their competitors and also get
productivity and efficiency gains through the use of mobile applications.”
SAP’s MDM and MEAP capabilities can be tied into companies’ back-end systems, enabling
greater productivity and information sharing on mobile devices. SAP considers itself a leader in
back-end data management with HANA, its in-memory computing software, along with its
BusinessObjects analytics tools. SAP believes it is unique within the mobility industry in
general, and the MDM market in particular, with regard to its ability to leverage
BusinessObjects. With this business intelligence dashboard, according to Russell Fry, SAP has
the ability to handle large amounts of data from customers’ mobile infrastructures and create
155 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
actionable insights from this big data. SAP believes it is only natural for organizations to want
to utilize this information on their mobile devices, accessing and acting on data in real time.
SAP’s latest release of software for Afaria, version 7.0, addresses many of the trends overtaking
enterprise mobility, including:
BYOD: SAP states that its self-service portal allows employees to enroll, configure, lock,
locate and wipe their mobile devices without help desk assistance, significantly reducing
IT costs and giving users a more efficient and enjoyable experience.
Fragmentation of Operating Systems & Device Types: SAP supports different mobile
operating systems and device form factors. SAP also works closely with device
manufacturers to ensure continued access to current APIs for deep integrations.
Explosion of Mobile Applications: SAP automates the application enrollment processes
for application distribution and management.
Extend Security to Mobile Data: SAP plans to continue its work of providing granular
control around security features and functionality.
Usage Analytics & Telecom Expense Management: SAP highlights its real-time
analytics capabilities that allow organizations to reduce telecom costs and provide
insights into security risks. Through its BusinessObjects BI suite (BOBJ), Afaria can
leverage BusinessObjects to analyze telecom usage, mobile applications and mobile
device compliance.
The company states that its mobility solutions are simple and straightforward, even when
additional layers are added. SAP notes that it not only has standard MDM features but also the
ability to enable and manage applications, including the ability for customers to build their own
applications or purchase pre-built applications that SAP has produced. SAP makes its
applications available through Apple’s store. Partner applications, which currently number over
200, are available through SAP’s partners. Additionally, SAP has created application libraries
that allow users to go to a portal and drag and drop new applications for usage into their
mobile devices. This simplistic, streamlined approach allows end-users to install and use new
applications within minutes, according to Alison Welch George, Senior Business Development
Manager at SAP.
Afaria creates a single pane of glass for public and private applications, and IT managers can
view all user applications in a single place. SAP notes that Afaria also allows IT professionals to
separate professional versus personal applications, a distinction SAP believes is critical should a
device be lost or stolen and need to be wiped. Mandatory applications are automatically
pushed down and installed on users’ devices.
156 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
SAP states that its customers have leveraged mobile applications to successfully differentiate
themselves from their competitors, as well as realize significant productivity and efficiency
gains. In order to help its customers continue along this path without creating significant TCO
or eroding ROI, SAP has been careful to ensure that application deployment, security and end
user experience are addressed. For example, Afaria allows application enablement and on-
boarding, providing the means to automatically ensure that an application is signed, delivered
and maintained for SAP's custom application approach. SAP expects to fully integrate its off-
the-shelf applications into this process in the future. Additionally, SAP plans to significantly
integrate its SUP platform with Afaria moving forward, allowing it to push out the right
applications to the right individuals based on user credentials within each organization.
SAP believes that one of its key differentiators is its ability to provide real-time analytics for
telecom expense management. Customers can use the BusinessObjects analytics embedded in
Afaria to check roaming charges in real time. IT managers can then change user profiles ‘on the
fly’ for those users who are approaching their roaming limits, thereby reducing any telecom
costs that may have been accrued if real-time information were not available. SAP can also
send messages to individual users or to their managers to take corrective action, if necessary.
Specific rules can be created based on roaming activity.
As more device manufacturers open up their APIs, SAP anticipates providing more intelligence
about the location and behavior of mobile devices – where they are and whether or not they
should be roaming. SAP can put this information into its BOBJ engine, creating a display for
telecom commodity managers to identify potential real-time cost overruns and act upon them.
In this way, “peaks and valleys” are smoothed out, particularly for international roaming.
In its reporting analytics, SAP offers different dashboards that IT administrators can utilize. SAP
also offers telecom reports in the following categories:
Devices: Includes number of devices by OS, carrier, and manufacturer, as well as the
number of new devices added each month by OS and whether the device is CL or IL.
Activity: Includes roaming activity of devices (including international roaming) in real-
time; number of devices that exceed the defined activity threshold; and data, voice and
messaging usage by carrier.
Applications: Includes the number of enterprise applications installed by month, top 10
enterprise applications by OS and installation status, volume licensing status for
enterprise applications, and the number of enterprise applications out of version.
Compliance: Includes iOS and Android devices that are compromised, number of
devices that have not connected in time, number of iOS devices without a password
157 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
policy, number of devices that are out of compliance by platform, and number of
devices that have access violations by platform.
SAP positions mobility as part of a larger ecosystem and pro-actively engages with partners,
forums, industry events and customers to ensure it is aware of new trends in the MDM market.
SAP promises to add new features and functionality to Afaria to support these trends if it makes
sense for Afaria’s long-term road map. Officials note that SAP’s roadmap is very OS-specific.
SAP plans to continue its strong development efforts for iOS and Android and will continue
developing for Windows as well. SAP also has solid relationships with Samsung and LG.
SAP is unconcerned about the possibility of industry consolidation, noting it is “110 percent
committed to mobility.” Indeed, SAP deployed 14,000 iPads to its own employees by the end
of 2011 and continues to deploy 1,000 devices internally each month. SAP’s corporate roll-out
utilized Afaria software and was done without hiring additional staff.
SAP’s largest customer to date is the US Census, who used Afaria for the 2010 census to
support 140,000 concurrent devices. SAP officials note that they are in pilots currently with
organizations that will support 160,000-to-180,000 devices. SAP states that it also has a
deployment underway with a large US cable provider.
When responding to competitors’ criticisms that Afaria is “antiquated,” SAP officials
acknowledge that their product has been around for 16 years, with the code written 18 years
ago. SAP insists however that it continuously updates Afaria’s code base, adding new features
and functionality as warranted, making Afaria “more powerful and robust” than competitor
offerings.
SAP also admits that Afaria’s user interface is “a little outdated” and the company updated the
Afaria user interface with its 7.0 release, announced in late February 2012. Additional updates
in the Afaria 7.0 release include a new Web services API layer for integration with enterprise
systems to allow automation between MDM and corporate systems; integration with SAP’s
BusinessObjects portfolio; simple, streamlined workflows for common tasks; administration on-
the-go through access to the administration console from Web browsers Internet Explorer,
Chrome, Safari and Firefox; and improved TEM capabilities.
158 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
SOTI www.soti.net Mobile Platform Support
Apple iOS 4 and later
Android 2.2 and later
BlackBerry 4.6 and later (supported through BES currently; plans to support through MobiControl in Q2 2012)
Windows Windows Mobile: All including Win CE and Pocket PC 2002/2003 Windows XP and above (laptops and kiosks)
SOTI offers MobiControl as its MDM offering for the enterprise market. A Canadian company,
SOTI has historically worked with many international customers and does not focus on any
specific geography. While it has traditionally recognized approximately half of its revenues
from the US market, SOTI is seeing “enormous” growth from customers in Europe, Asia and
Latin America. According to Crystal Wong Kruger, SOTI’s Senior Manager for Business
Development, “It is not unusual for SOTI to have a customer with 10,000 existing licenses who
wants to expand, not just with ruggedized devices but with consumer smartphones and tablets.
These customers want to add another 10,000-to-20,000 licenses, allowing SOTI to ‘level out’ its
focus on the US market.” Wong Kruger states that SOTI has experience supporting large groups
of users, adding that SOTI’s architecture was designed to support hundreds of thousands of
licenses. Other than localization for languages and technical adjustments to improve certain
capabilities, such as network connectivity, SOTI does not have to modify its products for
international customers.
SOTI offers both on-premise and cloud-based MDM offerings, utilizing a multi-tenant
architecture for both. For on-premise solutions, Managed Service Providers (MSPs) can take
advantage of MobiControl’s advanced device and policy grouping capabilities and combine this
with SOTI’s granular permissions control to create unique views per “tenant” with limits on
which administrators or technicians can access these tenants’ devices. In such a scenario, a
technician for one tenant would only see and be able to manage that customer’s devices after
logging in. At the same time, the MSP administrator could login, view, and manage all
customers’ groups and devices.
