Q&A with David Goldschlag of MobileSpaces
IT departments face many challenges when allowing employees to bring their own mobile devices and apps into the work environment. Issues related to management, support, security and the ability to control devices and apps--as well as controlling access to corporate networks--abound. The BYOD challenges to enterprises are multifold from overwhelming IT resources to losing valuable data and malware infecting corporate networks.
Startups like MobileSpaces are helping enterprises deal with the challenges of managing and securing mobile apps and turning them into productivity engines rather than security threats. MobileSpaces recently secured $12.5 million in venture capital funding from Accel Partners, Marker and others. The firm plans to use the funding to market its new MobileSpaces 2.0 mobile app platform directly to customers and through partners. In addition, the firm recently partnered with NitroDesk to offer enterprises NitroDesk's Touchdown email app with MobileSpaces workspace platform. Commenting on MobileSpaces, Chris Hazelton with 451 Research observed: "App virtualization from MobileSpaces provides CIOs with the ability to secure the once-'unsecurable' app, allowing the enterprise to close significant holes in mobile security."
David Goldschlag, CEO of MobileSpaces, founded MobileSpaces along with Yoav Weiss. Goldschlag left security firm McAfee where he was vice president of mobile, to start MobileSpaces. Before that, he was the president and chief technology officer at Trust Digital, a provider of enterprise mobility management software for governments and enterprises. In an interview with FierceMobileIT, Goldschlag explains how enterprises are confronting the challenge of enabling the productivity enhancements that public-app-store mobile apps offer while addressing the IT security concerns that third-party public apps raise.
FierceMobileIT: How do you see the BYOD trend impacting the enterprise?
Goldschlag: Everybody is anticipating or practicing bring your own device. What companies worry about at the legal level is how much right or responsibility do they have regarding personal activity on that device. That is a nuanced area. Will you ever need to do discovery on the personal side of the device, as an example? What most people are looking for with bring your own device is the ability to strongly separate business and personal so that you don't have to make trade-offs; you don't have to put restrictions on the personal apps for fear they may threaten the business apps; you don't have to have a risk of wiping personal information when you wipe corporate information--you need a true enterprise wipe that gets all business data without impacting personal data. What companies are seeing from a solution like ours is they can do all of the deep behind-the-firewall access that they thought they could only do on a corporate-owned device, but they can now do it from a secure workspace on a bring your own device.
FierceMobileIT: Is there a split in the enterprise between those who choose an MDM solution and those who choose a containerized solution?
Goldschlag: The most security conscious enterprises, such as Wall Street banks, have traditionally favored container technology, such as Good. Other guys have favored MDM technology. This is because of the trade-off between a native UI (user interface) or Good's proprietary UI or a trade-off between being able to use more apps or fewer. I think we are also seeing people moving between these two. For instance, we know people who are Good customers who moved to MDM because MDM got more container-like, with increasing security controls. And then you see people who use MDM who are adopting containerization that the MDM vendors are now offering; for example, AirWatch and Fiberlink now offer email, contacts and calendar that are akin to Good's container offering. Good has MDM but it is rarely used because their system is mainly used to let Good apps or Good-partner apps interoperate.
FierceMobileIT: Do you see an enterprise trend of moving from MDM to a broader enterprise mobility management approach?
Goldschlag: Yes. I think that people don't want to do device management any longer; they really want to light up apps. What they want to do is say, "Here are the apps I need for all employees--email for all employees, Sharepoint for most of employees, and Salesforce for the sales employees." They want to think about apps. And then they want to be able to choose the apps that plug into their infrastructure in the best way and then let those apps interoperate. For example, it is not good enough for Salesforce to be its own secured container on the device, because Salesforce needs to interoperate with Office apps and email on the device. So enterprises are really looking for a way to put apps that are coming from vendors coupled with apps that they make and have them work on a device with security properties enforced by a layer beneath the app. The way I look at mobility enterprise management strategy is that you have a device you shouldn't worry about it, then you should have a layer that manages a footprint for the enterprise apps and then the enterprise can focus on the apps themselves.
FierceMobileIT: Do you see an increased risk to the organization from employees downloading third-party apps as opposed to ones developed by the enterprise?
Goldschlag: Early on, enterprises' approach to BYOD was, "Let me solve my risk to my enterprise apps by restricting what apps the employee can use in personal mode on the same device." Then they wanted to liberalize that by saying, "Instead of an approved list of personal apps, I'll vet personal apps." But all of that tendency went nowhere; it was too complicated. What enterprises really want to do is be able to say, "Except if the device is rooted or except if the app has malware, I don't put restrictions on personal apps. It is the job of my security environment to make sure that my enterprise apps are safe from the rest of the apps on the device."
FierceMobileIT: Do you think enterprises should set up enterprise app stores to improve security?
