by Phillip Redman | May 17, 2013 | Comments Off on Order From Chaos: Creating A Standard For Mobile App Management And Secuity
If there’s one thing the mobile industry is known for is standards. There’s a lot of them. In networking technology you have multiple Wi-Fi standards in use, 80.211 a, b, g, n, ac. In wide area wireless there are GSM, CDMA, WCDMA, LTE. And for mobile OSes you have iOS, Android, QNX, Windows Phone, et al. The problem for mobile OSes is there are too many standards–and none that have the weight in the market to become de facto (as driven by adopters) like what happened in the PC world when it was Microsoft vs. IBM (who won that one?? ). When enterprises could dictate their own individual standards, this wasn’t an issue. But in today’s world of BYOD, this is only getting worse, especially when it comes to mobile software and app management. Each mobile platform has its own app SDK and with consumerization, very little thought has gone into securing and managing these consumer apps for enterprise users. But as enterprise users adopt these apps for work, this needs to change.
I covered some of the strategies for implementing app management and security in my January research note on containerization. Using one method, where there is a proprietary SDK from the multitude of MDM vendors, what we call app specific has been around for a couple years now. But at best only 40-50 apps have been developed this way. The problem is the management SDK is proprietary to each vendor so a management tool can only support its specific (hence app specific) app. Plus pre-existing apps need to be rewritten. Most app developers have held off of committing because of this. Another method is to wrap the app, but getting access to the binary, especially for third-party apps found on public app stores is difficult–and still proprietary to the application wrapper for management. What’s needed is some type of standard that app developers could use, that all MDM and app management vendors could integrate into. Of course that would mean getting all those vendors to agree on one method–probably some type of open source mobile app management SDK. Then these vendors could compete on managing and securing apps, not on wooing app developers to use their standard. Another method would be to use app wrapping, but seperate the admin functions and APIs from the wrapping technology itself. This does have the advantage of quickly adapting existing apps without a lot of recoding.
One well known MDM vendor, MobileIron, is beginning to create an open SDK standard it’s calling (for now) the Open App Alliance, which was mentioned last month on brianmadden. It’s hoping to go public with the details in the next few weeks, but the alliance should include some big app providers, app development tool vendors and maybe even some adopter companies at the start. MobileIron would rather compete on its MDM platform than spend the time convincing adopters and developers to use its proprietary app SDK. One thing missing, at least for now, is other MDM vendors. In the end, their buy-in is essential for this to succeed. Maybe if enough adopters and app providers hop on board, this may convince other MDM vendors to head in this direction. Many of the big MDM vendors I talked to around this are interested, but have not committed yet.
It remains to be seen whether this will have the momentum to move forward. There’s a lot of work left to do and not a lot of time to do it, but in my mind, something needs to be done to alleviate the fragmentation of the mobile technology, get apps manageable and secured– and this is at least a step in the right direction.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.