In addition to the group-based policies in its on-premise architecture, the SOTI cloud offering
further allows the creation of entirely separate instances (each with their own unique servers).
In both instances, MobiControl allows administrators to restrict not just access to device
groups, but also to which MobiControl features are manageable by each person.
159 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
According to SOTI officials, MobiControl is stored in a central database. SOTI notes that the
architectural differences between its on-premise and cloud-based solutions are minimal: with
the MobiControl cloud solution, the on-premise server is simply hosted in the cloud, allowing
an easy transition from on-premise to SaaS.
SOTI highlights the following features as key competitive differentiators in the mobile device
management market:
Comprehensive yet Simple: SOTI states that it offers a comprehensive MDM solution
that is also very simple to use and set up – often in less than one hour – allowing
customers to quickly use and exploit its technology benefits. MobiControl trial
customers often install the server on a desktop or laptop computer for quick evaluation.
SOTI officials note that ease of use has been a key factor in many customer purchases
and is an advantage over systems that are cumbersome to use, lengthy to deploy and
require extensive technical resources to administer.
Mature Product Offering: SOTI has been offering its MobiControl MDM solution since
2003, stemming from the original product Pocket Controller Pro. MobiControl is backed
up by a “world class support team.”
Technical Teams: SOTI states that its employees have a deep technical understanding
of the company’s offerings. According to Wong Kruger, “Even our sales and business
development teams are extremely technical, which enable us to more quickly
understand and address our customers’ and partners’ unique requirements.” For
example, Wong Kruger notes that SOTI can address tight turnaround requests, such as
custom “wipe” requests and special statistical abstractions of data from MobiControl
devices from OEMs and hardware partners due to the collaborative nature and technical
backgrounds of its employees.
In highlighting mobile device trends in the market today, SOTI officials highlight two distinct
customer segments. The first includes customers with large deployments who are issuing
corporate-owned devices and introducing line-of-business applications. These are significant in
size, often ramping up to the tens of thousands of devices per enterprise. The second scenario
centers around BYOD environments in which corporate concerns are mainly focused on email
configuration and basic security, such as the ability to selectively wipe email and corporate
data. In the latter scenario there are generally few if any “extreme” control policies such as
application blacklisting and complete lockdown; as a result, the overall requirements list is
much smaller for these deployments. While BYOD deployments continue to gain traction and
SOTI is increasingly being asked to respond to large BYOD RFPs, the majority of SOTI’s
customers continue to invest in the first scenario – corporate-liable devices with LOB
applications.
160 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
SOTI’s device-side agents are available through Apple's iTunes store and through the Android
Market. SOTI applications are also available in Samsung's application store on Samsung
devices. Additionally, SOTI offers an app catalog which allows any enterprise to recommend
public or private apps through SOTI's user interface. SOTI’s application catalog is divided into
categories: Enterprise Applications and App Store Applications. SOTI developed its user
interface in-house, putting a GUI around what it was already doing in terms of deploying
applications and providing back-end reporting. For example, customers can see an enterprise
financial reporting application that will be pushed down to users. With SOTI's console, IT
administrators can see what percentage of users who need a specific application have not yet
installed it and generate reports and alerts for individuals who are not complying. Additionally,
SOTI can change the name “SOTI MobileControl App Catalog” to the organization's name, giving
it a custom look and feel. The application catalog can also support custom links to web sites or
pdf files, such as a sales brochure, for example.
For iOS applications, SOTI offers remote control, as well as an iOS SDK that allows enterprises to
support those applications. Because iOS applications reside within their own sandbox and
cannot interact with other applications (due to the way in which Apple designed its interface
and operating system), SOTI opened up its SDK for enterprise applications, allowing
organizations to use MobiControl’s MDM functionality, such as two-way chat, remote control
or two-way file explorer, within customers’ own enterprise applications. According to Richard
De Souza, a Business Analyst at SOTI, “SOTI has gotten a lot of attention for this because it's
one-of-a-kind. There's no such thing as a remote controlled solution for iOS. SOTI has broken
the mold for this capability.”
Another feature that has received positive endorsements from users is MobiControl’s ability to
implement a lock-down kiosk mode policy, which entails the creation of an interface showing
only those applications users may access at work. With this feature, IT administrators can
provide users with access to the Internet, such as web applications, without allowing users to
enter web sites that are unapproved or unauthorized. SOTI reports that this feature, along with
remote control, are “huge” for customers running line of business applications.
Due to its longevity and reputation in the industry, SOTI reports that new partners approach
the company on a weekly basis from different parts of the world. Wong Kruger states that SOTI
has an aggressive channel growth strategy and will leverage partners wherever possible. As a
result, SOTI has witnessed significant new partner opportunities during the past 12 months in
Latin America, EMEA and Asia Pacific. Distributors, system integrators and VARs have enabled
SOTI to maximize the number of countries and languages it can support; customers benefit
because they can work with a vendor they already know and with whom they share a common
cultural understanding and language.
161 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
SOTI takes pride in and receives positive customer feedback for its ability to provide a seamless
user experience for IT administrators in its Web console. Regardless of whether the IT manager
is in the Apple, Android, Windows Desktop or Windows Mobile tab, the appearance and
functionality on the console are the same. SOTI notes that operations are being done very
differently on the back end, but the experience to the user is seamless.
SOTI has also focused on ensuring a seamless licensing and billing experience for customers. As
such, partners that sell MobiControl bill customers directly and purchase from SOTI or a
distributor. Large accounts generally prefer to buy from SOTI directly.
SOTI offers product support and maintenance services for MobiControl, including:
SOTI Technical Support Service
SOTI Skin Catalogue Service
SOTI Location Based Service
SOTI Messaging Service
SOTI Enrollment Service
SOTI Agent Builder Service
Free software upgrades (major and minor releases)
Additional service options, such as 24 x 7 support, are available for an additional fee. SOTI
partners can sell and/or provide support directly. Depending on the account and issue, SOTI or
the partner may provide Tier 1 support. SOTI is also available for Tier 2 support.
SOTI’s professional services team includes solution architects who assist customers with
implementing, administering and configuring MobiControl. SOTI also offers three training
courses that are catered to customers’ specific needs. Training includes User, Administrator,
and Boot Camp classes that range from several hours to several days.
SOTI is a private company and is entirely funded through product and service revenues. SOTI
has never had external sources of funding from venture capitalists or other investing sources.
162 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Syclo www.syclo.com Mobile Platform Support
Apple iOS 4.2 and later
Android 2.0 and later
BlackBerry v6.0 and later
Windows Mobile v7.0 and later
Syclo is one of only two MDM vendors to offer mobile device management and mobile
enterprise application platform (MEAP) capabilities. Agentry is Syclo’s MDM offering and is
provided free of charge to Syclo customers who purchase Syclo MEAP solutions. Syclo has
historically recognized most of its success from MEAP sales and developed Agentry to complete
its MEAP platform.
Despite Syclo’s willingness to include Agentry at no additional cost with Syclo’s SMART Mobile
Suite, not all Syclo MEAP customers take advantage of this offer. Why? Customers must spend
resources to install the equipment, understand how to manage it, and monitor it on a regular
basis. Additionally, Syclo’s apps already come with app and data management tools specifically
designed for Syclo’s solutions. As a key SAP partner, Syclo also integrates seamlessly with
Sybase’s MDM offering – Afaria. Nevertheless, Joe Granda, Syclo’s EVP of Marketing, notes that
Syclo has seen significantly more interest in Agentry MDM during the past 18 months as more
companies express interest in monitoring their complete mobile environments. Instead of
asking, “What is MDM?”, customers now respond by saying, “Of course we’ll use it.”
Syclo typically sells to large customers with thousands of users who have a strong need to
control the many devices flooding into their environments. Key verticals that take advantage of
Agentry include utilities, oil and gas, health care, life sciences, and pharmaceutical firms. These
firms, due to the nature of their work, need to both track and audit mobile devices.
Syclo offers Agentry MDM as both an on-premise and cloud-based offering, although its SaaS
offering is typically provided through Syclo’s partners. Syclo states that it has not been difficult
to develop both on-premise and SaaS delivery models, noting that integrations are the most
challenging aspect of this transition. Syclo’s Granda states that Syclo is adept at integrations,
with web services and other methodologies used to best fit Syclo’s customer needs.
