The official hub of The Enterprise Mobility Foundation
Want more than just blog posts? Login or Sign up for a free acount and get research, videos, slide decks and more! Join the online social network for Enterprise Mobility.

Could A Container Become Mobile Application Management 2.0?

OK, today’s missive is going to be rather theoretical and pensive…perhaps even more of a rhetorical question.  As the world of enterprise mobility continues to evolve at its frenetic pace, the conversations are shifting from one centered on mobile device management to one more centered on mobile application management (and ultimately to mobile information management and mobile risk management).  Mobile application management is a wonderfully necessary thing.  Heck, we’ve been talking about the matter for years here.  I was recently having a conversation regarding mobile application management that had me thinking about the use cases for MAM.

The overwhelming majority of the conversations that I have been a part of around mobile application management have been focused on two primary scenarios.  The first scenario is the most obvious one….deploying and managing mobile applications to the white collar workforce onto their mobile devices, regardless of who purchased or owns the device (hence why I say that BYOD is not the core issue around MAM).  The second “obvious” scenario comes when a tablet is being used in a kiosk environment.  The device is locked down (literally) and is used exclusively for one task and one task only.  You still need the MAM solution so that you can deploy and update the application as need be, but the bottom line is that it has one specific use case.

So the two scenarios are focused on a specific user, or a specific use case.  What if the mobile device were used for multiple use cases by multiple users with multiple roles?  Think of it as a new use case for blue or grey collar workers.  How does that work?

I’ll argue it’s a different flavor of mobile application management, but one that has a unique twist because of the fact that the various users may potentially have various roles that will be predicated on whatever directory services group they may be a part of.  Heck, the users may not even be full time employees.  I feel like it’s turning into a N-factorial model for mobility management (read: very complicated).

So in theory, you would want to have a way to authenticate the user and then provide them the applications that are tailored to their needs and then when another user signs in to that device, they may have different apps or different levels of access to corporate data in that same app.  Applications get installed and removed as need be…multiple times a day.  See where this is going and the ensuing complexity?

Hmmm…so does this almost require some sort of “container” model where you log in to an app or persona, and whether via something a la VDI or RDC, you get the applications and access to the data that was tailored for your credentials (and hopefully needs).  It’s almost like the Windows for Workgroups or original NT model where you had your desktop at any corporate terminal that you logged in to.  Wasn’t that hence the grandfather of (mobile) application and information management?

Funny how the more things change, the more they stay the same….

Feel free to tell me I am completely off my rocker or that I have completely misunderstood what mobile application management is all about.  Feedback is always welcome.

14 Comments

  1. Posted June 12, 2012 at 13:36 | Permalink

    You are secured to the rocker – thanks for posting. I’d add a third category – company owned device with customer facing apps. Retail would be the likely scenario where a consumer can leverage a “kiosk” type device to access & customize products or services. Secure data access is critical but user experience and continuous service quality are just as critical when the apps performance is tied to business revenue. Just a thought..

    Thumb up 0 Thumb down 0

  2. Posted June 12, 2012 at 19:06 | Permalink

    I think you are headed in the right direction. The portability of mobile devices drives this issue to the forefront. In the past you would have never seen a desktop ‘laying around’ – whereas it is very common with tablet devices. This makes multi-tenant use-cases not only possible, but likely. As you suggest, this would require a form of role-based interaction. I think the container model is a good fit for this. It isolates functionality and data to the right level. One challenge with role-based management is limiting the number of roles for administrative headache purpose. But I would imagine that a shared scenario would only involve a few roles and not the entire role structure of an organization. Are there no MAM solutions that currently allow for multi-tenant scenarios on a single device?

    Thumb up 1 Thumb down 0

    • Posted June 12, 2012 at 19:12 | Permalink

      Well, like I said, I’m not sure that an existing mobile application management solution can handle this (albeit currently rare) scenario. That said, the more I think about it, the more I think it is MAM 2.0…but one predicated on mimicking the WfW model of logging in and getting your personalized environment. So, again, my question is, is VDI/RDC MAM 2.0? (pardon the acronym cornucopia).

      Thumb up 0 Thumb down 0

  3. Posted June 13, 2012 at 00:39 | Permalink

    Containerization seems to be gaining momentum. This is not the “enterproid” kind of containerization, where you has business apps on one section, while normal apps reside on another. The current trend is to have each app act like a container. So when you start the app, it asks you for credentials, what the app can do (copy paste, print etc) is governed by the enterprise policy. This is far better policy as compared to MDM. Here what you are telling your employees is that, we dont care what you do on your device, but when you use enterprise app, these are the rules that apply. This makes a lot of sense !!

    Thumb up 0 Thumb down 0

    • Posted June 13, 2012 at 07:03 | Permalink

      Praful, I would argue that something similar to the Enterproid model could be ideal for the situation I described. Imagine as opposed to pressing a button to switch, that you press the button and it requires authentication….and then it downloads whatever apps/data you need.

      Philippe

      Thumb up 0 Thumb down 0

      • Posted June 15, 2012 at 07:16 | Permalink

        The only issue with Enterproid is that you have walls between two set of apps, you enterprise apps wont be seen when you are in the personal mode and vice versa.
        Even on a office laptop / pc, we do have facebook open some time along with other apps, so there is no switching, depending on when i want to take a break, i tab to the facebook page.
        It will be important to have a similar experience on devices used by enterprise users.

