New technologies arise to solve real-world problems, but they usually lead to new problems themselves. This is true of revolutionary technologies, like the harnessing of nuclear energy, as well as evolutionary technologies, like enterprise mobility management (EMM), which is the successor to a suite of 21st century technologies empowering a mobile workforce.
Enterprise mobility challenges must be addressed to advance the field, and EMM is currently transforming to unified endpoint management (UEM), which seems to be the next phase of development. This does not mean, however, that EMM will vanish or that the problems associated with it will magically resolve. This post looks at the various enterprise mobility challenges faced by mobile workforces, in general, to better grasp the direction of development in the space.
The Goal of EMM and Consequent Enterprise Mobility Challenges
The goal of EMM is to encompass all mobility management technologies – including device, software, identity, and information management – into a single, coherent framework. Leveraging synergies found via this integration, EMM aims to improve the security of devices and data while still enabling seamless access to those devices and data. This allows for a collaborative, and therefore fruitful, use of resources.
In addition to access and security, EMM attempts to lower costs for both employees and employers through subsidized, employee-owned device schemes and remote hiring. Personally-owned devices provide a degree of freedom to users, and companies can hire in areas with lower costs of living without forcing long commutes on employees.x
Finally, EMM attempts to ensure privacy and legal compliance, expand the footprint of mobility to include non-traditionally-mobile platforms (like desktops and IoT devices), and encourage adoption of remote work by the overall workforce.
EMM inherits some of the challenges of the underlying management frameworks, and it also creates its own issues as a larger, more comprehensive approach. The enterprise mobility challenges include
- Security and access for a work-anywhere world
- Information and identity management
- Integrating a diversity of platforms and ecosystems
- Adoption by users and lifecycle management
- The need for a 100%-uptime, ubiquitously-networked world
Security, Access, and Complexity
Security and access are the two most difficult enterprise mobility challenges. Traditional security measures for in-office data containment were easier to monitor and implement, but with the demand to access sensitive data outside the workplace, remote access has become one of the main challenges for security-conscious organizations.
Whenever sensitive content moves across wires or airwaves outside controlled corporate locations, many attack vectors are opened up. Man-in-the-middle attacks, false servers and hotspots, and poor encryption implementations are just a couple of examples. For small and medium enterprises (SMEs), and even some large corporations, security is often an afterthought to convenient access, while even remote access can be a headache for small firms lacking technical expertise.
Mobile information, identity, application, and device management (MIM, MIM, MAM, MDM), the four components of EMM, all attempt to deal with security and access. So much of EMM concerns security and access because the basis of mobility is precisely external access while security is paramount to protecting secrets, infrastructure, and data. By amalgamating these technologies, EMM inherits the same security and access concerns then increases complexity.
This is evident in the steps for an employee to use a company intranet from outside the organization: ensure the device is uncompromised (MAM, MDM), authenticate the user’s identity (MIM), and protect any information that is downloaded to or processed on the device (the other MIM). The overarching platform focuses on each component and thus becomes very complex, leading SMEs to delay adoption, eventually hurting their own market positions.
One steadfast approach to ensuring security is to ensure devices are updated and to deny access to those that are not. EMM can streamline this process by tracking devices and who is accessing data. Of course, once the data reaches the device, such as a downloaded spreadsheet, information, and application management take over in preventing compromise.
Identity and Information Management Challenges
Contextually-aware identity management offers multiple security benefits, allowing organizations to greatly reduce the likelihood of breaches. Since both employees and employers want free access from anywhere and on any device, though, it can be challenging to unify authentication methods while providing convenience for users.
If a user was logged in with a smartphone over-the-air (OTA) but suddenly also requests access via a laptop connected to an airport hotspot, does the system boot the smartphone, deny the laptop, or allow both? Location data on cell connections may not be provided in real-time, so this poses a challenge. Then, when the same laptop connects to an office hotspot, should strict authentication procedures still be implemented? The employee wants convenient, quick access on any device and expects there to be fewer barriers at the office, and managers want employees to have that quick access to streamline the business.
Once identity is confirmed and access granted, information management becomes paramount. Do the internal corporate servers provide data freely to all devices or must devices be pre-registered to access certain types of data?
Once the data moves to the remote machine, it should not be allowed to simply be copied, and the entire security stack of MDM (for hardware), MAM (for software), and MIM (for the data itself) must robustly protect all valuable assets. How EMM decides to accomplish this will shape the future of the mobility movement.
Ultimately, it all falls back onto secure access: the system must ensure the laptop was not compromised while connected to the airport hotspot, and proper identity authentication can ensure the person requesting the data is actually permitted to access it. If the laptop were compromised, information management would serve as the last defense against leaks.
The Diversity of Platforms and Ecosystems
The core tenet of bring-your-own-device (BYOD) schemes greatly expands the diversity of devices and expands the use cases. One user might bring an older iPhone 7 device while someone else might have a brand-new Galaxy S10 phone, and yet another worker may want to utilize a low-spec, off-brand tablet. These workers may prefer different applications, from the browser to messaging services, or have varied use cases, from simply checking email to complete file manipulation.
The plethora of devices, use cases, and employee preferences can lead to difficulties in platform and ecosystem management, particularly for security reasons but also for the integration of multiple platforms and seamless access.
The necessity of developing for two ecosystems already exists for every mobile developer, and while a third ecosystem is not very likely to burst onto the scene soon, any proprietary piece of corporate software will need to be compatible with a wide range of devices and operating system versions.
