Security and management in the mobility space, at least since the dawn of the iPhone, has always had a “figuring it out as we go along” quality to it. So far we’ve gotten away with it; even though the potential for significant security breaches via mobile devices has always been there, and even though compliance with best practices in mobility is a rare thing, I’ve seen no evidence that they are a significant source of actual breaches. The real problems are what they always have been: SQL injection, weak passwords, social engineering, etc.
In the meantime, the market for products to manage and secure mobile devices has been maturing. Of course management and security should be closely-intertwined, if not run by the same products. That can be difficult when the major products don’t include more than trivial management capabilities and very little is compatible cross-platform.
This has created an opening for third parties, and those third parties have flooded into that opening. Several large and important companies have emerged, such as AirWatch, Good and MobileIron. They have all been on acquisition sprees and are attempting to fill out the gaps in their management capabilities.
But there are many, many smaller companies, and some of them have clever people and useful solutions. The only road open to them – short of getting bought by some larger mobility company – is to start to form alliances with each other to create more useful and complete solutions. An example of this came about recently when Notify Technology and MobileOps agreed to create WorkSecure, a combination of their products complete enough to compete at a high level. Appthority, Boxtone, Appcelerator, Apperian, and Happtique have all made similar moves.
No doubt, when large companies evaluate mobile security solutions, or any product, a big part of it is counting the checkboxes that matter to them. WorkSecure checks a lot of boxes. This has a better chance of getting them in the door when Faceless National Bank conducts their bake-off of mobility solutions.
In the bigger picture, there are two solutions to the lack of standards, assuming you see it as a problem: agreed-upon standards and de-facto standards. There actually is an organization working on industry standards in this space: The Open Mobile Alliance (OMA). They have some backing from Microsoft in Windows 8.1 and RIM is also a member, as are most of the major carriers and many large Android OEMs (including Samsung), but neither Apple nor Google are.
I see more of a future for de-facto standards. Apple has begun to include MAM (Mobile Application Management) capabilities iOS with version 7. RIM (for what it’s worth) already includes these features in BES 10, and attempts to do what they can with iOS and Android. Samsung is attempting some of the same with their SAFE initiative. I haven’t heard that Samsung or RIM are going to conform to OMA in their products or share their technology with the Alliance.
But clearly Apple, Samsung and RIM are on to something. The basics of security and management, if not the more cutting edge stuff, should be in the operating system. It would be better and more logical for them all to agree on some standard interfaces for it, but sadly that seems to be limited to the basic MDM API created by RIM back when they were the pretty much the whole smartphone market.
And allow me a moment here to express disappointment with Microsoft. Even though it’s good they seem to be on the OMA bandwagon, their own mobile products (other than Windows 8 on tablets) have only the crudest management capabilities, and their management tools are uninspiring. I expected more from them.
So even if a certain amount of basic security becomes included with the product it appears that the overall market will still be a mess, and that should leave open plenty of opportunities for competitors, large and small. I don’t see any consolidation happening sufficient enough to lead the overall market in one clear direction.
If you’re a buyer, this means that you should have an increasing selection of options, from large and small companies, that can provide workable solutions. It won’t, however, translate into that one safe choice you can make. You still have a lot of work to do, figuring out which works best for your organization’s needs.
Larry J Seltzer 