Kony Executive Burley Kawasaki on Best Tips for Attaining Speed in Mobile Apps Delivery

A BriefingsDirect interview on the growing need for mobile apps and Kony's newly announced tools to help the line of business go mobile.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Kony, Inc.

Dana Gardner: Hello, and welcome to a special BriefingsDirect interview, coming to you from the Kony World 2015 Conference on Feb. 4 in Orlando.

Gardner

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host throughout this series of penetrating discussions on the latest in enterprise mobility. We're here to explore advancements in applications design and deployment technologies across the full spectrum of edge devices and operating environments.

For our next interview we welcome Burley Kawasaki, Senior Vice President of Products at Kony.

Burley Kawasaki: Hi, thanks, Dana. Glad to be here. It has been an exciting week. There are lots of great customer discussions and partner discussions going on.

Gardner: Before we explore the Kony World news, what's going on in the enterprise mobility marketplace? What are enterprises looking for in their mobility strategy?

Kawasaki: Obviously, mobility has proven that it’s not just a passing fad. It's really evolved over the last four or five-plus years. Initially, most companies were just trying to get one or two apps out in the public app store.

Kawasaki

Many started with some type of branded consumer apps, what are called business-to-consumer (B2C) applications, and they were willing to make the investments to make it have a fantastic user experience. They would try to make this a way for customers to experience and engage the brand. A lot of times you saw this being built and launched by the marketing organization inside an enterprise.

Now, what we're seeing is a shift. As people are looking for the next set of ways to exploit mobility, they're looking internal, inside their enterprise. They're looking at what I refer to as or business-to-employee (B2E) applications.

But instead of one or two apps, there are literally dozens or hundreds of mobilized processes and applications that most larger enterprises are looking to build as they start looking at all the internal processes. It could be mobilizing sales or employees, looking at support out in the field with field technicians, or providing self-service access to vacation requests.

There are a number of challenges this creates. One is lack of skills. If you're building one or two, you can probably muster the technical expertise or you can outsource and hire an agency or someone to build it. If you're looking to supply dozens -- some larger enterprises are looking at hundreds of internal-facing mobile apps -- that really highlights the imbalance between the demand from the business stakeholders and the supply of IT skills, resources, and technical talent.

Gardner: So, it's important in the marketplace for enterprises to recognize that this is a problem, this gaping hole between what is demanded in terms of mobile apps and development and what they can deliver. How are Kony and others in your ecosystem, your solution partnerships, coming together to allow them to leap that hurdle?

Build applications quickly

Kawasaki: Kony, since day one, has focused on how to drive faster and faster acceleration of the full development process. That's part of our core value proposition of rapidly delivering great mobile apps by providing tools and platforms to help build applications more quickly.

When we talk about building anything custom, there is a certain amount of time, typically three to six months that you spend, not just for the development, but to map out the requirements to do all the testing and final deployment. And with any custom software development, you can only compress it so far, and there's a certain amount of skills and expertise that you need.

To answer your question, we think that there needs to be other types of models for ultimately creating these internal mobile applications. The trend that you're starting to see, and that we believe is really going to take off, is a move away from custom, bespoke development of each and every app, to much more of an assembly and configuration model.

If you look at building a home, for example, there was a time where you had to custom build all of the parts to your home. You would go out, cut down the trees, and do everything from scratch, but that was a hugely inefficient process.

Now, essentially, homes are componentized. You can find standard sizes lumber parts. Large parts of your home may be prefabricated and it's just a matter of assembling and configuring them to meet your needs.

Many industries have realized the benefits of moving to assembly and configuration, as opposed to custom built.

We've seen the same assembly across a number of industries, like the auto industry. Many industries have realized the benefits of moving to assembly and configuration, as opposed to custom built.

We're seeing this in software as well. There was a day where everyone used to build their own enterprise resource planning (ERP) system or their own sales automation system. Now, people have moved to the configuration of packaged software. Mobile applications are now at the tipping point where they need to have a different way that will address the explosion in demand that I was describing.

There are a couple of things that we think are required to create this new model. One is that you need to have an ecosystem that provides pre-built components. Obviously, you can't assemble things if there is nothing to assemble from. So there needs to be an ecosystem of components.

Then, there needs to be some type of tooling that allows you to assemble the components without having to be a developer, but more of a visual drag and drop type of composition experience.

And then once you have done that, it can't just be a pretty picture. It needs to actually somehow run and make its way down to your phone or to your device. So there has to be some type of execution or dynamic run capability behind the description of what you have created.

Those are the three requirements. Of course, we have just announced this week some software that addresses each of those categories.

Major announcements

Gardner: Well, let's delve into them a little bit. There were three major announcements around your Marketplace, your Modeler, and also an example of how these come together in your first prepackaged application called the Kony Sales App.

Kawasaki: I'll talk about each of these. I'll start with the Marketplace. As I said, to make this practical and useful for our customers, we need to be able to create a way to find and discover pre-built components. Some of these components Kony may build ourselves, but we're also working with a number of very talented leading edge partners of ours -- independent software vendors (ISVs) and systems integrators (SI’s), who are also contributing prebuilt components.

This week, Feb. 4, we launched Marketplace. If you go out to community.kony.com/marketplace, you can browse. We're adding partners on an ongoing basis, but you'll see some of the early solutions that are available in the Marketplace. That’s the first part of the announcement.

The second piece is around how to assemble these into an actual application, a new product called Kony Modeler. Unlike some of our prior products, our developer tools, these do not require development backgrounds.

The typical profile of a user of Kony Modeler would be either a business analyst or someone closer to the business who knows how to drag and drop, to define what the end-user experience should be for your mobile app, knows how to describe the process or the workflow that has to occur, knows how to take those forms that they've painted, and be able to map it to some backend business data, coming from a system like SAP or Salesforce.

Unlike some of our prior products, our developer tools, these do not require development backgrounds.

As long as you can do that, you don’t have to be a developer and drop into code. You can describe this visually. You can drag and drop. Then, when you're done, the important thing is that it’s not just a picture that you print out and you throw over the wall to your developer. This description of your application then gets pushed out instantaneously to our cloud run time.

We've extended our backend-as-a-service, what we call Kony MobileFabric, so that it takes this model, this description of the mobile app, and will download it to your device and run it. Then, the next time as an end-user, if you are using one of these apps, you just automatically get whatever changes or updates have been made. You don’t have to go out to an app store and find a new app. It just automatically is part of your app.

As an analogy, in the same way if I use any software-as-a-service (SaaS) software, I won't have to install a new app on my laptop. I just go out to my web browser, and next time I log in, it's always up-to-date.

