It’s no longer Citrix and Microsoft vs. the world in the MAM market.
Not too long ago, Citrix was the only third-party vendor that could manage Microsoft Office 365 mobile apps, and all the other major players promoted native OS-level mobile application management (MAM) through membership in the AppConfig Community. But over the past year, two of the market leaders — VMware, which co-founded AppConfig, and BlackBerry — added support for Office 365 mobile apps through the Microsoft Intune Graph API. And now, after flirting with the idea for two years, Citrix has joined AppConfig.
Upon first hearing the news, I cynically thought Citrix was trying to have its cake and eat it, too. They’re joining a group that supports open, standardized MAM, while they still support Microsoft’s closed MAM ecosystem and have their own proprietary XenMobile MAM? The nerve!
But after thinking more about it, I realized it’s a good thing for IT professionals that the MAM battle lines are blurring. Many organizations are going to need to manage Office 365 mobile apps through the Graph API and also manage other mobile apps through Apple iOS and Google Android’s native capabilities. The more vendors that support both, the more choices that IT departments will have. And Citrix wants XenMobile MAM to be in those discussions.
“We started to recognize that customers wanted to have that flexibility,” said Suzanne Dickson, director of XenMobile product marketing. “They’ve gotten a lot more sophisticated now. They have different use cases.”
XenMobile MAM has always been able to use OS-level controls, but the lack of formal AppConfig support hurt the product’s perception, Dickson said.
“It was sort of a checkbox thing,” she added.
Citrix’s road to the AppConfig Community
In the early days of MAM, a developer had to build a different version of their app for every MAM product they wanted it to work with. That was a tall task, so most apps ended up not being compatible with every MAM product. And instead of trying to sort it all out and purchase multiple MAM products to manage all their apps, a lot of IT departments just didn’t buy MAM at all.
When Apple added application management capabilities to the mobile device management (MDM) APIs in iOS, it opened the door for VMware, MobileIron, IBM and Jamf Software to form the AppConfig Community in 2016 and promote these features as a sort of standard. (Android also added its own OS-level MAM capabilities and later joined AppConfig.)
Citrix was in talks to join the consortium shortly after its inception but instead focused on XenMobile MAM — which, unlike AppConfig’s approach, does not require devices to be enrolled in MDM — and on its partnership with Microsoft.
Through that partnership, XenMobile provides additional features than just managing Office 365 mobile apps through the Graph API. Those include a Secure Mail app that Intune can manage and per-app VPN capabilities for other Intune-managed apps.
Citrix’s membership in AppConfig will not affect that partnership, Dickson said.
“We still have a really good relationship with Microsoft,” she said.
A little more than a year ago, we published an article titled, “Wanted: A way to block iOS updates.” Well, Apple administrators, want no more.
The upcoming Apple iOS 11.3 update will, for the first time, allow admins to temporarily prevent users from downloading and installing operating system releases on their devices. The restriction applies only to iPhones and iPads in Supervision mode, which requires Apple Configurator for some management tasks and is typically used in education and corporate-owned device scenarios; IT won’t be able to block iOS updates on personal devices through traditional mobile device management software.
Apple admins have said the ability to block iOS updates will give them time to test for application compatibility and operating system bugs before rolling out new operating system releases. To that end, Apple won’t allow them to block an update forever. The default delay is 30 days, and the maximum is 90 days. After the specified time period expires, all available updates will appear on the device for users to download and install.
The first technology for controlling Android OS updates, Samsung E-FOTA, hit the market last year. IT admins have long had the ability to control Windows OS updates on PCs.
Admins’ concerns about application compatibility and bugs are not unfounded, as there have been serious issues with iOS updates in the past. Most recently, a bug in the native Mail app in iOS 11, released last September, prevented users from accessing several popular forms of Microsoft-provided email.
Apple released the iOS 11.3 beta this week. Similar functionality to block operating system updates on Macs will be included in macOS 10.13.4, the company said.