Syclo’s cloud-based partners white label Syclo’s Agentry SaaS offering, as well as promote it as a
Syclo product. One Syclo partner – West Interactive – is doing both, labeling SaaS Agentry as its
own solution while advertising that the solution is powered by Syclo. West Interactive has
server farms that host Syclo’s mobile solutions, along with IVR systems and SMS servers from
163 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
“We have a twisted view of the
market vis-à-vis other MDM players,
because we don’t just offer MDM.”
Joe Granda, EVP of Marketing, Syclo
other vendors. West Interactive integrates all of these services together into a single, cloud-
based solution.
Syclo believes that applications are at the heart of any mobility offering and starts sales
conversations by highlighting the benefits of mobile applications, including increased
productivity, efficiency and competitiveness. Syclo believes that mobility ROI comes primarily
from applications, not device management. Syclo’s Granda jokes that “We have a twisted view
of the market vis-à-vis other MDM players, because we don’t just offer MDM.”
Syclo’s Agentry Editor provides assistance to customers who are developing applications.
Graphical mapping of application components allows developers to better analyze the business
logic of a particular application by accessing visual maps of relationships, sequences of actions
and component properties. Syclo currently has over 2,000 developers working on the Agentry
platform.
Syclo’s professional services team, based in the United States and abroad, can provide
application development assistance directly to customers, train partners to develop and deploy
applications, or train customer IT departments to
develop and deploy the applications themselves.
What Syclo typically finds most successful is having
mentors from the Syclo professional services team
work with customers’ professional services teams to
make sure the solution is architected correctly. With
this approach, customers are in control of what
happens with mobility in their own environments. According to Syclo’s Granda, “We're able to
train people to use our system because it's easy to use, easy to train, and well recognized.”
Syclo has a well-developed partner program and is using its partners to expand globally. For
example, through Accenture, CSC, IBM and Wipro, Syclo has ramped up its centers of
excellence around the world and expanded to multiple continents. Syclo trains these global
partners on its products who, in turn, deploy Syclo bundled with their offerings. Additional
large, global partners include AT&T, IBM, Motorola Solutions and SAP. In other scenarios, Syclo
looks for local partners who speak the local language and know local customs; in such cases
Syclo trains the local partner on its offerings.
Syclo has organized its partner structure, with systems vendors being very important since they
are the systems that are extended to mobile devices. IBM, SAP and TRIRIGA are examples of
these types of vendors. The next tier are global and local system integrators due to their close
ties to customers looking for mobility solutions, as well as their ability to integrate with existing
customer infrastructure. Hardware vendors, such as Motorola, Intermec, Panasonic and Cisco,
164 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
are at the next level; these firms supply the hardware and utilize Syclo for the software
component. Carriers round out Syclo’s partner ecosystem. Carriers have extensive market
coverage.
Syclo highlights its robust security features, noting that many of its customers include
organizations from the federal government and highly regulated industries. Syclo utilizes
strong authentication at the database, application, network and transaction levels. Agentry is
fully compatible with security services like LDAP and CA eTrust and can offer single sign-on
capabilities for composite applications. Agentry also provides role-based access to data and
application modules, along with remote device wipe, data encryption OTA and on the device,
and centralized management of policies, profiles and security patches.
Syclo’s support infrastructure is integrated with that of both SAP and IBM, allowing combined
support efforts when necessary. For example, issues relating to an SAP customer using Agentry
would be populated to Syclo’s help desk databases even if the customer called SAP as the initial
point of contact. In this example, Syclo would work closely with SAP to solve the issue, either at
that level of support or by escalating it to a higher level of support.
Syclo does not include telecom expense management as part of its MDM offering, noting that
this is not a core competency at this time. According to Syclo’s Joe Granda, Syclo has not
structured any formal partnerships with specific TEM vendors because Syclo sees TEM as a low
value service with few differentiators between TEM vendors.
Tangoe www.tangoe.com Mobile Platform Support
Apple iOS 4.0 and later
Android 2.2 and later
BlackBerry V4.3 and later
Palm/HP WebOS
Symbian S60, 5th Edition
Windows Windows Mobile v6.x, WP7 and later
Tangoe is perhaps best well known for its deep history in Telecom Expense Management (TEM),
starting out with a focus on managing complex relationships with carriers and optimizing billing
charges. In 2008, Tangoe acquired InterNoded, a Massachusetts-based MDM vendor. Today,
Tangoe offers TEM services such as invoice management, centralized inventory, streamlined
165 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
provisioning and rate optimization, integrated with mobile device management for
smartphones and tablets.
Troy Fulton, Tangoe’s Director of MDM Product Marketing, believes that TEM and MDM will
increasingly work together in a symbiotic relationship and must be evaluated integrally to
provide stakeholders access to “big data” as a way of increasing business value. Because TEM
allows for pre-determined, predictable costs based on location, group, people, and devices, IT
managers can ensure that the right devices and people are in the correct plan and, if not, move
them in real time to a different plan that is pre-negotiated with carriers. The result, according
to Fulton, is greater enterprise end-to-end control over provisioning, policy management,
security, network access, applications, cost control and end-of-life device de-provisioning.
Tangoe believes it has several competitive differentiators over other MDM vendors. For
example, Tangoe states that it can comprehensively meet the mobility needs of large services
organizations, from help desk support to carrier relationship management. Additionally,
Tangoe points to its patented secure and intelligent device provisioning, authorizing and
configuration of wireless devices to the correct wireless host services, and self-service portal
and real-time cost management TEM services. Tangoe also highlights that it is the only MDM
vendor that can support application deployment throttling based on wireless host server
statistics.
Tangoe offers both an on-premise and cloud-based MDM solution and has received strong
interest from its on-premise customers about moving to a managed offering, a pattern Tangoe
expects to continue throughout 2012. In describing Tangoe’s approach to cloud-based security,
Custie Crampton, VP of Product Management, describes a light-weight agent Tangoe developed
as an alternative to VPN tunneling that allows Tangoe to talk with infrastructure that is installed
at a customer’s location without having to incur the entire cost of all the databases and OS
software licenses that Tangoe’s software would typically require. The light-weight agent allows
companies that are currently managing the solution internally on-premise to move it to a
hosted environment while still maintaining the same degree of control afforded by on-premise
environments.
Tangoe provides support for private enterprise application stores and market applications
based on profile configuration. Profiles can be configured based on OS information, device
statistics or user identity and only allow users to see applications that are relevant to them.
Tangoe can specify applications that are optional or required and provide links to a consumer
application store or internal corporate applications. Tangoe has not partnered with outside
mobile application management vendors but instead has developed its own internal application
catalog management tool. Additionally, Tangoe does not develop custom applications itself.
For customers who deploy Tangoe’s managed services offerings on top of MDM, Tangoe’s
166 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
professional services team can assist with application deployment. Tangoe provides IT
managers with a single administrative console to see both market and private applications
holistically.
Tangoe has used a portion of the capital raised in July 2011 as part of its Initial Public Offering,
as well as cash on hand, to acquire several firms that it believes will be strategic to its long-term
success:
Anomalous Networks: In January 2012, Tangoe announced that it had acquired
Anomalous Networks, a privately held provider of real-time TEM software solutions for
smartphones, tablets, personal computers and modem-enabled equipment. Anomalous
Networks’ solutions are expected to provide predictive cost intelligence, user alert
acknowledgement tracking, usage anomaly detection, and enhanced policy
enforcement.
ProfitLine: In December 2011, Tangoe announced its intention to acquire ProfitLine, a
provider of telecom expense and mobility management services, for $23.5 million.
Telwares TEM: In March 2011, Tangoe announced the acquisition of Telwares’ TEM
business in which Tangoe agreed to assume ownership of Telwares’ invoice
management, call accounting, and mobile device management operations, including the
related customers, support services, and staff located in Pueblo and Greenwood Village,
CO, and Parsippany, NJ.
HCL TEM: Tangoe announced in January 2011 that it had structured an agreement with
HCL Technologies to formalize a strategic alliance and acquire all existing HCL TEM
customer agreements and operations.