Gardner: It sounds as if this has some of the greater elements of platform-as-a-service (PaaS), but the tooling is designed for that business-analyst level. It also gives you some of those benefits of rapid iterations. You can change and adjust. You can customize to different types of user within the group that you're targeting. And all of this, I assume, is at also low cost, given that it's a SaaS based approach. Tell us a little bit about why this is like PaaS, but PaaS-plus.

Non-developer experience

Kawasaki: PaaS typically has been targeted primarily toward developers. And it’s maybe a higher level productivity for developers, but you still have to write code against software development kits (SDKs) or other application programming interfaces (APIs). Kony Modeler provides a non-developer experience.

The other big thing, and you pointed it out, is that it really does lower all of the infrastructure, hardware, and software costs that are required, because it’s purely cloud-based. It makes it not only lower cost from a total cost of ownership (TCO) standpoint, but it also accelerates the whole development cycle.

I think about this as a shift away from a classic waterfall-type model, to much more of an agile model. In the old model, you spend three to six months trying to go through and nail the requirements and hand it off to your dev team. Then, they go off, and you find out, only when it's in final QA, that it doesn't look right on the device, or it comes back and the business has changed their mind. That never happens, right?

It makes it not only lower cost from a total cost of ownership (TCO) standpoint, but it also accelerates the whole development cycle.

Modeler allows you to very quickly iterate a working application to release in a matter of days and be able to do testing with your end-users. Based on their feedback, I can make updates on an agile basis and continuously iterate on functionality or enhancements to the application.

Gardner: Burley, it also sounds like you're able to bring A/B testing type activities to a different class of user, where you don't always know what your requirements are precisely, but you can throw things on the wall, try them out, see what works, and iterate on that. I don’t recall too much of that capability being available to a business analyst type of user.

Kawasaki: You're correct. Usually, there is this very extended process, where a business analyst has to document everything in some thick specification, and even if you have it wrong or you are uncertain, whatever you communicate out to the dev team is what they go off and build.

So it’s not that this does away with requirements, but it does allow more flexibility to change or to test. And I'd agree. I think the responsiveness will allow much more experimentation and innovation. It's better to fail fast. If you have tried something out and it's not delivering the results, you haven't invested a huge amount of time and cost to learn that.

Gardner: And another appealing aspect of this for IT and operations is that this isn't shadow IT. This is under the auspices of IT. They can bring in governance. They can audit as necessary and make sure the right backend sources are being accessed in the right way, with the right privilege and access controls. They can monitor security. We talked about how it's better than PaaS, but it's also better than shadow IT for a lot of reasons.

Lack of skills

Kawasaki: It is. We were talking earlier about the skills shortage, and if you look at the stats or the data, most industry analysts predict that up to 60 percent or 70 percent or more of mobile development is outsourced today, to either an interactive agency, a systems integrator, or someone else, because of lack of skills.

So it has been outsourced to some third party, and who knows what technologies they are using to build the app. It's outside the typical controls or governance of IT. So it's not only shadow; it's dark matter. You don't even know it exists; it’s completely hidden.

Yet, at some point, inevitably, those apps that you may have outsourced for your first version, it’s not just a first version release. You want to update it sometimes monthly. So it has to come back into IT at some point, for no other reason than it's connecting and talking to enterprise data in the back end. It's connecting to other IT controlled systems, and so there is a huge amount of risk and costs associated if these things are completely hidden off the grid.

Gardner: Let's take this from the abstract to the concrete. We actually have an application now in play called the Kony Sales App. Who is that targeted to, how does it work, and what do you expect to be some of the proof point metrics of this in usage compared to how organizations conduct themselves with customer relationship management (CRM), especially if there is multiple CRMs in play in an organization?

Kawasaki: That's a great point. First of all, this is the first of a series of what we call ready-to-run applications. And the reason we call it ready-to-run is that it's a packaged app. This isn't a custom or bespoke app, but it's pre-connected and pre-integrated to the common back end, in case of CRM what most companies are using, something like Salesforce or SAP on the back end.

So we've taken a task-oriented approach and created a modular micro app approach that really is meant to be very easy and engaging for the end-user.

So it comes ready to run, but like packaged software or SaaS software, it allows you the ability to configure and customize it, because everyone’s sales processes or their user base is going to be different. That's where the Modeler tool allows you to configure it.

So when you purchase Kony Sales, you get not only the application, but the use of Kony Modeler to be able to customize and configure it. And then, as you make changes, you push it live, and again, it deploys using the SaaS model you were describing.

To talk a little bit more about Kony Sales, we think it's a new style of mobile apps, what I will refer to as a micro app. Historically, people thought of CRM software, and I am overgeneralizing, but as big, somewhat monolithic, applications.

One of the historical challenges with CRM usage is that you had to bring your laptop with you, and sales reps are notorious at not completing data in a timely fashion. It takes a lot of mandates, top-down from the sales leadership, to get data into the system so you can get accurate reporting. It's one of the age-old problems.

We believe that if instead of trying to get the whole CRM application crammed down onto a four-inch screen, with all the complexity that it requires, you target very specific action-oriented micro apps that a sales rep can do very quickly on the go, that doesn't take a lot of training, and doesn't take a lot of thought. They can very quickly look up and see their accounts, or they can very quickly log a call they have made.

So we've taken a task-oriented approach and created a modular micro app approach that really is meant to be very easy and engaging for the end-user, which in this case is a sales rep.

User experience

Gardner: And again, for the understanding of how this all works across multiple endpoints, regardless of what your sales force is using for their mobile device, this is going to come down. They are going to get that user experience and that interface that the craftsmen behind the app demanded and designed.

Kawasaki: That's right. Kony Sales is multi-channel. It works across phones, tablets, iOS, Android, and importantly, it does not replace your existing CRM data. It extends the CRM systems you already have, but makes them much, much easier to very quickly get access to.

Also using Mobile First types of approaches, and by that I mean if you are a sales rep, very likely you are on the road or in an airplane. How many people have tried to use whatever CRM client, even some of the web mobile experiences, to get data into Salesforce or SAP? It's all web-based, HTML5-based, and it doesn’t work if you're not online.

One of the things we designed in from day one was that you have to be able to operate in an "occasionally connected" mode. So if you are offline, either because you're out in the field talking to your customer, or you're in an airplane you can still have the same easy access. Then, when you're connected again, it will synchronize and handle updating SAP or Salesforce in the background.

Gardner: We're almost out of time, but I wanted to look a little bit to the future roadmap. Now that we have the model of the Modeler, the Marketplace and these ready-to-run apps, what comes next -- more apps, bigger marketplace, or is there another technology shoe to drop?

Kawasaki: It's more apps certainly, and not just from Kony, but from our partners. When we did some of our initial planning and research, the most commonly mobilized processes were ones that were customer facing or customer impacting, just because of the benefits and the ROI.

