June 2015 - Nubo

Israel Lifshitz

When you really think about it, security technology lifecycles can be compared to love and relationships. Take enterprise mobility and the advent of BYOD for example. As the market’s needs moved beyond the desktop PC, and employees demanded the ability to use a vast array of different consumer mobile devices, along came the knight in shining armor du jour – Mobile Device Management (MDM).

MDM let businesses enforce policies on tablets and smartphones. If a lost or compromised device was discovered it could be remote wiped. This seemed like a great solution for IT at the time, but far from it for BYOD employees who resented IT being able to infringe their privacy, view which apps they were downloading, and potentially erase their personal files.

This led to the metamorphosis of MDM as a BYOD solution, to the beginning of Enterprise Mobility Management (EMM) as an overall strategy. This concept still relied on the foundation built by MDM, but now expanded to include Mobile Application Management (MAM) and (Mobile Information Management) tools. MAM allows IT to contain and secure only specified corporate apps. They can select wipe only those apps without altering the employee’s personal apps. MIM tools offer a corporate, secure version of cloud-based file sync and share services like Dropbox.

Together, this trio of security tools merged to become what is known as EMM – the latest security buzzword for an industry seeking to solve its enterprise mobility riddle. Organizations needed a security approach that could be applied to all mobile devices. And to a large extent, EMM has offered a way of doing just that.

EMM enforces a standard policy, provides a way to manage mobile apps, content and operating systems, oversees network services like WiFi and data usage, and allows IT to manage hardware inventory and enforce security policies via encryption. As for the EMM toolbox, “Everyone’s doing it”, and so enterprises have readily fallen for their latest love and adopted it as their main BYOD security solution. I call it the EMM honeymoon.

But as the relationship has matured past the early adopter phase and into early majority territory, So have the mobility needs of many enterprises. These include providing mobile employees with more robust applications that include sensitive client and proprietary data, and providing that data with the higher level of security it merits. These needs surpass the capabilities within the EMM suite.

Here are several reasons why the end of the honeymoon phase with EMM has arrived, and signals the need for a holistic solution that can bolster its overall security approach.

What’s love without (data) security? Absolutely Nothing!

Many industry experts are not satisfied with the security level afforded by MDM deployment and have actually delayed expansion of their BYOD program as a result. This hesitation leaves them supporting only standard apps (i.e. email, Calendar etc.) and holds them back from progressing to the next level of app deployment – which is where they need to be going if they want to reap the most out of BYOD.

The industry is already recognizing these issues and much of the buzz now is rightly focusing on securing enterprise data and the best way to accomplish that. More and more experts are subscribing to the philosophy that your data is your most valuable asset and are re-visiting the best way to secure it.

App Deployment & MDM: Y’all Got Compatibility Issues!

When using MDM in tandem with Mobile Application Management (MAM) tools, enterprises still must deploy multiple app versions so that they can run on different platforms and OSs, as well as different device and OS versions. For example, your CRM app may run smoothly on Android 4.4 for Samsung, but the same version fails on HTC devices. You will never know when your users decide to upgrade the OS version or even install a custom OS.

These issues translate into higher costs for app development and testing. Enterprises also face major issues deploying apps onto all of the devices in their network. Apps need to be installed within the vast array of devices, creating a major burden for IT.

MDM Security is High Maintenance for your IT

IT help desks are incurring higher costs for supporting users and in many cases do not have the resources needed to take on the added workload. Enforcing MDM security policies is also much more time-consuming than anticipated, and requires ongoing patches and other security measures to deal with device and OS vulnerabilities. More work resources are involved, from the security team right down to the help desk.

Growing Apart: Enterprise Integration & Scalability

Companies are struggling to find a way to run enterprise apps on one platform and help users more easily log into their apps. Each app must connect to enterprise data, and with MDM they must be installed individually per device. How does this impact growth and scalability? Logging into each app separately becomes more cumbersome as the needs of users grow. More apps require more security approval and integration. For example, implementing a Single-sign on (SSO) process is especially challenging because the devices cannot connect to the Active Directory. Other issues which will come to the surface are how EMM complicates the integration of apps with Kerberos authentication protocols and SAML (Security Assertion Markup Language) standards.

VMI + EMM: Completing BYOD

So where do enterprises and EMM go from here? Just as with successful relationships, we grow and become more well-rounded, adapting to each other’s needs. That’s where an emerging technology like Virtual Mobile Infrastructure (VMI) comes in. By adding VMI to the enterprise mobility mix, businesses can use a multi-tiered approach for their delivery of standard and more sophisticated apps.

EMM can be used to securely deliver mobile applications such email, calendar and contacts. VMI can be used to deploy robust applications such as CRM and ERP software for example, and provide access to more sensitive client and corporate data. With VMI providing a completely remote environment, companies can gain that trust and peace of mind that all their critical information is kept and managed separately from their employees’ personal devices.