In addition to the ability to block iOS updates in the iOS 11.3 update, Apple will give users the ability to override its controversial processor throttling on older iPhones. The company acknowledged last month that it intentionally slows down phones with old batteries, saying it’s to prevent the devices from crashing when the battery can’t keep up with processing demands.
The cynic in me still thinks Apple’s true intention was to encourage owners of old iPhones to buy shiny new, expensive ones. Either way, we’ll have the option to stop the throttling once the iOS 11.3 update hits general availability — as long as our IT departments don’t block that.
Changes in smartphone purchasing trends have hurt Samsung.
Samsung released the Galaxy Note 8 in the last two weeks of the third quarter of 2017, around the same time as Apple released its three latest iPhone versions 8, 8 Plus and X. Samsung mobile sales decreased by 6% for the quarter. Why? Because sales of cheaper mid-range and low-end smartphones increased compared to those of their more expensive high-end counterparts, and because of a decline in LTE investments from major overseas customers, Samsung said in its Q3 2017 earnings report.
The biggest problem for Samsung profits in the mobile market, however, is that consumers and business users alike keep their phones for about 18 months to two years these days, so there are fewer buyers for the company’s newer, higher-end phones, said analyst Jack Gold, principal and founder of J. Gold Associates in Northborough, Mass.
“The real issue in the mobile space is that people keep their phones longer,” Gold said.
End users used to buy every new model of a phone because the software and features were significantly better, which is still true between low-end models. The higher-end smartphones, however, don’t update features enough to make users want to buy the latest version.
Samsung may have more competition in the mid to low-end smartphone market, but its devices such as the Galaxy J7 maintain strong global popularity, according to Counterpoint Research. Samsung has difficulty competing against Apple’s iPhone 7, 7 Plus, 8, or 8 Plus with the Samsung Galaxy S8, S8 Plus or Note 8 in the USA high-end smartphone market, the firm said.
The dip in Samsung mobile earnings came from a lack of a new high-end smartphone for most of the third quarter, Gold said. The Galaxy Note 8 came out in mid-September.
“The Galaxy Note 8 is not brand new anymore, so the numbers are going to slip a bit,” Gold said.
As the largest provider of Android devices, Samsung is an established company in the mid to low-end smartphone markets, but most organizations support higher-end smartphone models for business users. Samsung is making a push to invest in next-generation technology — mostly 5G devices — as an attempt to appeal more to the enterprise market, the company said. Still, those devices could be a far way off.
“5G still has about two to three years before it hits the enterprise because there aren’t enough things like 5G cell towers to support widespread use,” Gold said.
Samsung Electronics CEO and vice chairman Kwon Oh-hyun stepped down in October, and the company announced three new CEOs will take over: Kim Ki-nam for components, Kim Hyun-suk for electronics and Koh Dong-jin for mobile and IT.
NEW YORK — We’ve talked a lot about BlackBerry’s shift from a device manufacturer to a software provider over the past few years. And when we referred to software, we typically meant enterprise mobility management (EMM). In that regard, the company’s transformation has gone well.
BlackBerry is one of the four leading vendors in the EMM market, according to the Gartner Magic Quadrant. And the BlackBerry Enterprise Mobility Suite trails only VMware’s AirWatch in terms of market share, according to IDC’s MarketScape report for unified endpoint management.
John Chen, CEO of BlackBerry, and other executives stressed that the company’s vision goes far beyond securing mobile devices and PCs, however.
“I don’t want to be an EMM provider,” Chen said here at the BlackBerry Security Summit. “It’s a lousy market. If Microsoft wants the market, they can have it. We’re in endpoint management, the IoT world.”
CEO of BlackBerry acknowledges marketing problem
BlackBerry’s five-year goal is to be as synonymous with overall enterprise security as Salesforce is with CRM software or as Oracle is with databases, COO Marty Beard said. That will be an uphill battle outside of the vendor’s core customer base: government agencies, financial firms and other highly regulated companies.
To that end, BlackBerry established an enterprise software sales force and a channel, Beard said. But there are still significant challenges around marketing the company’s new identity.
