You have no doubt heard the term “Mobile First” used liberally these days. Clearly, enterprise adoption of smartphones and tablets has exploded lately (and, continues to grow). But, what does it mean and how does it affect your Endpoint Management strategy? The modern Mobile platforms have adopted a fundamentally different architecture compared to Windows OS of the past (XP,7 - we will call this "old Windows"). Along with iOS and Android, Microsoft also moved to a similar OS model, initially with Windows Phone, and going forward with a unified Win 10 platform.
The key differences between old Windows and these new platforms are:
1. Application isolation
Apps are isolated from each other in all three mobile platforms. (There are some differences, Android is bit more open, but largely this applies to all mobile platforms). Interactions with other apps are limited & managed by the OS. There is no registry, DLL conflicts, or other app issues to contend with. Data & settings is also independently managed by each app.
2. Standardized APIs for management
Management in the Windows desktop world involved interacting with almost the entire OS stack including - Bios, drivers, OS patches, Registry, Filesystem etc. All three modern mobile platforms have clearly defined management APIs that expose specific functionality. Things such as low level drivers and OS patches are off limits.
The security mitigation in the desktop world was primarily via signature based A/V, later supplanted by firewall, IPS, reputation & behavior based techniques. These are not applicable in the new mobile OS world (Note: there are mobile A/V products for Android). However, mobile brings about other potential threat variables into play (Examples - location, DLP, privacy). For now we will focus on #1 and #2. Mobile security will be topic of discussion for another time.
These standardized APIs resulted in an explosion of MDM vendors, to help manage the flood of mobile devices into the enterprise. (The sector has since consolidated and MDM has morphed into broader Enterprise Mobility Management or EMM). Now, with Windows 10, which is right around the corner, Microsoft is further unifying the entire Windows OS family. Along with universal apps & single app store, Win 10 will also unify the management APIs for phones & tablets/laptops/convertibles. This means Win 10 will be “smartphone like”, from a management perspective.
Does this mean the new management model will take over old Windows as well? Can enterprises rely on a single “Mobile first” solution to manage the entire universe of end-points? Well, not so fast! Yes, certain aspects of endpoint management will change, but old Windows is not going anywhere. The big elephant in the room? Win 32 apps. Even if enterprises adopt Win 10 quickly, these Win 32 apps will continue to exist for a long time. I have seen organizations with hundreds, even thousands of custom
built, business-critical Win 32 apps. Some of these apps are extremely complex and have been in use for years. Re-writing these into “native mobile apps” or universal windows 10 apps in short order, is not feasible for majority of organizations. While new mobile devices & native apps make their way into the organization, IT will have to continue managing the world of Win 32 apps. IT will still have to tackle thorny issues of old Windows such as “image management”.
“Mobile First” does not mean “Mobile Only”! It is about optimizing the user experience based on the device size, type and context. It is also about leveraging the unique capabilities of each platform to best meet business needs. So, amidst the din of “Mobile First”, wearables and iOT, old Windows cannot be ignored. IT should continue to leverage innovations that are being made to make the old Windows management better. These investments will have a long shelf life. For example: there has been tremendous improvement in the last few years to “de-layer” Windows. ie. essentially make old Windows “mobile-like”. This will greatly simplify management and provide immediate dividends. Recent licensing changes and continuous storage innovations have made VDI and Desktops-As-A-Service (DaaS) more attractive, both from cost and usability perspectives. Complimentary solutions such as User Environment Management have also matured considerably. There are now more tools in the toolbox for IT leaders to address old Windows problems. At some point, there will be greater convergence of endpoints. But, for now, large organizations will have to run two different management solutions – one to address the fast evolving mobile/iOT needs and the other for old Windows.