        Thumb up 0 Thumb down 0

  4. Posted June 13, 2012 at 04:20 | Permalink

    Well said.. we are on future path…

    Containerized apps at present (now to be precise:)) have a bigger scope beyond the application management( ie app download, patch, black-white list, app removal, to an extent the config management of app also). Containers provide primarily a secure access to the enterprise (in short they give a “rapid” vpn tunnel to enterprise). The benefit of container is by and large thought as a unified receiver/agent to enforce user-device-app management policies, ie apply all policies on a container, it gets applied to all apps in container.

    What we are discussing is more of context and persona management of mobile , where the management tier detects the persona and pushes the policies. This includes access to a different set apps, different set of privilege for device , and restrictions (ofcourse)… I have seen this implemented in a mix of 2 ways – 1. Within the app itself (a multi actor app consideration – use case mask/unmask, data access mask/unmask, operation mask/unmask, data-config-context refresh/reset etc ) and 2. With MDM tier based on user/user groups associated with the enterprise enrolment( mobile will have to re-enrol, this is not so usability friendly but there ways to make it pseudo seamless.)

    A robotic container that can detect context and align the device to persona is where exactly industry is heading. It can get solved by containers, hypervisors, vdis today if the 1.4GHz Quad Core Processors and OS single application process resource availability within the device is rich enough.

    Great thoughts.. let us hope it takes only weeks , in worse case months…

    Thumb up 0 Thumb down 0

    • Posted June 13, 2012 at 07:04 | Permalink

      But Kumar, is this persona management or just (mobile) information management?

      Thumb up 0 Thumb down 0

      • Posted June 13, 2012 at 11:06 | Permalink

        -Persona is different – It is kind of futuristic but folks are working now, I start with an industry scenario -

        Social CRM is the currently happening with Leading cloud CRM players, we see very very interesting acquisitions… so what it brings to all of us is adding Enterprise Information with “Persona” as “Context,Connexions etc “…So with Mobility , apps reaches to next level. So when we change persona @ device – traditional model of “information management happens”, + we get Internal Enterprise connexions and External Social connexions “based on user persona”.Ie For an App context beyond the “traditional” plain vanilla use case we get 2 key things, 1. enterprise connexions – can add expert opinions, reference to a past workflow etc, more dimensions that add value to business solution, 2. social connexions – the public shared opinions, product vendor updates, software updates, loyalty levels, ratings etc (+ve and -ve). With 1 & 2 , we just enriched the way we solve problems with additional , accurate internal and external data points.

        I hope I have not confused. We are getting into absolute interesting unexplored areas of solving business problems, if we can visualize the benefits. However there are opinions “with” and “against” based on the perspectives, we all respect that. With EMF I am sure we should be able to crystallize these thoughts better..

        Thumb up 0 Thumb down 0

  5. Posted June 13, 2012 at 07:15 | Permalink

    Why worry about delivering the apps in real time to the device? Whether the app is on the device or not doesnt matter if it doesnt have the necessary security tokens to use against the corresponding APIs. Instead of provisioning a set of apps each and every time – deliver in real time a set of (OAuth) tokens appropriate to the current user’s roles/permissions. If the given user isn’t authorized to use an app, you simply don’t provide a token for that app. When the next user shows up, you wipe/revoke the previous set of tokens and issue a new set – also appropriate to that user’s authorizations.

    Does presume you can build UI dynamically – we are doing some work with Enterproid around just this .

    paul

    Thumb up 0 Thumb down 0

  6. Posted June 13, 2012 at 10:40 | Permalink

    The idea of a dedicated device now seems retro — but makes sense if its devoted to the right app. I was just at a new restaurant that opened in my neighborhood and they were accepting credit cards thanks to an iPad equipped with a CC reader. The server walked right up to the table and presented the bill onscreen. Swipe and done. Too much gun for such a simple task? Perhaps, but people drive SUVs equipped with Safari package upgrades all the time — and you never know when the rhinos will charge.

    Thumb up 0 Thumb down 0

  7. Posted June 15, 2012 at 14:12 | Permalink

    Great comments so far. This is my first time posting on this forum and I look forward to becoming more active.
    Ironically, the secure container model is something that we have built and is in private beta right now (www.DigitalBackpack.co). With a mix of BYOD and specific applications that exist in the market it is forums like this that really showcase the innovation of what is going on in the market.
    How do you see this approach working for education?

    Thumb up 0 Thumb down 0

  8. Posted June 19, 2012 at 12:31 | Permalink

    You’re not off your rocker and we agree with you fully. That’s why we built a container strategy like you mention into the latest version of PointSync Professional, our enterprise mobile platform. We have been in mobility since 2000 and have seen so many times where devices need to be shared and the emergence of BYOD. Our containers are available free from the various app markets (Apple, Android and BlackBerry) and download apps directly to the users device based on their log in credentials. And, if the administrator revokes your access to an app, that app gets removed. BYOD, HTML single source apps, powerful sync tools, enterprise capabilities… We’re trying to provide a powerful set of tools for the mobile enterprise. Great topic!

    Thumb up 0 Thumb down 0

Post a Comment

You must be logged in to post a comment.