Over the past decade, as the consumerization of IT took hold, BlackBerry lost significant mindshare among IT professionals — many of whom were once devout users of the company’s smartphones. Now, they don’t think about BlackBerry when it comes to making technology purchasing decisions, said an infrastructure engineer for a financial firm in the Northeast.
“You’ve got to build that muscle memory,” said the engineer, who spoke on the condition of anonymity because his employer did not authorize him to talk to the media.
Chen also acknowledged this problem.
“Not too many people know about what we do too well,” he said.
Inside BlackBerry Enterprise Mobility Suite
The BlackBerry Enterprise Mobility Suite grew out of BlackBerry Enterprise Service, which originally provided secure email and management capabilities for the company’s own smartphones. Over time, BlackBerry added support for Apple iOS and macOS, Google Android and Microsoft Windows. The product also saw significant enhancements following the 2015 acquisition of EMM competitor Good Technology.
That deal “was a very necessary thing for us to do to express our commitment to the enterprise mobility software market,” said Chen, who took over as CEO of BlackBerry in 2013. “It has not been easy integrating the technology, but we finally did. … It was like two sinking animals trying to save each other, but we finally got it done, and now we’re in a good place.”
Today, the BlackBerry Enterprise Mobility Suite also supports management of IoT devices and even connected cars that use its QNX software. And its Dynamics platform allows organizations to develop apps with management, security and collaboration features built in.
As the biggest standalone vendor left in the EMM market, MobileIron has faced questions about its future for years. Those will only intensify in light of the surprise departure of CEO Barry Mainz.
Mainz and the board of directors came to a mutual decision that he should leave, the company said this week. CFO Simon Biddiscombe will take his place as MobileIron CEO and on the board. The move came as MobileIron announced its preliminary financial results for Q3, which fell short of analysts’ expectations.
All of the other major enterprise mobility management (EMM) vendors, with the exception of BlackBerry, are large enterprise software providers that offer a variety of end-user computing and IT infrastructure products. Most of them, including VMware, IBM and Citrix, got into the market by acquiring standalone EMM vendors. And even BlackBerry contributed to the EMM market consolidation by buying rival Good Technology.
Because of these market dynamics, acquisition chatter regularly swirls around MobileIron. By naming its CFO as chief executive, the company has added fuel to that fire.
“When you put in the CFO as CEO, you’re looking for a sale,” said analyst Maribel Lopez, founder of Lopez Research, on Twitter.
New MobileIron CEO faces uphill climb
Biddiscombe, who has been with MobileIron since 2015, does have CEO experience, however. He was chief executive of server and storage vendor QLogic from 2010 to 2013, when he resigned after a period of steady sales declines.
In his introductory letter as MobileIron CEO, Biddiscombe positioned the company’s standalone status as a positive.
“Our strengths are our focus and agility, and, as a result, we are better positioned than any other company to support our customers,” he wrote.
But focus and agility are not exclusive to smaller vendors. Mobility isn’t exactly getting lost in the shuffle at VMware, which is using AirWatch’s technology for lots of new innovations around workspaces and identity management, for example. MobileIron also has some weaknesses that Biddiscombe’s letter alluded to, including in sales and operations.
All in all, it’s clear that he’ll have some work to do to keep up with much larger competitors — if that is his goal, rather than priming the company for a sale.
Mainz era comes to an end
Mainz took over as MobileIron CEO from co-founder Bob Tinker in January 2016, following a challenging time for the vendor and the EMM market as a whole. The company went public in 2014, just months after rival AirWatch sold to VMware. Wall Street began to view EMM as a small piece of a bigger puzzle, and MobileIron’s stock price suffered, dropping from $9 at initial public offering to below $4 when Tinker stepped down.
Upon his hiring as MobileIron CEO, Mainz sent mixed messages about the company’s future, saying he’d “look at all offers” for an acquisition but also that “my plan’s not to sell.” Over the past 21 months, he managed to keep MobileIron on pace with its EMM market competitors; the company remained a leader in the Gartner Magic Quadrant for both 2016 and 2017. And for a while, the stock price was on the way to recovery, reaching a high of $6.60 in June of this year.
But in July, around the time MobileIron announced Q2 revenue that missed Wall Street’s mark, the stock plummeted to the mid-$4 range, and it has hovered at or below the $4 mark since August.
SAN FRANCISCO — In a lot of circles, shadow IT is considered a dirty term — something IT should prevent at all costs. In reality, however, shadow IT can be a great resource for IT departments, helping them identify problem areas and understand what users really need to get their jobs done.
The idea is that users are partners that IT should work with, not talk down to. Open lines of communication are critical to creating that partnership. In fact, if IT works with users, shadow IT can lead organizations to useful enterprise tools for file-sharing or other technologies.
Instead of just saying ‘no’ to what users want, the IT department at San Jose Unified School District seeks them out to learn more.
“Tell us what you’re doing or not able to do, and that changes the conversation, where we never would’ve known about that wonderful free application,” said Emalie McGinnis, director of technology and data services for the school system, here in a session at BoxWorks.
NASA had around 9,000 people using unsanctioned enterprise file sync-and-share (EFSS) tools. When the space agency became aware, it adopted Box to help solve the problem, said Chris Blakeley, a NASA application software developer.
“Users just want to get their jobs done, and if we don’t have the solutions for them regularly available, they’re going to do it on their own,” Blakeley said.
In other situations, rather than moving users to a new tool, IT should assess the risk of some of the unsanctioned software users work with, Blakeley said. If the risk is small, it may be better to let users work with software IT is aware of, rather than blocking it and having them find another option IT doesn’t know about that might be worse, he said.
Users aren’t out of the woods
Accountability is still critical. Just because shadow IT is not the harbinger of disaster some people think it is, users still need to take responsibility for the corporate data they interact with.
“You can’t bypass the security rules just because you want to do your job,” Blakeley said.
One way to ensure that users understand the requirements around cloud storage and file-sharing, for instance, is to create a cloud governance policy that clearly explains what software IT approves and what it denies.
“Users will want to do the right thing; it’s just that they don’t have the reference architecture [to always do it],” said Srini Gurrapu, vice president of customer solutions at Skyhigh Networks.
By Priyanka Ketkar and Kelly Stewart, Editors
Early adopters of Apple iOS 11 are unable to send Microsoft-provided email using the native Mail app.
Apple and Microsoft both issued statements yesterday, the official launch date of the new operating system, acknowledging the iOS 11 Mail app problem. It affects Outlook.com, Office 365 and Exchange 2016 running on Windows Server 2016. Many businesses rely on Exchange and Office 365 for email.
In its statement, Apple said it is working with Microsoft to fix the iOS 11 email problem in an upcoming software update. The issue occurs because the operating system does not successfully create an HTTP/2 Transport Layer Security connection, which prohibits outgoing email from being delivered, according to The Essential Exchange blog.
Many users expressed outrage on a Reddit thread about the issue, especially amidst reports that Apple knew — or at least should have known — about it dating back to July, when beta testers first ran into problems sending Microsoft email through the iOS 11 Mail app.
Microsoft’s statement went so far as to state that the iOS 11 Mail app is not compatible with Outlook.com, Office 365 or Exchange 2016 on Windows Server 2016. The company offered two different workarounds: users can download its Outlook iOS app, which is compatible with these services, or IT administrators can disable HTTP/2 in Windows Server 2016 to fix the problem with Exchange 2016 accounts.
Once you got past the fawning over Steve Jobs and the comical rebranding of retail stores, yesterday’s Apple Event had some news with important IT implications.
Apple unveiled the Apple Watch 3, its first smartwatch with LTE connectivity. And the new iPhone X — the X is pronounced 10 for some reason — comes with Face ID, which lets users unlock the device with facial recognition technology. IT pros who manage and secure Apple devices should pay attention to both developments.
More Apple Watch 3 enterprise management needed
Previous Apple Watch models relied on a Bluetooth connection to an iPhone for most of their functionality. (The Apple Watch 2 can make and receive calls and use iMessage and some third-party apps without an iPhone, but these tasks require Wi-Fi. And without an iPhone, the watch can only connect to Wi-Fi networks it has previously joined, so its usefulness is limited.)
Because of the Apple Watch’s dependence on the iPhone, IT hasn’t had to do much additional management and security work. Admins can outright prohibit a corporate-owned iPhone in Supervised Mode from pairing with an Apple Watch through the iOS mobile device management (MDM) APIs. Otherwise, if a user can get corporate email through their iPhone’s native Mail app, they can get it on their Apple Watch too. Conversely, if IT enforces a certain policy on an iPhone app, and the Apple Watch version of that app requires an iPhone connection, the same policy will effectively apply there as well.
That could all change. Although it’s not clear yet how exactly Apple Watch 3 enterprise management will work, LTE connectivity eliminates the iPhone requirement, which could make the smartwatch an entirely new device that IT has to manage and secure. It wouldn’t be an immediate problem for most organizations, because enterprise use cases for smartwatches are still emerging, but there could be an uptick in simple user requests for things like email access.
Additionally, the major U.S. carriers will charge $10 a month to add an Apple Watch 3 to existing data plans. That could be an issue for organizations that pay for employees’ devices and data, as Jack Madden of BrianMadden.com pointed out.
Face ID enterprise security concerns emerge
Face ID is Apple’s latest biometric authentication feature, following in the footsteps of Touch ID, which allows users to unlock their iPhones and iPads (and log in to some apps) through a fingerprint sensor on the home button. The iPhone X doesn’t have a home button — it’s all screen, except for a weird notch at the top — so it instead relies on facial recognition technology.
As with Touch ID, Face ID isn’t meant to replace passwords, but it can be a convenient second factor for two-factor authentication. Some users and IT professionals have security and privacy concerns about biometrics in general, and facial recognition opens up a whole new can of worms.
“Unlike a passcode, your face can’t easily change,” Andy Greenberg wrote in Wired. “If someone does find a way to spoof it … they can spoof it forever.”
Twitter parody account PHP CEO came up with a funny way to address that problem:
DUE TO COMPANY PASSWORD POLICY WE WILL BE REQUIRING ALL STAFF WHO GET THE NEW IPHONE TO HAVE THEIR FACE SURGICALLY ALTERED EVERY 90 DAYS
— PHP CEO (@PHP_CEO) September 12, 2017
For a less drastic solution, IT should keep an eye on the MDM capabilities in the iPhone X. Admins can disable Touch ID through MDM, so it wouldn’t be a surprise if that’s possible for Face ID as well.
SAN DIEGO — Not that long ago, many people in IT weren’t familiar with the term end-user computing — despite the fact that delivering technical resources to end users and customers is essentially the main purpose of the IT department. But that’s all changing.
Historically, IT tended to focus on back-end infrastructure. Challenges around server scalability, storage capacity and network latency consumed the minds of IT pros. The user experience (UX) those systems delivered was often an afterthought. Today, end-user computing (EUC) is coming to the forefront as digital transformation trends sweep through many companies. It’s also transforming the way IT pros do their jobs.
The roles of attendees here at the Gartner Catalyst conference ranged from systems administrators to cloud architects to traditional desktop admins who’ve now embraced mobile. Many of them told me their jobs have evolved to require more attention on UX. An information services architect said his investment firm is even training users on low-code application development tools to let them create the apps they need themselves.
This is all happening because cloud computing, virtualization and software-defined architectures are solving the infrastructure problems of the past, said Danny Brian, vice president and analyst at Gartner, in the keynote Monday. As a result, IT pros from all backgrounds need to understand EUC, especially with the emergence of shadow IT and citizen technologists.
“A practitioner of IT must become far broader, because people who aren’t in our profession are becoming more technical and capable and coming up with solutions that work for them on their own,” said Mindy Cancila, research vice president at Gartner, during the keynote.
The two speakers shared these keys for IT pros to keep in mind as digital transformation trends force their roles to evolve:
Organizations must build front-end apps and their underlying infrastructure more precisely than the oft-overprovisioned systems of the past, Brian said. Traditionally, IT would plan the back end for peak capacity and provision resources that the app didn’t use, which was inefficient and costly.
IT must now create more specific, targeted apps that address one business problem, rather than delivering huge applications that tackle too much at once.
“Can you deliver solutions instantaneously at the moment they’re needed?” Brian said. “Do your apps and services have the proper granularity to them? Are you solving the right precise problems to begin with?”
Organizations should be able to dump resources they don’t need and shift quickly to handle new requirements and respond to emerging technologies, Brian said. This approach helps avoid unnecessary risk.
“What is the cost to migrate away from every solution you own today?” Cancila said. “Does every solution have an easy way to export all of the data it’s collecting?”
Disposability is particularly critical as IT begins to support more types of endpoints and adopt software, such as workspace management, that condenses multiple systems into single consoles.
Machine learning tools and digital assistants contribute to the trends of automation and of systems and users making their own decisions, and IT should embrace that, Cancila said.
“We have to build systems to empower people and empower machines to be more independent,” she said.
Despite these digital transformation trends, it’s important to remember that IT pros will always play a role in EUC. Admins will have to manage the tools that glean machine learning data, and developers will have to create applications that present that data in a way that makes sense.
“The more machines can anticipate what we need, the simpler the interfaces should become,” Brian said. “Are you buying tools … that solve problems, not create them?”
There was a lot of hype surrounding the Apple Watch upon its 2014 launch, but the excitement waned as experts questioned its usefulness and heavy reliance on a nearby iPhone.
Three years ago, many media outlets took the angle of the Apple Watch being the company’s first completely new product category under CEO Tim Cook, saying its success would validate his place at the head of the company. Some analysts believed the smartwatch would eventually surpass the success of the iPad, which had just reached 200 million units sold.
But at the same time, a friend of mine in the IT industry said something that I’ve never heard a good rebuttal for: “For $350, why don’t I just stick my hand in my pocket and pull out my phone?”
And for the last three years, he’s been right. Newer models of the Apple Watch have come down in price, but its reliance on the user’s iPhone — which must be in close proximity to the watch to get cellular connectivity — still hinders its practicality and convenience. Unless your Apple Watch is connected to Wi-Fi, you need your iPhone nearby for anything that requires an internet connection, including checking messages, emails and receiving other notifications. Why not just use your phone and save the money?
Apple plans to address this issue this fall when it gives the Apple Watch LTE connectivity by putting Intel LTE modems in the smartwatches, according to Bloomberg. By removing a reason for people not to buy the device, Apple Watch LTE connectivity could boost adoption.
“This will inspire another wave of people getting excited about smartwatches,” said Patrick Moorhead, president and principal analyst of research firm Moor Insights and Strategy in Austin, Texas.
Some competing smartwatches already have LTE connectivity, including the Samsung Gear S and the LG Watch Urbane Second Edition. These products haven’t taken over the smartwatch market, but Apple’s uncanny ability to draw users to capabilities that competitors already have should be no different here.
For IT departments, this means employees will bring in more internet-connected devices, which means more endpoints for data to get out of IT’s umbrella of control.
“IT people should be aware of it just like they should be aware of anything that has LTE today,” Moorhead said. “They don’t need to be on your network.”
There is still a good amount of questions that users need answered.
Aside from making calls, will the watch be able to do everything the phone can do completely on its own?
Will users have to pay for a separate data plan for the watch? That could sway people away from buying it, depending on the cost.
How much battery life will LTE connection guzzle up? Battery life is already a sensitive topic when it comes to the device, so this could be a big issue.
Will Apple make the watches larger to fit bigger batteries inside? There are people who wouldn’t mind larger watches, as long as they’re not too clunky.
Apple will need time to get the LTE experience right, Moorhead said.
“I don’t think the first implementation will be perfect,” he said. “But it’ll be an important move for down the road.”