Implementing VMI for an enterprise can integrate with existing EMM tools, and consequently enhance your organization’s ability to:

Run mobile native apps remotely on your corporate data center.
Deliver any Android-based app (available on Google Play) as simple as drag and drop to the environment.
Develop just one customized app for one environment for both iOS and Android.
Implement an SSO process for both a local secure container and a remote VMI environment.

Adding VMI to your existing EMM security secures classified client and proprietary data and enables seamless app deployment. You benefit from the best of both technologies, and your enterprise mobility initiatives can graduate from the honeymoon stage and into a productive, secure and lasting BYOD future.

Hanan Baranes

Last week I met with a team of developers at a major bank and took them through Virtual Mobile Infrastructure (VMI). They were very interested in learning how VMI would let them take advantage of all mobile sensor capabilities – location services, GPS, proximity, movement and angular rotation, NFC, camera and more. So they took turns using Nubo, observing the look and feel of both out-of-the box enterprise apps and consumer apps, as I explained how we developed our UX over IP remote display protocol to perform on par with native mobile apps. One lead developer paused and then asked: “So if we ran all our apps within a VMI platform, could that also be our MADP (Mobile Application Development Platform) going forward?” “Actually yes”, I explained. This sparked a conversation about how running a standard native development environment from the server that is compatible with all devices can actually revolutionize the development of enterprise apps.

It highlighted some perhaps understated benefits of using Nubo’s VMI solution: VMI can actually be a replacement for MADP solutions for developing and distributing B2C, B2B and B2E mobile apps, and make app development simpler, faster and more secure. This is true not just for banks and other financial institutions, but also for any large enterprises developing and providing mobile apps to customers and enterprise apps for mobile employees.

VMI can actually be a replacement for MADP solutions for developing and distributing B2C, B2B and B2E mobile apps and make app development simpler, faster and more secure.

But how exactly does this work and what are the advantages?

Speaking the Same Language – A Dream for Organizations and App Developers
VMI involves running apps from a remote mobile platform, and the mobile OS used is Android SDK, the most popular mobile platform adopted by most corporations. This serves as a native development environment that works on a wide variety of devices. This aids both enterprises and developers in a number of ways:
- Businesses Save Training Time and Resources: Businesses save substantial time and resources training developers on niche MADP platforms which are developed to work for specific apps as opposed to being adaptable across many organizations.
- Finding Qualified Developers Just got Easier: Using a standard platform like Android SDK for enterprise apps means organizations can dip into a much larger talent pool and find qualified developers with less time and difficulty.
- Increases Career Opportunities for Developers: Imagine being a TV journalist from Finland and applying for a job at the Boston Herald, only with one problem… you don’t speak English! Many developers move on to new challenges every few years, so their ability to work effectively with platforms is a very important selling point when being recruited for new positions. Being versed in Android SDK requires minimal training, and developers can transfer their skills and knowledge easily from one organization to another. They become empowered by mastering the platform which is most in-demand and helps open up a wide spectrum of career opportunities.
All Apps Run on One Central Remote Platform
In many cases when an organization develops MADP tools to provide various clients with mobile apps, each client has a separate version for different devices and OSs. This fragments the landscape for software developers when it’s time to roll out a new app version. It’s not readily clear which client has which version of the platform and where plug-ins and other necessary updates need to applied.
With VMI, all of the apps are centrally managed from one remote platform. This helps to get a grip on version control and eliminates the guess work, saving time and stress for your development team.
A Safer Playground for Developers
From a security perspective, mobile apps virtualized from a remote mobile platform leave zero digital footprint on devices. When developing native mobile applications or web-based and HTML apps, measures must be taken to prevent storing local data. Even when these precautions are taken, coding errors can occur and result in local data on devices.
VMI renders many app security issues a moot point as all of this data stays on the secured and remote enterprise server. This remote environment also means that data is always transferred through secured channels. More details on VMI data security can be found in our Security White Paper.
Employees Receive Native Mobile UX, increasing BYOD Productivity
Because VMI architecture is able to run native mobile apps from the server, mobile users receive the user experience they’ve grown accustomed to with apps they use on their personal smartphones and tablets.
Many of the other platforms for app development are either not fully native or not native at all. They range from HTML5, web-based apps to hybrid apps. While native apps have their own standardized SDK (software development kit), development tools and user interface elements, web-based apps cannot offer this consistency. As a result, the user interface, functionality and overall performance fall well short of native apps. Compromised UX leads to lower uptake by employees of your enterprise apps, less BYOD productivity, and more employees being steered towards unapproved solutions aka Shadow IT.
Running native mobile applications from the data center holds obvious advantages to banking clients for example, who need to perform financial transactions as quickly and easily as possible. It also plays a huge factor in realizing enterprise mobility objectives, as BYOD employees adopt mobile work applications much more so if they translate well to the mobile form factor and enable them to seamlessly access and collaborate financial documents and reports.
You can see exactly how apps look and perform on Nubo for yourself by downloading a free trial.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	Google analytics
_gid	24 hours	Google analytics