In Tangoe’s quarterly SEC filing for the quarter ended September 30, 2011, Tangoe highlighted
financial risks associated with its business during the recent economic slowdown. In
conversations for this report, however, Tangoe officials stated that company performance has
tracked well to plan, adding that Tangoe’s recurring revenue model has contributed
significantly to the company’s stability and financial strength. According to Custie Crampton,
“Approximately 90 percent of our revenue is recurring, coming from multi-year contracts. From
a stability perspective, we don't usually experience revenue peaks and valleys like firms selling
perpetual licenses.” Tangoe’s goal in the MDM market, according to Crampton, is to continue
to deliver value to businesses of all sizes as they face the challenge of better managing their
expanding mobile infrastructure.
Tangoe will continue to look for ways to differentiate itself, offering additional services around
MDM to provide customers with the best possible value. To that end, Tangoe released new
MDM software in December 2011 that has many iOS 5 capabilities built into it, including
167 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
support for Apple’s Volume Purchasing Program. Additional capabilities include an updated
version of Tangoe’s SaaS connector and a self-service portal. Although most of Tangoe’s
customers have moved to Exchange 2010, Tangoe continues to support customers on earlier
versions of Exchange, and by the end of March 2012, Tangoe will introduce a proxy server
solution that will be available for customers who are still using Exchange 2003 and 2007.
Wavelink www.wavelink.com Mobile Platform Support
Apple iOS 4 and later
Android 2.2 and later
BlackBerry 5.0 and later
Palm/HP WebOS
Windows Mobile Windows Mobile, Windows CE, DOS
As a long-time provider of terminal emulation and industrial browsers, Wavelink sees
application platforms and device management as a natural fit for its capabilities. Wavelink has
offered MDM solutions since 1998 and has built up a strong base of Wavelink Avalanche MDM
customers: over 8,000 companies are using Avalanche software to manage more than 5 million
mobile devices, including logistics and transportation companies and nine of the 10 leading
global retailers. Some Wavelink customers are managing 130,000 devices, while others manage
over 5,000 wireless LAN access points. Wavelink believes the large implementations it has
supported for nearly 15 years, particularly when Avalanche is tied into broader enterprise
infrastructure, provides it with a unique position in the market.
Wavelink provides real-time expense management tools through Avalanche Telicost. Roaming
end users – through a pop-up – are sent an alert to warn them if they are about to spend a
higher fee per minute than they would normally spend when not roaming. Additionally,
Avalanche Telicost sends an alert to IT administrators to allow them to decide if roaming should
be disallowed or permitted. In addition to notifying users of high roaming fees, Avalanche can
also notify users when they have spent a certain percentage of their monthly minutes, or when
users stray outside of their designated work areas, commonly known as geo-fencing. Wavelink
stresses the pro-active, real-time aspect of Telicost, noting that it avoids bill shock at the end of
each month.
Because of the markets Wavelink serves, it does not have its own application store. Most of
Wavelink’s customers prefer to deploy and manage specific applications, such as applications
168 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
related to ERP or field service management that integrate with back-end systems. As a result,
Wavelink customers generally obtain their own applications, create the specific configurations
they want their employees to run on mobile devices, and conduct a managed deployment.
According to Kelly Ungs, Wavelink’s Senior Director of Channel Sales, “It is a very closely
controlled process to ensure the applications are secure and workers are using the devices as
they were intended.”
Even though Wavelink customers operate in a more controlled environment with regard to
application configuration and deployment, Wavelink can still custom configure applications
based on configuration files that can be applied to various device groups or user groups,
depending on their permissions as set up in the Avalanche system. Wavelink can also utilize
Avalanche to control which users get access to which versions of which applications, and also
control who has what level of access.
Wavelink offers on-premise, cloud-based, and managed service delivery models. To provide
optimal security in the cloud, Wavelink utilizes a variety of measures around encryption and
authentication to protect data at rest in Wavelink’s databases, data in the hosting environment,
and data that is being transmitted over the Internet. In addition, Wavelink offers a standalone
data protection client on the mobile device that does not require that users are connected to
the Internet in order to encrypt and delete critical data on the device. IT administrators can
also configure the settings with timers on the device. When a device detects that it’s
vulnerable, it can take a number of actions to protect the data, including selective encryption
and deletion of critical data. Additionally, Wavelink ensures that the IT administrator or help
desk user is logging in and connecting to the appropriate tenant in Wavelink’s multi-tenant
architecture. Wavelink also has measures in place to ensure that when a device connects, it
can only be associated with a specific company. Wavelink assures customers that, even in its
multi-tenant architecture, there is no chance of any cross-over or of any customer seeing
another customer’s data.
When asked about consolidation in the mobile device management market, Wavelink describes
many of the new firms that have entered recently as having knowledge that is only “skin deep.”
Wavelink officials maintain that they will be around for the long term, pointing out that their
company has multiple revenue streams, including terminal emulation and agreements that
allow them to OEM Avalanche to major vendors. According to Kelly Ungs, “Any of our
management product areas could survive as a standalone business, but when we put them all
together, they work really well together and provide good stability for Wavelink and our
customers.” Jay Cichosz, Wavelink’s VP of Marketing, adds that the company still manages
devices that were made by companies that are no longer in business, noting “It's not that
169 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Wavelink will just support a device for six months while it's a popular in the market. Wavelink
supports enterprise devices and applications for the long haul.”
Peter Cannon, Senior Product Manager at Wavelink, states that Wavelink is committed to
overall mobility management, including application management, security management, and
configuration management. In evaluating MDM solutions, customers should focus on solutions
that provide them with a bridge to the future, recommends Cannon, including support for a
transition from a homogeneous mobile device environment to a multi-OS environment, support
for the implementation of back-end databases, and support for multiple delivery models,
including on-premise, cloud, and managed services.
Zenprise www.zenprise.com Mobile Platform Support
Apple iOS 2 and later
Android 1.5 and later
BlackBerry v4 and later
Symbian ^1 and later
Windows Windows Mobile v5 and later, WP7 and later
A player in the mobile device management market since 2003, Zenprise reported “tremendous”
growth during 2011, including:
Quadrupling its customer base worldwide
o Customers include two of the top three computer software, computer hardware,
telecommunications, aerospace/defense, and petroleum refining companies
Growing bookings by 400 percent
Tripling employee headcount to over 200
Expanding headquarters with a 24,000 square-foot facility in Redwood City, CA
Opening new sales offices throughout the United States, EMEA and India
Launching a Partner Network Program
Zenprise emphasizes that its mobility management solutions are “powerful yet simple”—
powerful due to the feature set its offerings include and simple for both administrators and
end-users. Zenprise highlights its ability to create multiple groups of users, including adding the
170 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
same person to different groups instead of just a single group. According to Ahmed Datoo,
Zenprise’s CMO, the company’s MobileManager solution can automatically assign policies from
each group, avoiding the laborious practice of manually creating exceptions. For end-users,
Datoo contrasts Zenprise’s solution with competitors, noting for example that Zenprise
customers are not required to have a Google account when they enroll an Android device, nor
are they asked to allow their iOS device to track their location.
Datoo highlights Zenprise customers who describe Zenprise MDM as “set it and forget it.” After
setting up MobileManager, they “never had to touch it again,” even when new employees
joined the company or existing employees departed. Datoo emphasizes that this is done
through MobileManager’s integration into customers’ LDAP architectures.
In September 2011, Zenprise introduced a new version of its MobileManager MDM solution
that includes secure file sharing for iPhones and iPads. The new application allows users to
access Microsoft SharePoint files and transfer them from their desktop to their mobile device
without uploading any documents. Additionally, Zenprise offers the ability to tag the security
of those documents. This Data Loss Prevention (DLP) offering extends existing SharePoint
controls to iOS devices, allowing users to view the files but not copy them or transfer them to
other iOS applications. Zenprise developed its secure file sharing technology in-house and
integrated it into MobileManager.
In November 2011, Zenprise announced a BYOD Tool Kit designed to help organizations with
BYOD planning and deployment. The Zenprise Tool Kit includes:
Rogue Device Assessment: Identifies potentially unmanaged BYOD devices on
corporate networks and includes detailed reporting on the frequency of device
connections to the corporate network.
Enterprise Mobility Executive Checklist: Provides organizational leaders with a set of
best practices to guide them in their BYOD roll-out.
Mobile Security Framework and Whitepaper: Provides a security blueprint for
organizations that want enterprise-grade mobile device management and security,
including a structure to assess monitoring, controlling, and protecting mobile devices,
applications, networks and data.
