Carriers have been quite adept at adjusting their product/service mix to remain relevant through several mobile booms – this current one is no different. These vendors took the “dumb pipe” moniker to heart and recognized that they needed to make changes to remain relevant. As a consequence, we’ve seen carriers augment their professional services and cloud capabilities, developer communities, and aggressively partner with mobile-first ISVs, M2M vendors (and others in the mobile ecosystem) all in order to ensure their long-term sustainability in the market. Handset OEMs face a similar fate in the rapidly moving mobile market, and must also make adjustments to ensure they retain their own relevance. While the latest smartphones and tablets are indeed sophisticated pieces of equipment, the pace of commoditization is quickening, as component prices continue to fall and new vendors continue to enter the market. Moving forward, I see the “business” strategies of these vendors as being critical for long-term viability, as the opportunity to mobilize the enterprise is just beginning to be scratched.
The innovations occurring “device-side” are impressive, and are continuing at a rapid pace, but I see the work happening on the embedded security primitives and OS elements of upcoming devices as increasingly important, and where differentiation is most likely to occur. Today’s modern devices have the speed and storage capacity we require, and new form factors continue to emerge to cater to consumer preferences. The recent OS refreshes by the primary mobile platform providers show clear evidence that a key area of focus is on enhancing the security mechanisms of their respective platforms, to better position themselves for the enterprise. This trend has these vendors augmenting their device-side encryption and VPN clients, adding APIs and improving sandbox and containerization capabilities; and has OEMs committed to Android leveraging SE Android to further harden the security posture of their devices. What is most impressive is the adeptness employed to “hide” these important security features which are requisite for CIOs when considering these devices for their deployment environments.
Mobile-First ISVs are Beholden to Handset OEMs
Mobile-first ISVs know that they are beholden to OS refresh cycles of handset OEMs, as they must make adjustments to their products and work with / try to take advantage of new APIs with each successive release – they just can’t complain too loudly about it. This is a pain point that can be costly in terms of resources, as they must contend with the elements of these releases which simply just don’t work. Essentially, they — along with enterprise-oriented developers — are a free QA team for the handset OEM (in Apple and BlackBerry’s case at least). A recent example is Apple’s iOS7 release, which features per-app VPN functionality: this feature didn’t work properly until a very recent update, and had many vendors struggling mightily to get their software to take advantage of the function. Mobile-first ISVs are continuing to innovate but are likely to see their ability to differentiate become increasingly difficult, as handset OEMs sharpen their focus on the enterprise and incorporate features around app management and containerization. This will make partnership strategies increasingly important and will be a key battleground.
Handset OEMs get that they must appeal to consumers while making their devices “IT friendly” for enterprise use. To the credit of these vendors, they have made great strides. This can be evidenced by the expanding mobile deployments at large corporations and in federal markets, where agencies such as the Defense Information Systems Agency (DISA) have authorized Apple’s iOS6, Samsung’s Galaxy S4, and BlackBerry’s Z10/Q10 devices. This proves that large scale deployments of consumer-grade mobile devices are viable if the devices are complemented with the appropriate third party software. However, moving forward, I see these vendors facing difficult challenges related to privacy and government regulation. Entities such as the FTC have shown that they are serious about privacy (see FTC vs. HTC America Inc. for details) and other legal issues associated with the collection of potentially sensitive corporate and personal data on platforms such as Apple’s iOS and Google’s Android. Apple’s Apple Push Notification service (APNs) and Google’s Google Cloud Management (GCM) are services which are requisite for third party solutions, such as those being provided to the market by EMM vendors. The problem is that little is known about the calls that these protocols are making — this won’t fly in certain corporate settings.
These topics are top of mind, and will be expounded upon in our upcoming EMM Report (publishing later this month).