So we started with sales. We're going to release our next one, which will be around field service. It really helps engage at the point that you're supporting and serving your customer.

It really helps engage at the point that you're supporting and serving your customer.

There are a set of these that we are working on, but I think also importantly, we're working on really making our partner ecosystem trained, ready to use Modeler, and to build very unique and differentiated applications to publish to the marketplace.

We have a couple of examples of these ready-to-run apps that are compelling from our partners that you will hear more about, and that list will continue to grow over the coming weeks and months.

Gardner: And of course there's a lot more information online at kony.com about these products and services that you've announced. And you are going to be taking this out on the road to Frankfurt, Europe, Dubai, and the Middle East quite soon.

Kawasaki: That's right. It's going to be fun getting to engage our global customer base and talk about some of the innovations and get their input on what types of apps they're trying to build.

Gardner: Well, very good. I'm afraid we'll have to leave it there. We've been learning more about how advancements in mobile applications’ design and deployment technologies are bringing new productivity benefits across the growing spectrum of edge devices and use cases. And we have seen how quality, speed, and value are rapidly increasing, thanks to the Kony mobility platform approach.

So a big thank you to our guest, Burley Kawasaki, Senior Vice President of Products at Kony. Thank you, sir.

Kawasaki: All right, thank you, Dana.

Gardner: And a big thank you also to our audience for joining this special podcast series coming to you directly from the Kony World 2015 Conference in Orlando.

I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host throughout this series of Kony-sponsored BriefingsDirect IT mobility discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Kony, Inc. 

A BriefingsDirect interview on the growing need for mobile apps and Kony's newly announced tools to help the line of business go mobile. Copyright Interarbor Solutions, LLC, 2005-2015. All rights reserved.

You may also be interested in:

• Kony gives enterprises the means to make mobile development a force multiplier for business productivity
• Panel tackles how to make mobile devices as secure as they are indispensable
• Five ways to make identity management work best across hybrid computing environments 
• As the digital economy ramps up, expect a new identity management vision to leapfrog passwords
• Mobile enablement presents challenges, opportunities as enterprises retool apps for the future now
• Standards and APIs: How to best manage identity and security in the mobile era
• Microsoft SharePoint at a crossroads — opportunities and challenges abound for users to advance productivity
• Siemens Brazil blazes a best practices path to deliver work flow applications on mobile devices
• Why HTML5 enables more businesses to deliver more apps to more mobile devices with greater ease

Perfecto Mobile Goes to Cloud-Based Testing Tools so Developers Can Build the Best Mobile Apps Fast

Transcript of a BriefingsDirect podcast on how the “mobile first” movement is making the cloud more attractive for software developers.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: HP.

Dana Gardner: Hello, and welcome to the next edition of the HP Discover Podcast Series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing discussion on IT innovation and how it’s making an impact on people’s lives.

Gardner

Once again, we’re focusing on how companies are adapting to the new style of IT to improve IT performance and deliver better user experiences -- and business results. This time, we’re coming to you directly from the recent HP Discover 2013 Conference in Barcelona.

We’re here to learn directly from IT and business leaders alike how big data, mobile, and cloud -- along with converged infrastructure -- are all supporting their goals.

Our next innovation case study interview highlights how Perfecto Mobile is using a variety of cloud-based testing tools to help its developers rapidly create the best mobile apps for both enterprises and commercial deployment.

So join me in welcoming our guest, Yoram Mizrachi, CTO and Founder of Perfecto Mobile, based in Woburn, Mass. Welcome Yoram.

Yoram Mizrachi: Hi. Thank you.

Gardner: Tell us about the state of the mobile development market. How fast is it growing, and who are building mobile apps these days?

Mizrachi

Mizrachi: Everyone is building mobile applications today. We have not gone into a single company that doesn’t have anything on mobile. It’s like what happened on the web 15 years ago. Mobile is moving fast. Even today, we have customers with more transactions on mobile than any other channel that they’re offering, including web or making calls. Mobile is here.

Gardner: So that’s a big challenge for companies that perhaps are used to a development cycle that took a lot longer, where they had more time to do testing and quality assurance. Mobile development seems to be speeding up. Is there a time crunch that they’re concerned about?

Mizrachi: Absolutely. In mobile there are two factors that come into play. The first one is that everyone today is expecting things to happen much faster. So everyone is talking about agile and DevOps, and crunching the time for a version from a few months, maybe even a year, into few weeks.

Bigger problem

With mobile, there’s a bigger problem. The market itself is moving faster. Looking at the mobile market, you see hundreds of mobile models being launched every year. Apple is releasing many models. Android is releasing tremendous amount of new models every year. The challenge for enterprises is how to release faster on one side, but still maintain a decent quality on all the wide ranges of devices available.

Gardner: So that’s a big challenge in terms of coming up with a test environment for each of those iterations.

Of course, we’re also seeing mobile first, where they’re going to build mobile, and it's changing the whole nature of development. It's a very dynamic and busy time for developers and enterprises. Tell us about Perfecto Mobile and how you’re helping them to manage these difficult times.

Mizrachi: Yes, it is mobile first. Many of our existing customers, as I mentioned, have more transactions on mobile than anything else. Today, they’re building an interface for their customers starting from mobile. This means there are tremendous issues that they need to handle, starting with automation. If automation was nice to have on traditional web -- with mobile it’s no longer a question. Building a robust and continuous automated testing environment is a must in mobile.

Gardner: Now, we’re talking about not only different targets for mobile, but we’re talking about different types of applications. There’s Android, Apple, native, HTML 5, Web, hybrid. How wide a landscape of types of apps are you supporting with your testing capabilities?

We support native, hybrid applications, Web services, iOS, Android, and any other platform.

Mizrachi: When you look at the market today, mobile is moving very fast, and you’re right, there are lots of solutions available in the market. One of the things that Perfecto Mobile is bringing to the market is the fact that we support them all. We support native, hybrid applications, Web services, iOS, Android, and any other platform. All of this is provided as a cloud service. We enable our customers to worry a little bit less about the environment and a little bit more about the actual testing.

Gardner: Tell us how you’re doing this? I know that you are a software-as-a-service (SaaS) provider and that the testing that you provide is through a cloud-based model. A lot of organizations have traditionally done their own testing or used some tools that may have been SaaS-provided. How are companies viewing going purely to a SaaS model for their testing with their mobile apps?

Mizrachi: The nice thing about what we do with cloud is that it solves a huge logistical problem for the enterprises. We’re providing managed solution for those physical devices. So it’s many things.