Zenprise offers the ability to distribute both private enterprise applications, as well as public
applications. Zenprise highlights its application distribution capabilities not just for iOS and
Android, but for BlackBerry, Windows Mobile and Symbian devices as well. Zenprise built this
functionality in-house and is not currently working with any outside application development
vendors or mobile application management vendors to provide this capability. IT
171 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
administrators have a single pane of glass to view public and private applications and can
associate the applications with the security policies and configurations they are deploying to
the devices.
Zenprise uses a container approach for users’ mobile devices that allows IT managers to specify,
on a document-by-document basis, whether specific files can be downloaded into the Zenprise
container. Zenprise can perform a selective wipe so that if a user had viewed the document on
a personal device and later leaves the company, all of the corporate documents are removed.
Zenprise also offers the ability to time-expire highly sensitive documents, such as confidential
financial information, R&D plans, or board of director packets.
Zenprise released Zencloud, its cloud-based offering, in July 2011. After Zenprise client
software is loaded onto an organization’s devices, IT administrators can view all of the devices
under their control, as well as overall software and hardware inventory information,
provisioning details, and applications. Some high-end security features will require customers
to purchase Zenprise’s Secure Mobility Gateway, which communicates with the Zenprise client
and monitors the device, including whether or not devices are infected with malware. If so,
devices are not allowed to connect to the corporate network. IT managers can also use the
Secure Mobile Gateway to administer white and black lists and block unauthorized personal
devices from the organization’s network.
Zenprise prides itself on its “powerful” security infrastructure around mobile device
management, particularly in the cloud, and believes it has the strongest security protection for
enterprises available today. Zenprise states that cloud-related databases with sensitive
information are put behind the DMZ so that sensitive information is not accessed via the public
Internet. LDAP information is also kept out of the DMZ in Zenprise configurations, and Zenprise
does not sync LDAP data to the cloud. Zenprise describes its security as end-to-end – providing
device, network, application and data security.
Zenprise states that its approach to mobile device management in the cloud is different from
that of its competitors, noting that it designed MobileManager with multi-tenancy in mind.
Ahmed Datoo states that Zenprise customer data is logically separated with no customer
information existing on the same database. Any issues with corruption would therefore only
impact a single customer’s data, not the entire customer population. Zenprise also contrasts its
Zencloud offering with that of competitors who simply put appliances in the cloud and
manually configure the systems.
Zenprise uses a combination of public, private and hybrid clouds. Datoo notes that Zenprise
typically uses a public cloud for small-to-mid-sized companies and private or hybrid clouds for
larger, enterprise customers. Zenprise sold a 40,000 seat hybrid, cloud-based contract in Q4
172 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
2011 in which the customer wanted to integrate existing on-premise resources, such as its
LDAP and VPN infrastructure, as well as certificates, into a cloud.
Zenprise views itself as an integrated solution provider, noting that, in putting its end-to-end
security policies in place, it considers data leakage on devices, network-based security,
application security and device security all topics of interest to mobile administrators. In
contrast, Zenprise believes that large companies selling solutions bundled together with
products unrelated to mobility are really just selling point solutions, adding that all of the
“other stuff” is not relevant to the mobile buyer.
Zenprise responds to competitor criticisms that it lacks large-scale deployments by highlighting
numerous large-scale deployments it is currently managing, including 35,000 devices for a
technology company, 30,000 devices for a telecom customer and 20,000 devices for an
aerospace enterprise.
Zenprise is often referenced by other MDM vendors as a likely candidate for acquisition as
industry consolidation is anticipated in the coming months. While Zenprise recognizes that the
market is crowded and foresees consolidation, Zenprise officials state that they are focused on
building a strong business. Zenprise’s Datoo adds that the company’s backing by multiple, blue-
chip venture capital firms is an implicit vote of confidence for Zenprise’s forward momentum.
173 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
ADDITIONAL STRATEGIC MOBILITY MARKET PLAYERS
Apperian www.apperian.com Mobile Application Management vendor Apperian ensures that applications are delivered
securely, that customers have control over both applications and data, and that application
reporting and cross-platform support is available for mobile applications. Apperian’s cloud-
based, SaaS EASE (Enterprise App Services Environment) solution allows enterprise application
developers to create secure applications that can be distributed, updated, managed, and
provisioned across their network. EASE provides a framework to extend Apple’s SDK with
enterprise functionality, including authorization, authentication, version checking, and push
notification. EASE also includes high-performance hosted services and content delivery
networks for application downloads as part of a “complete solution” for enterprise customers.
In December 2011, Apperian announced support for HTML5 with its EASE platform, allowing
enterprises to more quickly and easily pilot and roll out new mobile applications because there
are no requirements for application signing or configuration. While Apperian believes its native
catalogs are very high quality, it also recognizes that some organizations prefer HTML5 as a
quick start to application development.
Apperian also offers an SDK – a software library that customers can add to their iOS
applications that provides enterprise features to their applications. Apperian’s “Core SDK”
includes modules that enable key features of the EASE platform. Other modules can be used
with EASE or independently.
Apperian views applications as part of a container model, with each application having its own
“world” in which it will be used. This granular approach has security implications – with this
framework, Apperian can disable or delete applications if mobile devices with sensitive
applications are lost or stolen.
Cimarron Buser, Apperian’s VP of Business Development, does not believe MDM and MAM
vendors should be viewed as ‘either/or’ options, noting that while some Apperian customers,
such as Proctor & Gamble, Cisco, and NetApp, use core device management functionality
associated with Microsoft Exchange, they are not necessarily ready to adopt a process whereby
individuals and their devices are enrolled in a system in which a kind of “master God” takes
over.
Nevertheless, Buser does make some distinctions between MDM and MAM – most notably
with regard to the basic application catalog provided by most MDM vendors and the
application lifecycle development and management provided by MAM vendors. Many MDM
174 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
vendors are just using recommended applications and pointing to a public application catalog,
according to Buser, which is the equivalent of a web site and “not very powerful.” Other MDM
vendors just leave it up to customers to “figure it out” on their own.
In contrast, Buser notes that Apperian and other MAM vendors can not only link to a business
application, but provide screen shots, a description of the application, and a ratings/comments
section. In the future, Apperian plans to offer crowd sourcing, which will allow users to have
virtual conversations about which applications are important and the problems they are trying
to solve.
Apperian’s lifecycle services include beta testing, piloting, application roll-out, continuous
updates and eventual retirement. In Apperian’s vision, MAM is the lifecycle experience for
deploying and managing applications, not for the entire spectrum of mobility management.
The focus is on presentation, discoverability, and provisioning applications to end-users. Notes
Alan Murray, Apperian’s SVP of Product, “It’s really about how the end-users are interacting
with the application resources that are being provided on a mobile platform.”
In describing the Apperian “experience,” Buser highlights the importance of users’ backgrounds
in terms of how they view MDM and MAM. At one end of the spectrum are individuals who
approach mobility from the perspective that devices must have asset tags. Primarily from IT
backgrounds, these individuals are typically driven to MDM out of concerns about data leakage,
theft, control and regulation. At the other end of the spectrum are people who see mobile
devices in terms of what they can do, whether it’s a camera, a gaming platform or a two-way
communications device. This group is focused on utilizing mobility to gain competitive
advantage and will typically gravitate toward a MAM solution. Eventually, according to Buser,
both groups meet in the middle out of a recognition that security and data are both critical.
Apperian aims to provide customers with solid ROI for the applications they build. While
estimates vary with the scope of each project, in-house enterprise applications typically cost
several hundred thousand dollars each to build, the success of which is measured by the
number of people who download the applications. Apperian helps to facilitate this process and
cites the example of Talecris, a biotechnology company: after utilizing Apperian’s EASE
platform, the number of employees who downloaded Talecris’ applications spiked from 10
percent to 100 percent.
Apperian does not integrate with MDM solutions per se, but it does play alongside MDM
software. In its partnership with BoxTone, for example, Apperian has a “very light touch”
integration, according to Apperian’s Alan Murray, and provides interested BoxTone customers
more advanced application management solutions through EASE. Given BoxTone’s history in
building infrastructure, along with Apperian’s core competency around user experience, “it’s a
175 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
good marriage,” according to Murray. Brian Reed, Chief Marketing Officer at BoxTone, echoes
these remarks: “Apperian has a really robust enterprise app development and deployment
capability, allowing customers to build rich applications and quickly have the enterprise
equivalent experience of public app stores, plus a lot more. Apperian has a really good
enterprise SDK that makes it easy to build enterprise-grade apps faster.”