Goldschlag: A more modern view of the enterprise app store is that it is a meta-catalog of apps that the enterprise wrote, apps that the enterprise uses from public app stores and lists of approved apps built into the device. Instead of thinking about the enterprise store like a lot of the MAM (mobile application management) vendors do, as a place to put proprietary custom-built apps, the enterprise app stores is really the list of approved enterprise apps that can then be deployed into the enterprise's workspace on the device. It is really important that an enterprise app store includes public-app-store apps that are relevant to the enterprise.
The lines are all blurring. The MDM companies and Good have solutions like Apperian's standalone enterprise app store, and we have a catalog where the enterprise can define what's in it. I think Good can do MDM, but more importantly the MDM companies are trying to introduce container-like solutions. The problem that everyone is left with--because everyone wants the security of container-like solutions--is how do you expand the capabilities of those container-like solutions so they will be app agnostic. Otherwise, if you do something like wrapping or SDKs (software development kits), it limits the number of apps that you can use down to very small numbers. I'll give an example. Good Dynamics, with their app wrapping and their SDKs, has a list of 35 apps that are partner apps and half of them are apps that they have built or own. MobileIron has like 50 apps in their AppConnect store, but the public app stores of Google Play and Apple App Store have 2 million apps. Any system that tries to give you stronger security for apps needs to be able to bridge that gap--that 2 million app gap between what wrapping and SDKs can do and the innovation of normal app development.
If you are doing a wrapping approach or SDK container approach, you are introducing a lot of friction on how many apps the enterprise can play with. Even wrapping, which doesn't require apps to be rewritten but requires enterprise app publishers to distribute a second version, a wrapped version of the app, that has proved to be too much friction. For instance, Citrix had a goal of this year to get 100 apps into their app ecosystem with the wrapping solution. You need something that doesn't require a massive effort in order to get apps. So I think two things of have happened. What we do in our solution is we have a proprietary technology for Android called app virtualization, which allows you to take any app and make it part of the container with no modification, with no rewriting, with no redistribution. Whether they are on the device or get deployed from the public app store, the apps can be entitled to operate within the containerized workspace. So we support every app on Google Play and we can put security properties around it. On Apple, we can leverage iOS 7. It turns out that the iOS 7 release that came out last month gives many of the security properties that we do on Android and most of the security properties that wrapping guys or SDK guys would have done…
FierceMobileIT: Why did you partner with NitroDesk? What do you hope to get out of that arrangement?
Goldschlag: We partnered with NitroDesk because some partners need more capabilities than the native email client provides. For instance, NitroDesk has always had good support for S/MIME and such. That is something we could depend on. On Android, there is wide variability in the function of the native email clients, so some enterprises like to standardize on one email app because of the fragmentation of emails apps across the Android ecosystem.
FierceMobileIT: I understand you've raised $12.5 million in venture capital funding this year. Have you seen any hesitancy from venture capital providing money for startups? What do you plan to do with the money you have raised so far?
Goldschlag: Enterprise mobile security is a good place to be...It doesn't have a lot of entrants. The first wave of MDM players has winnowed itself out. The next wave that is more friendly to apps is the wave we are participating in. I think that the venture guys look at this and say that the competition are these $100 million to $200 million players, like MobileIron, AirWatch and Good Technology. But it is fascinating that the largest players haven't gotten into the business yet, such as IBM, HP, Cisco, Juniper, Symantec and McAfee. The market is still in the early innings.
We are using the money to launch our MobileSpaces 2.0 product, so we can offer enterprises an any-app solution for both iOS and Android. Now we are moving into the commercialization phase. We are building a scale-able machine to leverage our cloud-based platform so that we can sell at low cost directly to customers and partners.
FierceMobileIT: What to see for enterprise mobility in the next ten years?
Goldschlag: I wonder what I would have said ten years ago. So ten years ago, BlackBerry had just started. It took 8 years for iPhone to come out. I think the pace of change since then has been much more aggressive. So it is almost a harder problem...It is hard to look out.
There are a couple of truths. One is that consumerization of IT is here to stay, both from an employee and business expectations point of view--the world should operate with the agility and friendliness that consumer apps operate at. BYOD is here to stay, and you are seeing it move beyond smartphones and tablets to PCs and Macs. That will be a trend that will continue. The business will also increasingly focus on apps. The next wave will bring cloud apps with web or thick clients into the enterprise picture in a much broader way. Today, there are enterprise data center apps with lots more cloud stuff in the wings. What you will start to see is not only more apps but the services that will allow you to get apps, gate apps and control apps. All of the enterprise services will start to move more and more to layers in the cloud.
Security has to evolve more quickly to form a thin layer between the devices and platforms that people use and the services that enterprises will expect. Security got pretty thick for a while, now it has to get more agile. The trend toward IT becoming buyers and managers of services, as opposed to doing things in-house, has taken a while, but I think we have reached a turning point with cloud-based services. Another area to look at is authentication. How do you move from a world of passwords to something that is much more seamless and secure? I don't know if that is a 10-year crystal ball. It's more like a five-ear crystal ball.