Blending virtualization w/ EMM + some software defined security on the side
I had the opportunity to attend AirWatch's Connect event this past week in Atlanta, Georgia. The event was well attended and featured a nice mix of vendors on the show floor that ranged from small innovative mobile-first startups to industry heavies, such as AT&T, CDW, LG, F5, Sprint and Verizon.
As would be expected, AirWatch broke some news at its event:
Here's our takeaways:
Samsung: AirWatch announced an expanded reseller arrangement with Samsung—this is notable, as it shows that Knox is not dead (as some have declared). The two vendors may find opportunities to collaborate through Samsung's enterprise mobility services initiative, which continues to ramp and has a strong industry focus. This formalized partnership also shows that you can “have your cake, and eat it, too” (the company has also partnered w/ Google on its Android for Work program).
Mobile Security Alliance: AirWatch is demonstrating industry leadership via its Mobile Security Alliance; the firm had already had formalized partnerships with 9 of the 10 founding members (Proofpoint is the most recent vendor the company is partnering with). Each of the founding members (Appthority, Check Point, FireEye, Lookout, Palo Alto Networks, Pradeo, Proofpoint, Skycure, Veracode, Zimperium) is integrating more deeply via AirWatch's console and/or via AirWatch's device side agent (through APIs). The partners each bring very specific enterprise-grade security enhancements that are complementary to AirWatch's EMM value play. Alliance partners span three categories: device, application and network-focused protection.
ACE: AirWatch announced that the App Configuration for Enterprise (ACE) initiative that it is driving has grown to 44 members. Several notable vendors with innovative solutions around enterprise email (Nacho Cove), mobile application modernization (Star Mobile), and split billing (Movius) have joined the roster, but the addition of key SAP properties (Concur and SuccessFactors) were without question the most notable and important. Both of these applications are widely adopted and can now be seamlessly provisioned to AirWatch customers. It remains to be seen is ACE will propel the prepackaged application market—continuing to expand the ISV roster will certainly help.
Privacy First Initiative: AirWatch announced their Privacy First Initiative—the offering will help educate customers on privacy issues and provide end users with greater transparency on how their device (and applications) usage is being monitored. This is smart, and a capability that EMM vendors who compete with AirWatch possess. However, AirWatch is first to market with clear messaging and productized capabilities here. An example that was provided at the event was a scenario whereby IT wanted to ascertain an employee's location-going forward, this type of event can be fully audited/logged. More importantly, such events cannot be executed without informing the end user (policies are in place to information other LOBs, such as HR as well). The privacy feature will be available via AirWatch's console in Q4.
Platform Evolution: Supporting Windows 10 is a requirement; Microsoft's APIs have made it relatively simple to integrate with their Azure Active Directory product, which can streamline self-service device enrollment. AirWatch (along w/ competing EMM vendors) can also offer bulk provisioning for Windows 10 devices and support Win32 and Universal apps straight away. The company's integration also includes device management policies for native email configuration, per-app VPN connectivity and enforcement of enhanced security functions.
In speaking with both VMware and AirWatch executives, it is clear that the companies are on the same page in their messaging—products such as NSX (more on this below) also show forward progress on integration. I also made sure to engage with several of AirWatch's prominent customers at the event—I was somewhat surprised by the slow progress in adopting mobile applications by several of the company's largest customers; however, overall, I got the sense that initiatives to expand applications were underway—many customers mentioned that they were busy in migrating/modernizing their legacy applications for mobile platforms.
The influx of new devices will require IT departments to reconsider how they deliver critical IT services to their internal end users, as the lines between personal and mobile computing will continue to blur and the number of “non-Windows” endpoints continues to expand. Device diversity is now common in most organizations and makes implementing solutions that have the flexibility to streamline the management of all devices, ranging from the ruggedized device deployments that are common in distribution centers, warehouses, and factories to consumer-grade devices that are finding their way into every business. AirWatch’s move into unified endpoint management (UEM) earlier this year shows that the vendor has been preparing to support the increasingly diverse range of non-traditional endpoints (e.g., ATMs, kiosks, smart vending machines, parking meters, POS devices etc.—as every EMM should be), but this has also signaled that the market has matured. Going forward, EMM vendors like AirWatch will be competing directly with much larger vendors (e.g., Accelerite, IBM, LANdesk, and Microsoft) as they begin to pivot to next generation UEM vendors. This will be a fascinating transition.
VMware's CEO Pat Gelsinger attended Connect for the first time, adding some VMware executive "heft" (even though Mr. Gelsinger is svelte ☺) to the keynotes. Gelsinger is clearly pleased with the AirWatch acquisition, and spoke at length about security: specifically on how VMware's virtualization orientation enabled enhanced "built-in" security opportunities. The need to enhance security, compliance, and auditing capabilities is required for most large customers, and is a key driver behind the company's foray into Identity Management and its Workspace Suite. VMware is placing a big bet (R&D and marketing $'s) on both of these initiatives.
VMware's Sanjay Poonen who heads the EUC division spoke about the company's "Switzerland Status"—its ability to work across the ecosystem and how its Workspace Suite solution could simplify application delivery (native, SaaS, Windows, or web apps) on any device with robust security. The Workspace Suite marries Horizon, VMware's Identity Management solution, with AirWatch's Content Locker and its ability to unify app delivery. VMware can also offer additional security options by combining their NSX solution (a network virtualization platform), which offers granular application level virtual network policy controls with AirWatch's per-app VPN capabilities. This brings an opportunity to virtualize data center components, using a software-defined approach, along with the potential to reduce hardware costs by decoupling compute, network and storage functions. The security benefit is the ability to restrict application access to specific segments within a network.
Kudos to AirWatch for drawing a critical mass of enterprise mobility—oriented vendors to Atlanta—the event's Expo felt like what CTIA's event's used to be.
View the 2017 Enterprise Mobility & Connected Devices Research Outline to learn more.