One of them is just physically managing those devices and enabling access to them from anywhere in the world. For example, if I’m a U.S.-based company, I can have my workforce and my testing, located anywhere in the world without the need to worry about the logistics of managing devices, offshoring, or anything like that. Our customers are utilizing this cloud model to not change their existing processes when moving into mobile.

ALM integration

Gardner: And in order to be able to use cloud amid a larger application lifecycle, you must also offer application lifecycle management (ALM) or at least integrate with ALM, source code management, and other aspects of development. How does that work?

Mizrachi: Our approach was to not reinvent the wheel. When looking at the large enterprises, we figured out that the existing ALM solutions in the market, led by HP, is there, and the right approach is to integrate or to extend them into mobile and not to replace them.

What we have is an extension to the ALM products  in such a way that you, as a customer, don’t have to change your existing processes and practices in order to move to mobile. You’ll have a lot of issues when moving into mobile, and we don’t believe that changing the processes should be one of them.

Gardner: Of course with HP having some 65 percent of the market for ALM and a major market presence for a lot of other testing and business service management capabilities, it was a no-brainer for you to have to integrate to HP. But you’ve gone beyond that. You’re using HP yourself for your own testing. Tell us how you came to do that.

Mizrachi: HP has the largest market in ALM, and looking at our customers in Fortune 500 companies, it was really obvious that we needed to utilize, integrate, or extend HP ALM tools in order to provide a market with the best solution.

One of the things I’m quite proud of is that we, as a company, have proofs of success in the market.

Internally, of course, we’re using the HP suites, including Unified Functional Testing (UFT) Performance Center, and Load Runner in order to manage our own development.

Gardner: Tell me a little bit more about what your users are getting as a result of going to Perfecto Mobile and using a SaaS-based approach to testing for the mobile devices. Do you have any metrics of success or even an example of how this works, so that we can appreciate how this is a better way to do it?

Mizrachi: Absolutely. One of the things I’m quite proud of is that we, as a company, have proof of success in the market, with hundreds of customers already using us and tens of thousands of hours of automation every month being utilized.

We have customers with thousands of automated scripts running continuously in order to validate the applications. It's a competitive environment, obviously, but with Perfecto Mobile, the value that we’re bringing to the table is that we have a proven solution today used by the largest Fortune 500 companies in finance, retail, travel, utilities, and they have been using us not for months, but for years.

Gardner: Where do you see this going next? Is there a platform-as-a-service (PaaS) opportunity where we’re going to do not just testing but development and deployment ultimately? If you are in the cloud for more and more of what you do in development and deployment, it makes sense to try to solidify and unify across a cloud from start to finish.

Mizrachi: I’m obviously a little bit biased, but, yes, my belief is that the software development life cycle (SDLC) is moving to the cloud. If you want to go ahead, you don’t really have a choice. One of the major failures in SDLC is setup of the environment. If you don’t have the right environment, just in time, you will fail to deliver regardless of the tool that you have.

Just in time

Moving to the cloud means that you have everything that you need just in time. It's available for you. Someone has to make sure this solution is available with a given service-level agreement (SLA) and all of that. This is what Perfecto Mobile is doing of course, but I believe the entire market is going into that. Software development is moving to the cloud. This is quite obvious.

Gardner: One other area of course concerning the cloud is security, particularly around intellectual property like source code. Are you and HP working together to try to ameliorate any concerns? How do you answer questions about security?

Mizrachi: For our customers, the top insurance and top financial banks customers, healthcare organizations, all of them, security is extremely important, and of course it is for us. Our hosting solution is a SOC 2-certified solution. We have dedicated personnel for security and we make sure that our customers enjoy the highest level of privacy and, of course, security -- physical security, network security, and all the tools and processes in place.

As the mobile market matures, organization are relying more on mobile to assure and  increase their revenue.

Gardner: And, as we know, HP has been doing testing in the cloud successfully for more than 10 years and moving aggressively in that space early on.

Mizrachi: We’re enjoying the fact that our research and development center and HP's research and development center are close-by. So the development of the two products is very close. We have weekly or biweekly meetings between products and R and D teams in order to make sure that those two tools are moving together.

Gardner: One last area before we end our discussion. You’re going beyond just testing. You’re using Business Service Management (BSM) and the monitoring is ongoing. As we all know with application development, and mobile in particular, you’re never really done. It's an ongoing process, a lifecycle.

Tell us about the monitoring aspect and how you’re helping organizations keep those applications, those mobile apps, up to speed and up to spec, but also ready for the new operating systems and platforms that they will have to perform with.

Mizrachi: SDLC, as you mentioned, is a lifecycle. It's not only about one time testing; it's ongoing. And post-deployment, when moving into production, you need to see that what you’re offering to the market on the real device is actually what you expect. That’s extremely important.

As the mobile market matures, organization are relying more on mobile to assure and  increase their revenue. So making sure the mobile offering is up and running and meets the right key performance indicators (KPIs) on an ongoing basis is extremely important. The integration that we’ve made with BSM is utilizing an existing extremely mature product on the monitoring aspect and extending that with cloud-based real mobile devices for application monitoring.

Gardner: Well, very good. We’ll have to leave it there, I am afraid. We’ve been talking about how the Perfecto Mobile organization has been delivering application testing for mobile development through a cloud-based system and relying heavily on the HP performance and test suite to do so.

I would like to thank our guest, Yoram Mizrachi, CTO and Founder of Perfecto Mobile. Thanks so much.

Mizrachi: Thank you, very much.

Gardner: And thank you to our audience as well for joining us for this special new style of IT discussion coming to you directly from the HP Discover 2013 Conference in Barcelona.

I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this ongoing series of HP sponsored discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: HP.

Transcript of a sponsored BriefingsDirect podcast on how the “mobile first” movement is making the cloud more attractive for software developers. Copyright Interarbor Solutions, LLC, 2005-2014. All rights reserved.

You may also be interested in:

• Big data’s big payoff arrives as customer experience insights drive new business advantages
• How healthcare SaaS provider PointClickCare masters quality and DevOps using cloud ITSM
• Software security pays off: How Heartland Payment Systems gains steep ROI via software assurance tools and methods
• HP HAVEn CTO Mundada on new ways for businesses to gain transformation from big data and new wave analysis
• HP ART documentation and readiness tools bring better user experiences to Nordic IT solutions provider EVRY
• NASCAR attains intimacy and affinity with fans worldwide using big data analytics
• Siemens Brazil Leverages HP Anywhere to Deliver Applications Better to More Mobile Devices
• Nimble Storage Leverages Big Data and Cloud to Produce Data Performance Optimization on the Fly
• MZI Healthcare Identifies Big Data Patient Productivity Gems Using HP Vertica
• Thought Leader Interview: HP's Global CISO Brett Wahlin on the future of Security and Risk

BYOD Trend Brings New Security Challenges for IT: Allowing Greater Access While Protecting Networks

Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force for enterprise productivity.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Dell Software.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions and you're listening to BriefingsDirect.