Organizations must also track a wide variety of physical devices with different capabilities and security issues. An employee who prefers a 7-year-old smartphone may be excluded from accessing the company intranet because the phone can only support an older, more vulnerable operating system. EMM needs to track this, but the number of combinations of hardware and software can quickly become overwhelming, particularly with Android.
Furthermore, as EMM trends toward integrating non-traditionally-mobile devices, like desktops and IoT devices, the space simply continues to grow. It is certainly possible to use a desktop computer to access a centralized infrastructure, but until recently, desktops were mostly neglected by the mobility movement.
Now, with increasing demand to use any device to access data at any time and in any location, EMM must expect the incorporation of desktop systems as well as IoT devices, even if only for workers to access their office desktops remotely.
At least one attempt to alleviate the explosion of physical devices and ecosystems is to “off-device” all processing to a centralized cloud infrastructure. It is somewhat like the old mainframe concept, where multiple “dumb” terminals simply displayed information while the mainframe did all the processing. Now the mainframe is a cloud server rack populated by containers for every user session, but the basic analogy holds.
In addition to managing security for a world of diversity, older devices may even lose support as companies phase them out, as famously occurred when Microsoft ended support for Windows XP, 12 years after launch and after multiple new operating systems had been released. Not only did this situation cause problems for security, but if a company had not managed software and hardware lifecycles presciently, it could have been left with vulnerable machines and proprietary software that was very expensive to upgrade.
In the modern era, smartphones and other personal device lifecycle management tend to be on short timescales, but management is still necessary. EMM attempts to solve this with device and software tracking, but whether employees adopt these measures is yet another challenge for EMM.
The Adoption Challenge
Adoption encompasses two challenges of a similar nature with two different purposes.
The first challenge is adoption by employees of BYOD and the associated MxMs. Some employees are very resistant to using their personal devices for a variety of reasons, including the perceived loss of privacy and control when MAM and MDM software is installed. Some workers may not trust that employers are not spying on them. Others may not trust employers to refrain from immediately wiping an entire device, including personal data, if any false-positive red flags are raised by device activity.
Moreover, prohibitions on using “rooted” or “jailbroken” devices or certain apps can be difficult for some employees to accept. After all, it is the employee’s device, and they should be free to do as they please with it.
However, allowing insecure devices to access corporate data and infrastructure is usually too risky, particularly for companies that must closely heed legal compliance for security and privacy.
The second adoption challenge applies to enforcing top-down decisions for updates, upgrades, and security. A worker whose device was originally permitted may not want to upgrade to a newer device or software, but that opens a security concern. Strong security measures, such as location tracking or biometric authentication, can also face stiff resistance, especially when unchangeable personal data, like fingerprints, are required. Here, employees may be reluctant to adopt changes after they have already traded off control by adopting MxMs.
The Network Challenge
An important challenge to the entire mobility movement is the maintenance of 100%-uptime, ubiquitous networking. For desktop-based environments or permanent remote workers, a poor internet connection or the total lack thereof in some areas can be the difference between a productive day or an involuntary day off.
Even for workers who live in high-uptime and well-connected places, sometimes a network connection simply is not available. Someone who drove 30 minutes to a café can lose 1.5 hours if the café’s router is down when they get there. With the need to contextualize identity management, the lack of a ubiquitous network is also problematic.
The other dimension of the network challenge lies in high-speed availability. If an employee only wishes to check a text-based internal document, then EMM does not need a high-speed network. But once an organization moves into full-fledged remote work, even small latency problems will magnify wait times and employee frustration will skyrocket.
The network challenge will only grow as higher volumes of work are increasingly performed remotely or in the cloud, and the severity and impacts of outages or slowdowns can only be partially mitigated by the EMM-issuing company. ISPs and other telecoms bear most of the responsibility here. Fortunately, companies can still plan contingencies to curb the most egregious risks.
Virtual Mobility as a Solution for Enterprise Mobility Challenges
Virtual mobility (aka, virtual mobile infrastructure or “VMI”) stands as a possible solution to employee privacy and control concerns, legal and security compliance issues, the diversity of platforms, and the need for work-from-anywhere implementations.
To summarize in a single sentence, VMI is solely a viewing window for remote data and infrastructure that protects the security, simplifies management, and supports almost any device capable of displaying a GUI. The reality is more complex, but this sentence readily demonstrates how VMI could solve some enterprise mobility challenges.
Privacy-conscious employees need only install a single application that cannot control any other application or the device at a hardware level, easing adoption resistance. Regardless of hardware specs, most devices can run an image viewer, thus eliminating at least the physical device diversity problem, especially as EMM moves into UEM and incorporates desktop and IoT environments. Since data never actually moves to the remote device, information protection and management can be entirely handled by the on-site backend. Containerization can be applied to identity management, also shifting much of the burden of that MIM to the backend.
The network challenge is a deeper physical infrastructure problem that simply cannot be eliminated through internet-based technology. You cannot remove the physics of an atom from the production of atomic energy, just as you cannot remove the internet from an internet-based technology.
The Future of EMM
How EMM will progress will shape the work world of the next decade. We are inevitably moving towards a more mobile workforce, a work-from-anywhere culture, and a world in which security can no longer be an afterthought.
Virtual mobility solutions, such as Hypori, may be one key solution in the suite.