What we now know of as enterprise mobility management (EMM) had its big-bang moment after Apple announced the first generation of its mobile device management (MDM) platform alongside the iPhone 4 and iOS 4 in June 2010. Within two years there were dozens of companies — both startups and established vendors — with MDM offerings.
Most of those companies focused on a single piece of the EMM equation. For some, it was delivering the MDM capabilities that Apple opened for developers. Others focused on vetting, installing, and managing apps on devices. Still others concentrated on content security and management. Then there were companies creating “secure” replacements for the preinstalled stock apps on iOS and Android or bringing key business tools to mobile, most commonly suites designed to offer a mobile equivalent of Microsoft Office.
Back then, you would typically select multiple companies to build an MDM strategy. Sometimes these companies had partnership agreements, but often it was like ordering tapas: a little of this, a little of that. This part of the challenge, selecting products to hit each of your requirements, was cumbersome, but not as cumbersome as integrating the selected products with your existing IT operations stack.
Today, the picture’s a bit different. Over the past decade, the EMM market has contracted and consolidated into a handful of companies, mostly through mergers and acquisitions. Typical IT stack vendors have developed or bought an EMM platform that is a component of that stack. You may not even need to shop around because you’re already a dedicated Microsoft or Cisco or VMware or Citrix shop, and each of those companies offers an integrated EMM component.
Not all those EMM components are equal, though. They may differ in feature sets, how they integrate with specific tools or workflows, the particulars of the management consoles, or the resulting customer experience. Or it may just be each company’s spin on how EMM gets implemented and managed day to day.
The path of least resistance (and cost) is usually to stick with the vendor whose stack forms your core infrastructure. You have to ask, though: Is that the best path for your organization?
The myth of the single pane of glass
When it comes to managing IT infrastructure, the recurring refrain is “single pane of glass” — meaning a single management console that can be used to manage the network, cloud services, security, on-premises servers, user accounts and groups, and devices that range from IoT through phones to PCs.
Using a single console has its obvious pros. There’s less of a learning curve, and it’s easier to get comfortable with a single console. You can drill down to key data points more easily and become a power user much quicker than you would if you were constantly switching between multiple consoles for different products. This is particularly true if the management capabilities overlap, even if the capabilities don’t align or integrate fully.
The problem is that achieving total-organization management with a single product isn’t possible in today’s world. In fact, many enterprise solutions require multiple console interfaces even if they come packed together.
A good example is Microsoft Endpoint Manager, which bundles several IT administrative tools into one package. One element, called Endpoint Configuration Manager (formerly System Center Configuration Manager and Systems Management Server), can manage PCs, Active Directory and several other traditional aspects of enterprise computing. But there’s a separate interface for Intune, a web-based console for managing mobile device policies that can cover PCs running Windows 8 and higher, along with several other types of endpoints, and that manages interaction with Microsoft 365 services. Although there’s a lot of overlap, particularly when it comes to the basic technical constructs, the two interfaces are very different, and even a seasoned Endpoint Configuration Manager admin is going to struggle with Intune at first.
Even if a single pane of glass did exist, it would suffer from extreme bloat, and for its separate components to perform optimally, they would eventually need to become specialized to an extent that they wind up feeling and performing like separate, distinct tools.
A single console would also hamper innovation, in two ways. First, that single pane of glass crams everything into an existing interface in ways that likely result in less efficient and less contextually sensitive workflows. Second, the quest for consistency would require homogenization, and that would lead to missed opportunities for the improvements that can be achieved in separate tools, particularly if those tools come from multiple, competing vendors.
I’m not saying that using standardization to increase efficiency and productivity is bad — it does make life easier for many admins. But it has its limitations, and those limitations can lead to organizations passing up innovative technologies that a broader view of options often offers.
Best of breed isn’t always best
On the opposite end of the spectrum is the best-of-breed mentality. This viewpoint doesn’t look at the management interface as determining the value of a tool or see loyalty to a single vendor as an ideal. Instead, it sees greater potential for value in looking at each piece of enterprise infrastructure as a distinct, often independent, construct.
An example might be relying on Azure Active Directory for user and account management but choosing Slack over Teams, VMware for server management, Citrix for remote desktops, Jamf for Apple device management, Group Policies for PC management, Knox Manage for Android devices from Samsung, and MobileIron (now Ivanti) for managing the remaining Android devices.
Each of those solutions might be the best option on the market for its particular niche, but it has three distinct disadvantages: You lose out on the deep integration between multiple products in a full-stack offering, you’re going to spend more money because you won’t be able to consolidate licensing, and you’re going to need staff skilled in each of the components.
Like the single pane of glass, best of breed isn’t a bad idea. You can gain immense functionality and opportunities for innovation by considering the full range of solutions available to you, and that shouldn’t be discounted.
A happy medium
The answer to which approach works best is usually neither — or both. That means finding a happy medium. It means identifying the value that there is to be had from sticking with a single provider (or a small group of them). At the same time, it means identifying key features or functions of the broader group of vendors and determining whether there are capabilities that one or more of them offer that your primary vendors don’t. This can also mean that a particular functionality is implemented in a way that may deliver more efficiency or value.
Although the decision may come down to one or two specific features that you want or need to implement, you still must consider a range of factors that will come into play in your decision-making process. These include obvious factors such as cost but also some less obvious ones such as time to implement, ease of integration, learning curve (for admins, engineers, and support staff), the possible level of vendor involvement in getting things up and running, and the various SLAs that vendors will offer — both during and after implementation.
Additionally, you’ll need to identify an implementation process. Can things be rolled out with minimal changes to existing processes and services? Will there be a cutoff date for using existing tools? Will you stick to the features that prompted you to pick a new product, or will you be open to considering additional tools from the new vendor?
It’s also important to consider the reputation and experience of each new vendor. Does the vendor have experience in your field? With integrating with your standard mix of solutions? How comfortable do you feel with the vendor taking over such a crucial piece of your infrastructure? What follow-up does it offer once things are up and running?
Is that feature really unique?
If it comes down to one capability (or even a few capabilities) that makes a new vendor tempting, it can be useful to inform your current vendor that you’re exploring an alternative. This gives the vendor a chance to understand your needs better. It may be able to let you know that the capability that’s attracting you is in its pipeline for a near future update, or it may offer to sweeten your deal.
Expanding your understanding of mobility
One thing you shouldn’t neglect to investigate is the EMM capabilities delivered by the mobile platforms themselves — iOS, Android and, to some extent, Samsung’s Knox. Apple and Google provide sets of frameworks that any EMM vendor can plug into. You should consider this as the baseline when comparing vendors so you can spot when they are marketing these built-in features as something unique to their tool when it really isn’t (although the exact implementation of these standard features does vary).
Another question to keep in mind is whether you’re replacing existing EMM functions with a new provider or implementing (or expanding) EMM for the first time. Although EMM products function similarly, it isn’t always easy to swap out one for another. In other words, jumping to a new option is likely to require testing and planning before deployment. This is particularly true if you have a large number of existing policies and user/group assignments.
Growing either way
Whether you opt to stick close to your overall IT stack or to build out your infrastructure with a new provider, you’ll want to have a clear picture of your near- and long-term goals for mobility. Because of the pandemic, you’ve probably given some thought already to how and where people will work and how things will operate as businesses return to in-person or hybrid work models.
But knowing what your goals are, where the enterprise mobility industry is headed, and the workplace model that your organization will be adopting should be part of your consideration about whether to take a tried-and-true approach or to move into uncharted territory.