Gardner

Today, we present a sponsored podcast discussion on bringing clarity to bring your own device (BYOD) support, management, and security.

While so-called BYOD isn't necessarily new -- IT departments, after all, have been supporting mobile "road warriors" since the 1980s, the rising tide of end users seeking the use and support of their consumer devices is certainly something quite new. It’s so new that IT departments are grasping for any standard or proven approaches that make BYOD access of enterprise resources both secure and reliable.

The task is dauntingly complex, and new and unforeseen consequences of BYOD are cropping up regularly, from deluged help desk to app performance snafus to new forms of security breaches.

We're here now with a panel to explore some of the new and more-effective approaches for making BYOD both safe and controlled. Please join me in welcoming our guests, Jonathan Sander, Director of IAM Product Strategy at Dell Software. Welcome, Jonathan.

Jonathan Sander: Hi, Dana. Thanks.

Gardner: We're also here with Jane Wasson, Senior Product Marketing Manager for Mobile Security at Dell Software. Welcome, Jane.

Jane Wasson: Thanks, Dana.

Gardner: It’s good to have you both with us. As I mentioned, road warriors have been looking to their IT department to help them in the field for decades, but there just doesn’t seem to be any standard operating procedures for supporting BYOD.

You can't just buy it in a box. It’s not shrink wrapped in any way. I wonder why the means to make widespread BYOD perform well is so scattered and so uncooked. Jane, why are we at this point now? People really want a solution and they can’t get one.

Wasson: IT did a great job of supporting mobile workers with laptops and early mobile devices for quite some time, but much of that was with IT-controlled systems. IT chose the devices. They chose the software, the applications, that would run on those laptops.

What we're seeing increasingly now is that mobile workers are using their personally purchased mobile devices -- cellphones, smart phones, and tablets -- to access their e-mail, calendar, corporate e-mail, corporate calendar, and IT has been able to support that securely and very successfully for them across a wide variety devices and operating systems.

Ease and speed

What we're seeing now that’s a little bit different is increasingly those mobile workers like the ease of use and the speed at which they can get to their email and their calendar apps with those mobile devices. They now want IT to extend that so that they can get the same access to enterprise apps and resources on mobile devices that they've enjoyed on their IT controlled laptops over the years.

Wasson

That creates a new challenge for IT. All of a sudden, rather than having a controlled set of devices and a controlled environment, that they can manage, they have a variety of devices that end users have purchased. IT had no control over that choice and what’s already loaded on those devices.

They're trying to figure out, given that environment, how to securely enable access to enterprise apps and resources and give those end users that speed of access that they want and the ease of access that they want, but still maintain security.

They don't want their back-end networks infected with malware. They don't want to have rogue users finding laptops or mobile devices and being able to access enterprise systems. It’s a huge challenge for IT support groups.

Gardner: Do you have any sense of how big a wave this is? Are there numbers or data that indicate what portion of users are trying to go in the BYOD direction?

Wasson: Industry analysts are now seeing that more than 50 percent of workers are using personal mobile devices in some capacity to access those networks. Increasingly, they're asking to access not just email and calendar, but also enterprise apps and resources.

Gardner: Jonathan, as with many shifts in IT that didn’t originate with the IT department, it seems that there are some unintended consequences here. What’s happening now that we've got this tug, this pull, in the BYOD direction? What are IT folks who are tasked in making this viable finding?

Sander: There are a lot of consequences, and understanding all of them is still in process. That’s part of the problem. Of all the problems that people are going to have as a result of BYOD are TBD. One of the ones that's most apparent right away is security. The approaches that people have taken in the past to lock down anything that’s related to mobile have all centered on exactly what Jane pointed out. They were in charge of the device in some fashion. They had a foot in that door and they could use some kind of lock down.

Sander

I was sitting with someone at one of the big financial firms in New York City the other day. We asked them about their BYOD strategy and he took a humorous approach to it. He said, "Yes, we have a really well-defined BYOD strategy. As long as the device is the one we assign to you and uses the software that we approved and control all the policy on, you can bring it." I think that that’s not too uncommon.

A lot of the firms that are very security sensitive have worked it out. On the other end of the scale, I've talked to people who say that BYOD is not something that is they are doing but rather is being inflicted on them. That’s the language they put it in. It relates back to that security problem, because when they're looking at trying to understand how their data is going to be present on these devices and what impact that will have on their risk standpoint, it's almost impossible to quantify.

History of breaches

If you look at the history of breaches, even with the controlled laptops that they had, you had laptops being stolen with tons of data on them. You know what happens the first time you get one of those breaches stemming from someone leaving their cellphone in the backseat of a taxi cab? These are things that are keeping people up at the night.

Add to this that a lot of times the security approaches they have taken have all been leveraging the fact that there is a single vendor that is somehow responsible for a lot of what they do. Now, with the explosion of the variety of devices and the fact that they have no control over what their employee might purchase to bring in, that notion is simply gone. With it went any hope of a standard, at least anytime soon, to help secure and lock down the data on all these different devices.

Gardner: Another aspect of this is the diversity of the variables. There is web access, native apps, a variety of different carriers, different types of networks within those carriers, and all these different plans.

I suppose it’s difficult to have just a standard operating procedure. It seems like there have to be dozens of standard operating procedures. Is that what they're finding in the field, and how does any organization come to grips with such diversity?

How do you insert any control into that scenario at all? It gets very complex, very quickly.

Sander: You're absolutely right. Diversity, first and foremost, is the challenge. There are also a lot of other trends that are bringing more diversity into IT at the same time, and then BYOD just becomes one dimension of diversity.

You mentioned web control. If you're assuming that this is a web application that they're rolling out on their own, that's one thing. If it’s a cloud app, what happens when you have somebody using a cloud app on a BYOD device? How do you insert any control into that scenario at all? It gets very complex, very quickly.

Gardner: Let’s look at some specific types of starting points, putting in the blocking and tackling necessary to start to get a handle on this. Jane, what should companies be doing, in terms of setting up some building blocks, the means to tackle the reliability, security, and diversity?

Wasson: The good news is that being able to support remote workers is not new, because most companies already have policies in place to manage remote workers. What’s new is that, rather than the devices that are accessing the enterprise apps and resources being IT controlled, those devices are no longer IT controlled.

Very often, the policies are there. What they need to do is rethink those policies in light of a mobile worker, a mobile device, environment with so much of the same capability. You have to be able to know which devices are connecting to the network. Are those devices harboring malware that could infect your network? Are those devices locked down, so that authentication is necessary to get into your network?

