Mad Dog 21/21: All’s Well That Ends Well
March 17, 2014 Hesh Wiener
In February, Oracle became just about the last enterprise computing heavyweight to get into mobile device management (MDM). Oracle’s entry came by way of its acquisition last year of Bitzer Mobile, a company with technologies to sequester data and applications on mobile clients. Oracle’s strategic effort to support sensor-laden smart clients amounts to a major reversal.
Historically, Oracle touted, to little avail, thin, insensate clients, as did its sinking Sun. Oracle will undoubtedly find that the MDM business is incredibly demanding and viciously competitive. It’s not just Oracle. MDM is tough for every player, including IBM.
One reason cracking the MDM market is proving so difficult for the vendors of device management software and services is that there isn’t a consensus defining just what MDM should do. Every outfit in the field knows its offering has to help protect client devices from malware and enable remote control in the event a device is lost or stolen. But after that there are dozens of things various MDM software products and services do, ostensibly for the benefit of companies whose employees are using smartphones and tablets.
For starters, there isn’t agreement in the industry regarding what MDM functions are really essential. One reason may be that some of the players, hoping to pump up MDM into a major business, seem to be throwing a lot of ideas at the MDM wall and watching to see what sticks. This process of MDM vendors’ casting aboutâ€”adding, removing and changing aspects of their offerings–is likely to continue for a while. The result, for now, is that enterprise IT vendors moving into MDM, notably IBM with its MobileFirst collection of products and services, can say their offerings are comprehensive. But what a vendor’s marketing folk call comprehensive, customers may call overwhelming. It’s not just the vendors who don’t seem to know quite what to offer. Their customers don’t know what to ask for, and they cannot simply take vendors’ words for what constitutes the right kind of MDM for their particular situation.
It’s a state of confusion resembling that depicted by William Shakespeare in All’s Well That Ends Well. In that five-act play Bertram, the central character, becomes an unfaithful lover of Helena, who adores him, as his career evolves through one episode after another. In an effort to control Bertram, Helena undertakes a number of tricks and deceptions. In the end, both put aside their unseemly behavior and agree to settle as a couple. The happy ending is brought about through the intervention of outside forces: The king urges the pair to come to terms and even turns to the audience to garner their approval and support.
The MDM story so far is far from over. If Shakespeare told it, it would be in the third act, with events building toward a peak. MDM is far from a mature concept, although it seems to be heading that way. The vendors, like Bertram, are each seeking glory, as Bertram sought military victory for his king and himself. But they don’t seem to have a clear idea what to do with any victory they might achieve, and, like Bertram, they seem to have lost track of a primary and lasting value: the resilient relationship a vendor of protective software must establish with clients.
While Elizabethan audiences and their successors over the centuries knew from the outset that the play they enjoyed would end in a resolution, a happy one if a comedy, a grim one if a tragedy, the IT business doesn’t always deliver events in neat bundles.
So far, this has been the case for the widely used ancestors, of MDM, end point software for PCs. In pretty much every business and in a majority of homes, users equip their computers with antivirus software or more elaborate security programs. But just because these packages are widely used, it might be going a step too far to say they are popular. Many corporate and individual users view security software as a necessary evil. The most positive widespread view of endpoint security code is that it is a necessary minor annoyance. Users correctly imagine disaster would strike, and quickly, too, if their security software failed. So they are happy to have a means by which they can (usually) avoid catastrophe. Besides, it’s affordable.
Affordability is a big factor in the PC antivirus market. It will be even more of a force in the MDM world because, far more than is the case in PC country, mobile devices generally rack up data communications costs that PCs, on all-you-can-eat wired networks do not. A single system endpoint package updater downloaded from a typical vendor’s site, typically runs 100 to 200 megabytes in size (for an example you can check the Kaspersky web or the update page for Microsoft Security Essentials). Many PC security systems don’t do big updates once a day; instead they do small updates many times a day.
For a quick look at the costs, the old fashioned daily dose provides a convenient starting point. At 200 megs a day, 30 daily updates for a package that has bulky updates might total 6Gb a month; for slimmer packages the total could be half that or a bit less. PC users with fast Internet service can grab an extra 3 to 6 GB of data a month with no impact on their costs. These downloads can be done very quickly in the background, too, so it would have no impact on services. In other words, in the case of typical individual or corporate PCs, the data pulled down by security software does not have an impact on total running costs.
Mobile PCs, however, present a very different case. Security software on a laptop PC connected to a wireless data service can run up data service bills that exceed the cost of the endpoint security package. Wireless data usually costs $5 to $10 per gigabyte. If MDM security software for a smartphone or tablet, which does a bunch of things in addition to scanning incoming data for malware, uses even more data, a mobile user with both a smartphone and a tablet could run up some very large bills. In addition to data usage bills from a carrier, mobile devices examining apps, messages, web pages and other content also use another thing that is in short supply: battery power.