Cimarron Buser states that Apperian is open to additional MDM partnerships, along with MEAP
partnerships that are beneficial to both parties. Other Apperian partnerships include
integrators and MSPs, including Vox Mobile, as well as developers. Apperian describes its
developers as its most interesting partner category and states that it currently has over 30
developer partnerships for enterprise mobility applications, with new developers being added
on a regular basis. Many Apperian developer partners are small businesses providing
specialized iOS and Android development services, and they include Big Nerd Ranch and
BigTinCan. Apperian provides its developer community with infrastructure, including
distribution and the management of security and tracking. In turn, Apperian developers
provide valuable feedback on Apperian’s SDK.
Apperian would like to grow as fast as possible but with the caveat that any growth must
include quality partners who are “solid, have really good technology, and are the types of
companies we would want to refer to our customers.” Developer growth will also depend upon
customer demand in terms of the types of applications customers are using across industries
and verticals.
Apperian currently supports iOS, Android and BlackBerry devices. Apperian is well connected
to the iOS developer community given the previous experience of Apperian executives who
worked at Apple. Apperian also has connections to the Android developer community and
released EASE for Android in November 2011. Apperian expects to support Windows Mobile in
the near future, both natively and through the HTML5 capabilities it added in December 2011.
Other mobile operating system support will be based on customer demand.
Apperian employs approximately 50 people, most of whom work in engineering, quality
assurance and customer-oriented positions. All of Apperian’s development work is done in the
United States.
Bitzer Mobile www.bitzermobile.com Founded in 2010, Bitzer Mobile offers a solution that allows IT managers to mobilize existing
corporate applications rapidly by consolidating enterprise data in a secure container. Through
176 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
its Bitzer Enterprise Application Mobility (BEAM) solution, Bitzer Mobile consolidates all
enterprise data inside a secure container that is deployed on mobile devices as a native
application and is under the control of IT managers through an Administrative Control Panel.
Once IT organizations mobilize an application, users can interact with it from their personal iOS,
Android or BlackBerry device, and IT managers do not have to support multiple platforms or
create custom mobile applications.
In early 2011 Bitzer Mobile introduced a new solution for enhanced security on employee
mobile devices that extends Kerberos authentication trust directly to users’ devices by utilizing
a virtual smart card and an AppTunnel instead of a device-level VPN. With Bitzer’s virtual smart
card technology performing PKINIT, the trust is associated directly with the client and all keys
are stored in a secure container, avoiding potential security issues associated with a
constrained delegation approach. Bitzer believes this is a key differentiator in the market
today.
Bitzer’s new solution also obviates the need to configure and maintain lists of internal servers
to enable gateway trust; instead, IT administrators can continue authorizing users and servers
directly through Active Directory. Additionally, Bitzer’s secure AppTunnel ensures that the
connection from mobile devices to the enterprise intranet is only between the secure container
on users’ devices and enterprise servers via Bitzer’s gateway. To ensure a positive user
experience, Bitzer enforces PIN protection only when users are accessing corporate resources,
and not their consumer mobile applications, by holding the PKI certificate inside a secure
container application. Remote Mobile Container Management (MCM) allows IT administrators
to enforce policy and remotely lock/wipe the Bitzer container on employees’ mobile devices.
While not a mobile device management vendor (Bitzer categorizes itself as a Mobile App
Container supplier), Bitzer Mobile solves some of the same problems that MDM vendors solve.
For example, Bitzer Mobile can enforce authentication and security policies, as well as provide
data leak protection and security policies on the Bitzer container, but not on the device.
According to Andy Smith, VP of Product Management, “Bitzer crosses all categories – we do a
little bit of MAM, a little bit of MEAP, and a little bit of MDM.”
Bitzer Mobile believes that MDM vendors provide their services at the expense of user
experience, forgetting that mobile devices are popular because they are powerful consumer
devices. Bitzer is beginning to see enterprises, especially as they move from corporate-liable
devices to BYOD policies, showing a preference for mobile application management by
deploying a container approach, such as the one Bitzer offers. Bitzer’s value proposition is to
give corporations the security and isolation they need for enterprise IT purposes while still
allowing the mobile device to be a personal, consumer device.
177 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Bitzer is similar to a MEAP, in that it has developed mobile virtualization technology. Unlike
some MEAPs, however, particularly those that let customers develop an application, run it in a
cloud environment, and stream the application down in a virtual view, Bitzer Mobile creates
and deploys a simple web application that gets deployed in the enterprise’s DMZ. If a customer
is running JD Edwards inside their enterprise, for example, and wants to give their sales force
access to their accounts and their contacts, Bitzer deploys a mobile virtualization layer (MVL)
that is a simple web application. To do this, Bitzer has a MVL studio that helps customers
design the application; JD Edwards has a SOAP or REST interface for other applications from
which to pull data. Developers write to that SOAP or REST interface and request access. When
a user logs in and requests certain information, such as a name, telephone number, and
address for a certain account, the user is asked to define which pieces of data s/he wants to
mobilize. The application applies tags and meta-tags to those fields and then feeds the data
down to pre-built templates on the mobile device. Customers can mobilize once by creating a
simple mobile virtualization layer.
Bitzer’s container is written in Objective C for iOS, with a different version for iPhone and iPad.
Bitzer also has a container written in Java for Android, as well as containers written for
BlackBerry and Windows Phone 7. Customers can mobilize applications within a day because
they are not re-writing any of the business logic. Instead, all the business logic stays on the
server, with just the presentation layer rendered on the device.
HTML5 applications can run inside Bitzer’s container through a secure browser. If the
application is a Bitzer virtual application, it can run inside the container as a native application.
Bitzer also supports native enterprise applications but customers must recompile the
application using Bitzer's APIs, similar to what developers must do with Good Dynamics. While
the application can still be run with the Bitzer platform – by containerizing it – it requires
additional work by customers.
Bitzer Mobile highlights its three levels of security:
Authentication: To access anything inside the container, a user needs to first
authenticate. There may be time-out periods and many other authentication policies
put on the system, either through Bitzer Mobile's control panel or through Active
Directory and synched to Bitzer's control panel. Authentication is done against the
customer's domain back-end. Bitzer states that it is not the authoritative source when
customers log in; instead, the log goes directly back to the customer's enterprise from
the container. The trust is therefore established from the device to the enterprise.
Bitzer believes authentication enforcement is a capability for which it has especially
strong capabilities.
178 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Policy Management and Apportionment: Once the user is authenticated, Bitzer assigns
policies to the container so that it knows what device is accessing the container and
who the user is. Based on this information, Bitzer applies policy to that container,
including which applications a user is allowed to run inside the container (what Bitzer
calls virtual apps) and which applications users can run online or offline. Bitzer has the
ability to restrict access to the container based on the user’s geography (geo-fencing) so
that a user may only be allowed to access the container within the confines of a
hospital, for example, or only during certain time periods. If a user tries to access the
container outside of those parameters, Bitzer's solution will lock or wipe the container.
In other words, the container will take action based on the policy events or violations.
App Tunnel (Transport Layer): Bitzer has an application-level tunnel from the container
to the back end through a mutually-authenticated access tunnel that the company
states is more secure than device-level APN. According to Bitzer’s Andy Smith, “Unlike
traditional methods, which allow anything that backs up to a secure tunnel to connect
to the corporate back-end, customers using Bitzer’s app-level tunnel do not need to be
concerned with any other applications that might be running on the device because only
the ones that are inside the container are utilizing the tunnel that goes to the corporate
back-end.” Bitzer believes that its ability to provide a secure application tunnel as
opposed to a device-level VPN is a security benefit. Smith notes that Bitzer’s customers,
particularly those in highly regulated industries, have welcomed secure application
tunnels as they anticipate rogue applications, especially on Android devices.
Bitzer can provide these three levels of security whether the user is accessing a web resource
(such as a Web site), a SharePoint site or an intranet site. Bitzer has a browser inside its
container and web resources can therefore be accessed directly from the browser. If there are
HTML5 applications that have been built, these will also run inside the container. Customers
can also mobilize back-end applications through this mobile virtualization layer.
To expand its reach in the mobility market, Bitzer has formed a partnership with Mformation.
According to Andy Smith, the Mformation partnership was initiated after Mformation
customers requested a containerized solution in addition to device management. Additionally,
Bitzer Mobile is integrating with another MDM player through a mutual customer who wanted
to give end-users access to SharePoint via both corporate- and individual-liable devices in a
BYOD environment. Because the customer has a policy of smartcard-based authentication and
uses PKI certificates for its authentication process, this customer needed a company to secure
the certificates. Bitzer maintains the certificates inside the container and protects them with a
PIN, creating trust all the way through the device and then to the back-end server. The MDM
software is provisioning the certificates, and the integration is used to get the certificates into
Bitzer’s container.
179 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Because of partnerships such as these, Andy Smith believes that there will be further
consolidation – including mergers and acquisitions – between MAM and MDM vendors.
According to Smith, “The fact that Bitzer is doing the virtualization piece, as well as mobilized
applications, makes us more valuable because this is a piece many MDM vendors don't really
understand. I definitely see a consolidation in terms of MDM and what is currently being
classified as MAM. I see those spaces as almost indistinguishable from each other.”
Bitzer Mobile is headquartered in Sunnyvale, CA. In November 2011 it received $4.75 million in
venture capital funding from Acero Capital and Chevron Technology Ventures.
Endeavour Software Technologies, Inc. www.techendeavour.com Founded in 2002, software services company Endeavour Software Technologies, the Mobility
Company, is a company focused on enterprise mobility through its mobility consulting and
development services. One of several key decisions that Endeavour helps organizations
determine for their mobility initiatives involves mobile device management. Endeavour is
certified on most mobile platforms and has expanded its focus on mobile technology from the
first generation to the current fourth generation of smartphones, tablets and other mobile
devices.
Jayaraman Raghuraman (“Raghu”), VP for Americas at Endeavour, states that mobile device
management is just one aspect that enterprises must consider when developing their mobile
strategies. For example, in addition to recommending an appropriate MDM vendor for a
leading Fortune 100 consumer products company, Endeavour also helped build its mobility
roadmap, vision, and strategy. In other instances, Endeavour has designed and built device
management features into mobile applications when customers have resisted purchasing an
MDM platform. Endeavour has also provided mobility services centered around a hospital sales
and marketing solution for a health care company, a mobile software solution for an insurance
company, mobile commerce applications, and mobile banking applications.
Endeavour believes that mobile device management is evolving, both in terms of what MDM
vendors are actually providing, as well as how MDM functionality blends into other aspects of
the mobility ecosystem, including MEAP and MAM capabilities. This is particularly true as the
focus shifts from device protection to data protection.
To ensure mobile security, Endeavour believes that specific categories must be considered,
including:
180 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Data Security: When a user accesses data from a mobile device, strategies need to be
in place to ensure the data does not get lost and that it is encrypted and secure. This is
particularly true in highly regulated industries, such as healthcare and banking.
Device Security: Lost or stolen devices need to be secured such that applications cannot
be launched by an unknown user. Strategies around authentication are critical.
Authentication and Separation of Personal and Business Data: Includes built-in
security measures and regulations to ensure corporations are protected from actions by
users.
Network Security: Organizations must ensure that information being sent through the
network is not compromised.
Looking to the future, Endeavour believes that the coming six-to-12 months will witness larger
vendors entering the mobility market more aggressively. Players such as HP, Oracle, and SAP
will continue acquiring mobile capabilities and integrating them into larger IT solutions as a way
of managing mobility within the entire enterprise infrastructure. These players are also
expected to expand their mobility partnerships as they pour more resources, investment and
effort into their mobility initiatives.
Endeavour Software utilizes 240 mobile specialists. It partners with companies such as HP,
Intel, Microsoft, Motorola, RIM, Samsung and Sony Ericsson. Endeavour provides mobile
solution development across numerous platforms, including iOS, Android, BlackBerry, Symbian,
Palm Pre, Windows Mobile, micro Linux, Bada, Brew, Palm and J2ME.
Endeavour operates in healthcare, manufacturing, supply chain, consumer solutions, and
media/news verticals. Key clients include American General, Austin American-Statesman,
Boston Scientific, CA, Calypso, Chicago Tribune, Dell, e-MDs, Forbes, Hoovers, HP, Kimberly-
Clark, Morgan Stanley, RIM, Tesco, United Nations Foundation, and WellDoc.
Enterproid™ www.divide.com In operation since early 2011, Enterproid has had a significant impact on the mobility market
with its Divide™ platform. The basic premise of Divide is that users can switch back and forth
between their personal and professional profiles on a single mobile device by touching a button
on the device. No data crosses from the personal side of the device to the professional side,
and vice versa, ensuring that there is a complete “divide” between both worlds.
181 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
Similar to Good Technology, Enterproid uses a secure “container” to segment and secure
sensitive corporate data. Enterproid states that it designed Divide to ensure that users have
the best user experience possible. According to Dan Dearing, VP of Marketing, “We're not
looking at trying to take an existing product and extend it. Instead, we built Divide from the
ground up with the user philosophy in mind.”
Divide™ Manager is the element of Divide that provides a cloud-based device management
platform, allowing enterprises to manage things like policies across the mobile workforce.
MyDivide™ – also cloud-based – allows individuals to manage, locate, lock and wipe their
mobile phones and tablets. Divide Manager includes security controls, access control, and a set
of enterprise-grade versions of applications, such as email, contacts, calendar, a web browser,
phone dialer, and SMS.
Divide currently supports Android phones and tablets running version 2.2 or greater. In the
future, Enterproid plans to extend Divide to other mobile platforms, such as iOS and Windows
Phone 7. Enterproid also plans to release an API that will allow customers and third-parties to
develop secure applications for the Divide platform.
Enterproid’s Divide platform allows users to view documents from their work container. IT
administrators can structure an application to ensure that copy or extraction from the
container to the personal side of the device is disallowed. Enterproid does not currently have
the ability to provide time or date control for viewing documents.
Enterproid provides two portals:
Divide Manager: Similar to an MDM console, Divide Manager allows IT administrators
to see the entire universe of devices that are connecting to the enterprise environment.
This view is limited to data that is in the secure container. Divide Manager also provides
IT administrators with facilities to manage policies and applications via groups with
distribution over the air to the secure container.
MyDivide: The user portal gives employees complete control over their device,
providing them with a tool in which they can wipe their device if it’s lost or stolen, or
activate a beacon if it is simply misplaced. Employees can just wipe the personal side of
the device, or they can wipe the entire device, including the container. If they choose
the latter option, the employee would be opting out of management and would no
longer have access to the organization’s email services or any of the other applications
that would be provided in the container.
The Divide platform is deployed entirely from the cloud and installed as an application, allowing
users to set up the solution within minutes, according to company officials. Customers do not
182 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
have to install any hardware or software behind their firewall or on-premise. Data is encrypted
and stored on a completely separate database. Because of the container, Enterproid states
that viruses cannot access corporate information if they are downloaded onto the user's side of
the device. Enterproid currently charges $20 per year for a single user installation and
$60/user/year for enterprise installations.
Enterproid provides two levels of integration with its Divide platform:
White Listed Capability: Customers can take an app binary, upload it to Enterproid's
cloud server, and as part of the upload process, Enterproid will put a wrapper around it.
The wrapper secures it from a data protection standpoint so that the data is encrypted
and that the container or application is able to be wiped remotely by IT. Enterproid also
ensures that it can only launch from the work persona and that users do not see it on
the personal side of their device. This “white list” functionality allows users to select
any third party application, which can then be assigned to users by policies. Different
users can have different applications and the environment can be tailored to the user
and his/her role in the company.
SDK: Enterproid’s SDK allows for deeper integration and goes beyond data security and
protection, providing customers with the ability to affect the user experience, according
to Enterproid. For example, third party unified communications solutions such as
BroadSoft’s BroadWorks platform can be accessed via the dialer Enterproid supplies to
provide a richer, unified communications experience. Customers can also replace some
of the basic applications Enterproid provides with third party applications that have
access to the OS environment that Enterproid creates within its work persona. Within
the next six months, Enterproid plans to partner with application providers and
integrate different types of cloud-based services into the work persona using the SDKs
and APIs that come with the solution.
Enterproid believes that CIOs are anxious to leverage personal mobile devices that consumers
already own and use. At the same time, Enterproid believes it is critical in a BYOD strategy to
give employees confidence that they can trust the organization’s IT department when they give
IT managers some dominion over their personal devices. What does that trust entail? The
assurance that employee privacy is protected. Instead of traditional methods of device
management, in which IT administrators see the entire device, including all of the applications
and web services being used, Enterproid separates the device into two personas, carving out a
portion of the device that is containerized and separate from the employee environment.
Additionally, Enterproid makes a distinction in terms of what IT can wipe and what employees
can wipe off the device. With Divide, IT can only wipe the company persona. It’s left to the
183 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
employee to wipe the entire device if there is a loss or theft. As such, both parties retain
control – IT knows that even if the device is lost or stolen, the data is secure. Users know that
personal information will not be wiped without their consent.
According to Dan Dearing, Enterproid's primary focus is Android for large enterprises in a BYOD
environment. Dearing adds that IT managers who want to shift the cost of mobilizing their
entire company to more of a shared model using BYOD cannot be prescriptive in terms of the
types of devices their users choose. By providing IT managers with an enterprise-grade
approach to Android, similar to what these managers have currently for iOS an BlackBerry
devices, Enterproid helps organizations cope with the fragmentation of Android and the
difficulty of managing different models of software and hardware across different carriers. In
essence, Enterproid allows customers to normalize the OS variations and achieve a specific and
predictable security model.
Enterproid views mobile telecom expense management differently than traditional MDM
vendors. In Enterproid’s vision, expense management is a shared responsibility between
individuals and the enterprise and Enterproid provides both entities with insight in terms of
how the device is being used. For example, Enterproid can provide statistics on data usage,
voice usage and texting that is split by business use versus personal use.
Enterproid has several strategies for reaching customers with its Divide solution. Initially, it
plans to work with channels such as AT&T to roll out its offering to a wider audience. According
to Dearing, “The mobile network operator is our primary way to reach the enterprise and
provide our service.” Through the Toggle platform announced in October 2011, AT&T is
Enterproid’s first carrier partner. Dearing notes that Enterproid officials are in discussions with
other carriers in various geographies who are interested in replicating the AT&T model for their
own markets.
Additionally, Enterproid is interested in pursuing new markets that traditional MDM vendors
have typically ignored, including the SMB segment. Enterproid believes that SMB customers
would like to leverage mobile technology more fully but do not currently have a good way to
manage the process. SMB customers also have a different perspective on security, generally
one that is more relaxed. To reach the SMB market, Enterproid will work with resellers who are
selling to mid-tier enterprises and SMB companies. Reseller partners will offer Divide as a
value-added service to their existing offerings.
Enterproid envisions Divide as a complimentary solution to MDM vendors that do not currently
offer cloud-based mobile device management, providing them with an alternative delivery
model to their on-premise solutions. Driven by Enterproid channel partners who represent
184 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
MDM vendors within their mobility portfolios, Enterproid is currently in discussions with several
MDM vendors about possible collaboration.
Looking to late 2012 or 2013, Enterproid plans to work with mobile application management
vendors. Once the Enterproid framework to solve the BYOD challenge for IT managers is firmly
in place, Enterproid will work with MAM vendors to provide containerized productivity tools.
Enterproid’s vision is that MAMs will layer additional applications on top of Enterproid’s work
persona.
On February 15, 2012, Enterproid announced the integration of its the Divide platform with
BroadSoft’s communications platform. The integration will allow employees to use and
manage business communications services, such as text messaging from a business number,
business directory integration, call settings management, and extension dialing from their
mobile device. This will allow employees to access their work calls from their personal devices
without compromising their privacy.
Partnerpedia www.partnerpedia.com Mobile application management firm Partnerpedia provides MAM multi-tenant, cloud-based
services directly to IT customers, as well as to OEMs and vendors under private label.
Enterprise AppZone is Partnerpedia’s solution that allows IT managers to control the publishing,
distribution and management of approved applications to end-user devices. Enterprise
AppZone also includes administration functions, such as virus check and monitoring, mobile
content publishing, policy management, and user access control. Private labeling offers
technology vendors and OEMs the ability to further deploy a customer-facing mobile
application store.
Partnerpedia also offers native mobile application development for iOS, Android, Windows
Phone and BlackBerry devices. Additionally, customers can choose HTML5 for multi-platform
development. Partnerpedia’s expertise includes user interface and design, porting and
conversion, custom development, system integration, mobile content intranet, and business
and consumer applications.
According to Sam Liu, Partnerpedia’s VP of Marketing, approximately one-half of the customer
accounts that Partnerpedia interacts with do not have any MDM capabilities within their
environments. These customers are hopeful that Partnerpedia’s solution will be adequate to
service all of their mobility management needs. Partnerpedia customers that do have MDM
systems installed, according to Liu, typically report that their MDM platform is less suited for
185 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
BYOD environments due to more complex implementations or concerns around user privacy
and corporate liability.
Partnerpedia is in discussions with several MDM vendors about potential partnerships and
points of integration. According to Sam Liu, “There's not an obvious point of integration right
now because all companies have their own proprietary APIs.” Partnerpedia is still formulating
its approach toward MDM and MEAP vendors.
Partnerpedia was founded in 1996 and partners with leading customers, such as Alcatel-Lucent,
Citrix, InterSystems, Microsoft, RIM, Sophos, and Zebra.
186 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
ABOUT GALVIN CONSULTING, LLC
Galvin Consulting publishes syndicated research on mobile technology, including Smartphones
in the US Enterprise and Transforming Healthcare through mHealth Solutions. Additionally,
Galvin Consulting has supported direct clients and mid-tier research firms on custom market
intelligence and primary research projects. Analyst expertise extends from mature hardware
and software technology to emerging markets.
Through in-depth analysis and ongoing conversations, Galvin Consulting has developed
relationships with global subject matter experts and industry influencers. Deep connections
with technology professionals put Galvin Consulting analysts in close proximity to the tactical
and strategic information end-clients seek. Galvin Consulting researchers have a highly tuned
perspective on the integration of technology within corporate enterprises. They also
understand the vertical application of technology within a given industry, by virtue of
interviewing key technology consumers.
Galvin Consulting research includes market trends, drivers, segmentation, industry dynamics,
market direction, pricing/cost analysis and SWOT analysis. Additionally, Galvin Consulting
frequently includes competitive analysis, feature/functionality analysis, financial health, and
gap analysis. Customer satisfaction research is an additional core competency, including
win/loss analysis and customer satisfaction research.
LICENSE
Copyright © Galvin Consulting. Some rights reserved. Licensed under a Creative Commons
Attribution 3.0 License. Any reuse or remixing of the work must be attributed to Galvin
Consulting.
NO UNAUTHORIZED DISTRIBUTION
Any unauthorized distribution outside of the license agreement shall constitute breach of
license terms. Galvin Consulting may be eligible for legal and compensatory remedy in such
instances.
187 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012
DISCLAIMER
Galvin Consulting believes the information contained in this report is reliable but, due to the
dynamic nature of the mobile industry and the market research process, we cannot guarantee
that it is accurate or complete and it should not be relied upon as such. Opinions expressed are
current as of the date of this publication. The information, including the opinions contained
within the report, is subject to change without notice.
Use of this report by third parties does not absolve these third parties from using due diligence
in verifying the report’s contents. Galvin Consulting shall have no liability for any direct,
incidental, special, or consequential damages or lost profits, if any, suffered by any third party
as a result of decisions made, or not made, or actions taken, or not taken, based on this report.
CONTACT INFORMATION
Galvin Consulting, LLC Seattle, WA Ph: 206.347.7552 Email: [email protected] Web: www.galvinconsulting.net
© 2012 Galvin Consulting and/or its affiliates. All rights reserved. This publication may not be reproduced or
distributed in any form without Galvin Consulting’s prior written permission. The information contained in this
publication has been obtained from sources believed to be reliable. Galvin Consulting assumes no liability for the
accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or
inadequacies in such information. This publication consists of the opinions of Galvin Consulting and should not be
construed as statements of fact. The opinions expressed herein are subject to change without notice. Although
Galvin Consulting research may include a discussion of related legal issues, Galvin Consulting does not provide legal
advice or services and its research should not be construed or used as such.