There are a number of best practices that IT organizations already have in place for their managed laptop devices. The question is how to take those policies and now apply those policies to a mobile worker who's bringing their own devices.

Forced authorization

You need to find technologies basically that allow you to force authentication on those mobile users before they can access your network. You need to find technologies that can help you interrogate those mobile devices to make sure that they're not going to infect your network with anything nasty. You need to find the technologies that allow you to look at that traffic, as it’s coming onto your network, and make sure that it's not carrying malware or other problems.

Very often, IT departments have a good handle on what they need to do. It’s a question for their environment how best to integrate mobile device management technologies so that they can support these mobile workers to provide them the access they need and do it in a way that does not introduce a lot of risk to the enterprise.

Gardner: I think I heard you say that those areas that you described would fall under this category of mobile device management. If that’s the case, without going to the buzz words too deeply, what should people think of? How should they have a vision around what mobile device management should actually do?

Wasson: What mobile device management needs to do for them is what laptop device management has done for them in the past. The key things to think about there are looking at when you're actually deploying those devices. Maybe you have end users that are purchasing personal units, and maybe you don't know initially. Maybe you don't have the same level of knowledge about that unit or ways to track it.

A mobile device management platform needs to do those functions for the IT support organization across mobile operating systems.

What you can do is introduce technologies onto your network, so that when your users log into the network or authenticate onto the network, the device is queried, so that you are able to do some level of tracking of that device. You're able to potentially provide self-service portals, so that employees have the ability to download enterprise mobile applications onto that device.

You have the ability to very simply load onto those devices agents that can automatically query devices and make sure that they're configured to meet your security requirements.

There are technologies available to do mobile device management and provide that level of oversight, so that you can inventory devices. You can have a level of knowledge and management over configuration and software applications. And you do have the ability to control, at some level, the security settings on those devices. A mobile device management platform needs to do those functions for the IT support organization across mobile operating systems.

Gardner: I should imagine, Jonathan, that an organization that’s had experience with managing laptops and full clients, as well as thin clients and zero clients, would have a leg up on moving into mobile device management. Is that the case?

Sander: To Jane’s point, they should have policies in place that are going to apply here, so that in that sense they have a leg up. They definitely need the technology in place to deliver on it, and that’s on the device layer.

On the application layer, the data layer, the place where all the intellectual property (IP) for an organization sits in most cases, those layers should be -- the word "should" is tricky -- pretty well secured already. The idea is that they have already been on there on laptops, trying to get in from the outside, for a while and there should be some level of lock-down there.

Layered defense

If you have a healthy layered defense in place so that you can get the access to people outside of your walls, then your mobile access people coming in with their own devices, in a lot of cases, are just going to look like a new client on that web application.

The trick comes when you have organizations that want to take it to the next level and supply some sort of experience that is different on the mobile device. That might mean the paranoid version, where I want to make sure that the user on the mobile device has a lot less access, and I want that to be governed by the fact that they are on the mobile device. I need to take that into account. But there is also the very proactive view that you don’t have to be paranoid about it, and you can embrace it.

I worked with a large energy company that decided to embrace these devices. They decided that if they're going to use them well, they might as well squeeze some more productivity out of them. They were going to roll out apps that specifically deliver their data, but the challenge they faced then was that they then had to make sure the data were secure in those channels too.

So they had to be very specific about that, and that involved new areas of policy but also having the technology be smart enough to answer those challenges, as well, because being proactive like that means taking on some new security context, and it’s a new risk.

Gardner: Jane, I have also heard that you need to think about networks in a different way. With some relevance to the past, network containment has been something organizations have done for remote branches. They've used VPNs with the end devices, fat clients, if you will. How does network containment mature for BYOD support?

The good news is that IT departments have a lot of experience with managing networks and managing their network securely.

Wasson: The good news is that IT departments have a lot of experience with managing networks and managing their network securely. What’s different here is that now you have a mobile device that is the conduit coming into the network. Whereas in the past, folks had been using primarily laptop VPN clients, that paradigm changes a little for the mobile world. Mobile users like the convenience and the ease of being able to use mobile applications.

The challenge for IT departments is how to create a simple user experience for mobile device to access the back-end network and how to make sure that for the mobile user not only is it simple and easy, but they are authenticating to that network for security.

Also because with that mobile user it’s a personal device and they control what mobile service they are using, IT groups need to care a lot about the networks from which the user is accessing the corporate environment.

For example, you want to make sure that you're using an encrypted SSL VPN connection to go back into your corporate data centers. It needs to not only be encrypted as SSL VPN, but you also want to make sure that it's a very easy and simple experience for your mobile user.

What IT groups need to be looking for is that very simple mobile worker experience that allows you to very quickly authenticate onto the network and establish encrypted SSL VPN into the networks, so that you don't have to worry about interception on a wi-fi network or interception on a mobile service network in a public place.

Access control

The need for network access control, so that once you know that users are coming in securely, once you know they are authenticated onto the network, you can easily enable them to access the correct enterprise applications and resources that they should have privileges for.

The challenge there for IT is that you want to make sure that it’s easy for IT to provision. You want a technology that recognizes that you have mobile users coming and allows you to very easily provision those users with the privileges you want them to have on your network and make sure that they are coming in over secure networks. There are lots of implications for networks, there but there are solutions to help address that.

Gardner: Now, another way to skin this cat, I suppose, and which also makes it different with mobile devices is there is not just an on-off switch in terms of access. If you want to make security adjust to the modern environment, you need to start having a granular approach. Jonathan, how does access control over your assets and resources -- not a complete black-and-white or on-and-off -- but at a more graduated or a granular level, help with BYOD and security?

Sander: It goes back to that idea of trying to be either both paranoid or proactive about the whole BYOD sphere. When you're trying to figure out what data you want people to have access to, you're not just going to take into account some rigid set of rules based on who they are.

Context is king in a lot of cases these days, when you are trying to figure out a good approach to security.

At least most organizations are not going to do that, partially because coming up with those rules itself can be challenging, but also because a lot of times what counts most to these people are not the roles and the rules but rather context.

Context is king in a lot of cases these days, when you are trying to figure out a good approach to security. What better context to be aware of then one person sitting at a desk behind all of corporate protection accessing a system versus the same person on their tablet in a Starbucks.

These are clearly two different risk categories. If they want to get access to the same data, then you're probably going to do slightly different things to have things happen. At that Starbucks, like Jane said, you're going to have to make sure you have a very secure channel to communicate on. And you might want to ask them to do extra layers of authentication or perhaps go through an extra step of approval. Or maybe somebody on the inside needs to confirm that this person should have access to that data on the outside.