Just as PCs generally don’t boost bills for data connectivity, they don’t use scarce resources when their protective apps scan an email or spreadsheet to check for malware. The situation is very different in the case of phones. The juice used to provide security may be enough to discharge the battery, forcing a shutdown or compelling the user to make an inconvenient search for recharging power. Moreover, this battery drain might not correspond only to overt activity on the part of the user, to surfing the web or downloading documents. It might arise as the user’s phone and tablet respond to location tracking queries from cloud-based or glass house-based MDM servers. Geolocation forces a mobile device to turn on a GPS radio and to examine local network connections in search of location data, to subsequently process the data and then converse with the remote host requesting an update.
To succeed, MDM companies have to find ways to delivery security services that don’t use a lot of data or power. In some cases this will mean doing work in the cloud that, in the world of PCs security, is done on the client device or on a security server in the corporate data center. In some cases it may mean postponing or slowing some MDM activities if a device’s battery is running low. Moreover, the financial picture is no clearer than the technical one.
It is still too early to say what the market is willing to pay for MDM. Should it be a couple dollars per client per month or ten? Will suppliers of MDM products and services be clear about the data requirements of their offerings? Will it turn out that most of the work done by MDM products will be performed in the glass house or in the cloud rather than on the device? Will the MDM vendor offer a free client app and some free services to entice users to adopt a particular protective regime?
The corporate market might take some clues about pricing from the personal segment. Individuals who want premium security software for their smartphones and tablets buy products that can cost $30 per year or more. But the pricing can be complicated. For instance, Lookout, one popular app, comes in a free and a paid version. The paid app license covers two devices; it is aimed at people with one smartphone and one tablet. The free version of Lookout provides a subset of the features on the paid version. Lookout gives away that no-cost version of its app to increase market visibility and to prevent rivals from getting their noses under the tent.
Lookout’s high visibility, more a consequence of the popularity of its free app than the market penetration of its paid app, have enabled it to hold its own against the giants of PC security, Norton and McAfee, both of which sell mobile security apps.
Nevertheless, none of the enterprise MDM providers has yet come around to the realization that offering a top notch free gateway to cloud-based or glass house-based MDM back ends, an app made as light and conservative of data usage and battery pep as possible, might be a killer tactic. But the vendors of enterprise MDM products and services don’t seem to have learned much from their cousins in the market for individual mobile security products. While corporate IT departments may feel their systems and data are of paramount importance, they may fail to appreciate that their end users, the owners of the smartphones and tablets they want to support, are pretty protective when it comes to the personal private data stored in their gadgets. Even without additional security apps, smartphones and tablets have features that help their owners cope with common threats. For instance, all current and recent iOS and Android devices enable remote wiping of data on a lost or stolen phone. Similarly, all these devices have software that makes it easy to locate a phone or tablet usually with pinpoint accuracy. Features like these were once part of third party apps, some of them paid apps, but now that they are built into mobile device ecosystems, they cannot be sold as value added services in MDM apps.
A similar situation has emerged in another aspect of MDM, device supervision. Current and recent versions of the various mobile operating systems, such as iOS, Android and Kindle OS, include at least two levels of management: a supervisory or parental level, with control over the device and subsidiary users, and a secondary or children’s level. In general, a supervisor can set limits on a subsidiary users’ access to apps, external features (such as websites) and device functionality. As all the device vendors enrich their supervisor/subsidiary (or parent/child) management offerings, the only value add MDM vendors might be able to provide would be a set of tools to help organize permissions for various employees.
But it is unclear just what usage restrictions a company can actually impose on devices owned by employees. Nobody will want to use a corporate MDM service that chokes off their phone or tablet. And apps that seem excessively intrusive might not go over well, either. It is possible, for example, using the powerful MDM technology offered by IBM, to block a user’s smartphone or tablet access to personal email and the Internet while that user is located inside a particular corporate building. Some employees might tolerate that kind of control. Others would end up finding a workaround, such as disabling the corporate MDM app or carrying an additional personal communications device.
Just as a mobile device in an MDM regime must be managed on a tight data budget, cost budget and battery budget, it must also be managed on a carefully thought out intrusiveness budget. Just how companies that are trying to support good BYOD practices will find the right balance in these dimensions and others remains to be seen. The only thing that seems pretty clear is that MDM vendors, their corporate clients and the clients’ employees have to start talking honestly and openly about their goals, their means and their limitations.
That was the basis of the rapprochement between Bertram and Helena that the king brokered, with some help from the theatre audience, in Shakespeare’s little play. It worked pretty well four hundred years ago. It might work as well today.