What that’s going to mean, Dana, is that you are going to have lots of different layers of security but they all need to be very well connected to one another. They need to be able to share data, share that context, and in that sharing, be able to create the right circumstance to have a secure access to whatever data is going to make the efficiency for that person be maximized. Maybe they're in the Starbucks because they are on a road trip that is incredibly important to meeting the top-line goals for your company.

It may not just be a convenience. It often sounds, when you talk about these BYOD and mobile questions, as if we're enabling somebody to be lazy. All I can say is that when I find myself on business trips, working at Starbucks is not lazy. It’s a necessity.

Not a luxury

It’s not exactly comfortable sitting there and trying to work around noise, traffic, and everything else. Typically, I'm not doing it as a luxury and I don’t think anybody else that does it is doing it that way either, in most cases. So, finding ways to enable that is a big deal.

Gardner: We could spend a whole other hour talking about the productivity benefits that come when BYOD is done correctly, but in listening to you both it occurs to me that there are positive, unintended consequences here. When you do go mobile first, with your network containment activities, with your connected security around access control, and when you've elevated management to mobile device management, you're probably an organization with better policies and with better means or security in total.

Am I off-base here, or is there a more robust level within an IT organization when they embrace BYOD in mobile and mobile first becomes really a just better way of doing IT?

Wasson: The key thing here is that end users are moving to mobile. Workers are moving to mobile because they like the speed and ease of use of the mobile environment.

IT organizations that embrace that are going to be ahead of the game of being able to secure those networks.

IT organizations that embrace that are going to be ahead of the game of being able to secure those networks, relative to organizations that don't embrace it and have mobile workers end-gaming them by using apps that are more likely to introduce malware onto the networks.

IT support organizations that provide that easy, secure access into enterprise, not just the calendar and email apps, but into the enterprise apps and resources, are more likely to have happy end users that are using secure technologies, as opposed to end-gaming IT and using technologies that introduce more risk into IT environment.

Sander: I agree that the worst consequence of not doing the mobile first is that you're going to have people end-gaming IT. You're going to have shadow IT spring up in lines of business. You're going to have smart end users simply figuring it out for themselves. Believe me, if you don’t proactively lock it down, there are lots of ways to get it as mobile devices. Those companies that do think mobile first are the ones that are going to innovate their way out of those problems.

They're the ones who are going to have the right mentality at the outset, where they formulate policy with that in mind and where they adopt technology with that in mind. You can see that happening today.

I see companies that have taken advantage of a mobile platform and tried to make sure that it is going to boost productivity. But the very first thing that happens, when they do that, is they get a huge push back from security, from the risk people, and sometimes even from executive-level folks, who are a little more conservative in a lot of cases, and tend to think in terms of the impact first. Because they want to push into that mobility mindset, that pushback forces them to think their way through all the security impacts and get over those hurdles to get what they really want.

The idea is that, if you do it well, doing good security for mobility and BYOD on the first try, getting that good security, becomes an enabler as more waves of it hit you, because you've already got it figured out. When the next line of business shows up and wants to do it seriously, you've got a good pattern there which completely discourages all of that shadow IT and other nonsense, because if you can give them good answers, and they want them.

Be an enabler

They don’t want to figure out ways around you. They want you to be an enabler. I was reading recently how security has to go from being the "department of no" to the "department of how," because a lot of times, that’s really what it boils down to. If you're simply going to say no, they're going to figure out a way around you. If you tell them how to do it in a secure fashion, they'll do that. That’s why they're asking in the first place. They want you to enable them.

Gardner: Maybe we should move beyond theory and vision into some practicality. Do we have any examples or anecdotes of organizations that have taken this plunge, embraced BYOD, perhaps with some mobile first mentality thrown in, and what are the results? What did they get?

Wasson: One potential example of this is educational institutions. Educational institutions are probably some of the earlier adopters for using mobile platforms to access their back-end systems, and yet educational institutions also are very often required by law not to make inappropriate sites and things available to students.

We've seen educational institutions deploying mobile device management platforms, and in this case our KACE K3000 Mobile Management platform with our mobile security solutions, such as our Mobile Connect application on devices, and Secure Remote appliances, enabling secure SSL VPN connection. What we're seeing is that the IT organizations have the level of control over those devices that they need.

They can still give the freedom to the end user to choose those devices, yet they have the ability to manage those devices, manage security settings on those devices, authenticate those devices before they connect to the educational institution data centers, and automatically establish encrypted secure SSL VPN.

They can still give the freedom to the end user to choose those devices, yet they have the ability to manage those devices.

They're able to query the traffic to make sure that traffic isn’t coming from or going to inappropriate sites and making sure that there's no malware on the network. And they're able to gain control and security of the mobile students, while still enabling those students to use their personal devices and the tools of their choice.

Gardner: Jonathan, any other examples from your perspective on when you do this well, how it can work?

Sander: The first one that comes to mind is a healthcare system we were working with. They were in a unique position in that they actually had a high percentage of doctor ownership. What I mean by that is that a lot of people who had an executive stake in the healthcare system were themselves doctors.

The doctors clearly wanted to use mobile devices as much as possible. They wanted to enable themselves to work on the run. They were running between hospitals. They were doing lots of different things where it's not a luxury to be on the tablet, but more of a necessity. So they challenged their IT folks to enable that.

Just as with this situation in other places, the first push back was from security. We worked with them, and the results were very similar to what Jane describes from a technology standpoint. Dell was able to supply them with mobile-device management and network controls. They had a really good single sign-on platform as well. So the doctors weren’t constantly logging in again and again and again, even though they switched context and switched devices.

Productivity gain

What they gained from that was a huge amount of productivity from the doctors. In this case, coincidentally, they gained big in the executive team’s eyes for IT, because as I mentioned, a lot of them happened to be doctors. That was a good feedback loop. As they made that constituency very happy, that also fed directly into their executive team.

In this particular case they got a double benefit, not just happy users, but happy executives. I guess it’s one of those, "I'm not just a president, but also user" type of things, where they were able to benefit twice from the same work.

Gardner: I don't think we can, in any way, expect this BYOD trend to be a flash in the pan. I think it’s going to be here for quite some time, here to stay really.

But as we look to the future, are there some developments that we should expect that would reward organizations for being proactive with the way they go at BYOD, more from a systemic and strategic and well thought-out approach rather than knee-jerk or reactive?

As smartphones have become more prevalent in the marketplace, increasingly hackers and cyber terrorists are recognizing that that’s a great new platform to go after.

I'm thinking about security and malware, whether that might be something that’s going to change in anyway? Any thoughts Jane on where the security equation might shift in the future?

Wasson: Today much of the malware is targeting PCs and laptops, but now, as smartphones have become more prevalent in the marketplace, increasingly hackers and cyber terrorists are recognizing that that’s a great new platform to go after.

We're seeing an increase development of malware to go after mobile devices as a conduit to get into back-end networks. We should absolutely expect that that’s going to continue. We're seeing a trend towards more targeted attacks. As technologies to protect are developed, it’s going to be very important to find those technologies that specifically protect from targeted attacks.

The thing that’s becoming increasingly important is to make sure that your security technologies aren't just looking at the reputation of who is trying to get into the network and protocols, but is actually looking at the actual traffic packets themselves. It's important to be able to identify those targeted attacks, advanced persistent threats, or malware that’s hidden within your traffic, because in the network at large, the presence of malware is only growing.

For mobile platforms, historically it wasn’t as big a problem. Now that we see more of them out there, they're becoming a more important target. So it’s very important for IT support organizations to get ahead of this.

They need to recognize that where they had previously focused mostly on what’s happening with PC laptop traffic, they really need to focus a lot more on making sure that they have good strategies and good policies in place also to address that mobile traffic.

Broadening reach

Gardner: We've been talking, of course, about how BYOD impacts employees and users within the enterprise. I suppose we should also broaden this out to consider that mobile commerce is going to impact supply chain, partners, and end users. Consumers will be going through mobile applications increasingly to do business with various organizations.

This, again, goes beyond just the device for the employee to the devices for all the points that connect enterprises and customers. Any thoughts on how that might evolve in the future, Jonathan?

Sander: Most everything we've talked about has been taking patterns and scripts that people are pretty familiar with from an IT security standpoint, changing a couple of the players, and running them the way that they have. It’s either your applications, as you have had them, and you are going to run the security play with mobile device as the endpoint, and you try to figure that out.

But there are also trends where we have our user base and now we are going to move our applications out into the cloud. How do we do that? One of the things that we can look to for the future of BYOD is that we need to figure out what does it mean to have BYOD devices, cloud-based applications, and almost no touch points for us to get in there.

A lot of organizations, thankfully for them, are not there yet, but they really need to be thinking about that.

All of the patterns that we are used to, all of the scripts that we follow from a security standpoint, assume at least half the conversation is a heavy touch point for us. We're going to have the ability to get in there and put the shim in, or do whatever it is that’s necessary to understand it. But if that lies mostly outside of our hands, what does that mean? How do I really get a handle on that? A lot of organizations, thankfully for them, are not there yet, but they really need to be thinking about that.

We talk about thinking mobile first. People who are thinking mobile first with their end-user community, when they are in their private planning meetings trying to figure out the next phase, need to figure out what this looks like, whether it’s a world that has IT almost completely out of the equation, but still somehow responsible for it.

Gardner: I suppose we should be thinking about mobile and cloud first from now on.

Sander: That’s where it’s going to go.

Gardner: We're running close to our time, but let’s get a little bit more on Dell’s vision, given this future track, what we're seeing in the current landscape for BYOD, and the acquisitions and the strategic move from Dell Software. Let’s hear what you have in mind in terms of how one should go about, as an IT organization, getting a better handle on this. Let’s start with you, Jonathan.

Sander: Our overall vision for security and we would definitely apply this to the BYOD sphere as well, is approaching it from a connected viewpoint. The word "connected" has a very specific context here.

You often hear talk from Dell and others about converged solutions, where essentially you bring a whole bunch of technologies into one solution, usually a box of some kind, and you deliver it as such.

Moving parts

Security is never going to look like that. Security is always going to have a lot of different moving parts, and that’s because essentially security needs to map itself to the needs of the infrastructure that you've built. That’s going to be dictated by organic growth, mergers and acquisitions, and everything in between.

We think about it as being a connected set of solutions. The focus of that is to make sure that we can deliver on all these different points that are necessary to build up the right context and the right controls, to make security meaningful in a context like BYOD, but not do it in a way that makes too many demands of the infrastructure. The way you get benefit from that is by having these connected pieces attached at the right points. You then get both the protection of going inside-out and outside-in.

Inside-out is the way you normally think about security in a lot of cases, where you build the controls for the things you are in charge of. You make sure that, as they go out into the world, they're heavily secured using all the themes you have at your disposal.

Security is always going to have a lot of different moving parts, and that’s because essentially security needs to map itself to the needs of the infrastructure that you've built.

Outside-in is the traditional bad guys trying to get into your little world scenario. We want to make sure that the connected security solutions that we deliver can do both of these things, not only protect you from any insider threats and all of the things that can crop up from the way you build your technology that you are going to use to propel the business, but also protect you from the threats from the outside as well.

Gardner: Last word to you, Jane. What would you add to what Jonathan said in terms of Dell Software’s vision for making BYOD secure?

Wasson: The good news is that our vision basically supports IT in helping to enable the mobile worker to get that simple, secure, fast access to enterprise apps and resources. The way that we are doing this is by providing mobile-friendly technologies, IT friendly technologies, that give both the ease of use and simplicity that mobile users need.

For example, our Mobile Connect App acts both as a VPN client and also a policy-enforced network access control app client, so that you have that simple one click access into the corporate data center that is secured by encrypted SSL VPN, with our Secure Remote Access appliances.

You also have the support for IT to reduce complexity, because we make it very easy to create those policies, automatically enforce those policies, and implement network access control and security throughout the network.

Gardner: Well, great. I'm afraid we'll have to leave it there. You've been listening to a sponsored BriefingsDirect podcast discussion on bringing clarity to BYOD support, management, and security. And we have seen how IT departments are grasping for any proven or standardized approach that makes BYOD access of resources secure and reliable.

And we've learned how Dell Software is helping to bring standardized and flexible approaches to making BYOD and perhaps mobile first a positive new force to enterprise productivity.

So thanks to our guests for joining. We've been here with Jonathan Sander, the Director of IAM Product Strategy at Dell Software. Thanks so much, Jonathan.

Sander: Thank you, Dana.

Gardner: And thank you also to Jane Wasson, the Senior Product Marketing Manager for Mobile Security at Dell Software. Thanks, Jane.

Wasson: Thanks, Dana.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to our audience for joining us, and don’t forget to come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Dell Software

Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force for enterprise productivity. Copyright Interarbor Solutions, LLC, 2005-2013. All rights reserved.

You may also be interested in:

• Dell updates virtualization suite, makes VMware support a priority
• Want a Data-Driven Culture? Start Sorting Out the BI and Big Data Myths Now
• Data complexity forces need for agnostic tool chain approach for information management, says Dell Software executive
• Dell's Foglight for Virtualization update extends visibility and management control across more infrastructure
• For Dell's Quest Software, BYOD Puts Users First and with IT's Blessing
• Dell survey highlights importance of putting users before devices when developing BYOD strategies
• New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments