The mobility space has seen dramatic change in the last few years.Imagine, a year and a half ago the iPad didn’t exist. Last year saw the explosion of apps, and this year we’re seeing businesses really get serious about mobile. With the bring your own device trend well underway, lots of organizations are using mobile to transform their business.
With that opportunity comes risk. The last decade has seen the security and IT world invest billions to get secure and compliant, but with mobile on the scene, all the security and compliance holes we spent the last decade fixing are opened back up. Three use cases we address at Zenprise are around mobile devices connecting to corporate over insecure networks, users exposing the organization to malicious or non-compliant apps by downloading those apps on the devices they use for work and play; and employees accessing confidential data from their mobile devices.
Before we talk to you about our product and our areas of differentiation…it helps to get some context. It’s one thing for us to say that we’re unique and a leader. But it’s another when Gartner says so. In its Critical Capabilities report, Gartner ranked Zenprise number one and in the most recent Magic Quadrant, Zenprise is positioned as a Leader. Forrester has also given us a perfect score across the board for both our on-premise and cloud solutions.And we have more than a thousand customers who run their mobile enterprises on Zenprise.
We have three primary offerings: on premise and cloud-based mobile device management solutions and a host of support and services offerings to help you with your mobile goals.
As a baseline, your MDM solution should support your organization’s mobile devices over their lifecycle. This includes: Configuring devices and setting policies.Provisioning devices by having users self-service enroll, providing an enterprise app store, and delivering policies and apps over the air.Securing devices by configuring native security settings, blacklisting and whitelisting apps, locking apps, and securing data; Providing helpdesk functions, remote support, and troubleshooting; Monitoring and reporting on device, service, infrastructure, security, and compliance; and Decommissioning devices upon employee departure
Beyond basic device lifecycle management, we have a number of additional unique capabilities. Before we go into them, it would be helpful to know what areas are important to you. One of the ways we like to think about our customers’ requirements is by understanding where they are on their mobile adoption journey. We use this Mobile Maturity Model as a guide.CLICK. Some organizations are allowing mobile devices on the network, but managing them in an ad hoc way. We call this UNMANAGED.CLICK. Others are concerned about just getting user-owned devices under management and doing basic blocking and tackling like lock and wipe. This is the MANAGED category.CLICK. Beyond that, some of our BYOD customers also have security requirements they need to think about. Maybe they’re in a highly regulated industry or handle sensitive data. This is the ADVANCED category.CLICK. Finally, we have customers who are going beyond BYOD and rolling out mobile strategies because they are trying to do things differently in their business. Like retailers distributing iPads to salespeople and logistics companies arming workers in a distribution center with ruggedized Androids so they can make better consumer goods picking, packing, loading, and distribution decisions.[DISCOVERY ABOUT WHICH FIVE POINTS MATTERS MOST – SIMPLE TO MANAGE, CUSTOMER SUPPORT/SERVICES, END-TO-END SECURITY/COMPLIANCE, ENTERPRISE-GRADE ARCHITECTURE, or MOBILE BUSINESS OPTIMIZATION]Now that we have an understanding of where you are and the capabilities your organization cares about, I’d like to talk about some of Zenprise’s capabilities and focus on the areas of interest for you.
Using our Mobile Maturity Model as a framework to talk about Zenprise differentiation, a basic requirement for MANAGED is ease of use. A lot of MDM vendors say they’re easy to use, but the devil is in the details…Whether on-premise or in the cloud, Zenprise is so simple that even your boss can manage it!CLICK.Zenprise has a simple, wizard-based deployment. We mix-and-match and re-use components that are visually grouped by device type, deploying “packages” to devices. We also integrate with LDAP directly, so users can be part one or multiple groups, like “Executive”, “Sales”, and “East Coast”. That way, if they need to get their sales apps, their executive policies, and the Wi-Fi configuration for East Coast, they can get all those things in one fell swoop. This is unlike some of our competitors who have one-to-one user-group mappings or who don’t group components by supported device type. This means the admin has to create packages for every component or user-group combination, or manually check to make sure that all of the policies got deployed to the proper devices, which are time-consuming and error-prone.CLICK.Beyond mixing-and-matching components and user groups, making changes is easy. If you change a policy, that change will automatically propagate where it needs to. This is unlike some of our competitors whose components are static once they’re packaged up. So if the admin reuses the same passcode policy in five packages and then makes a change to that passcode policy, he has to go in and manually change it in all five places. Doing it this way…it’s almost impossible to not make mistakes.CLICK.Because our LDAP integration is direct and real-time, personnel changes are automatically reflected in our system. This is mandatory if you have any policies that are based on roles. Some of our competitors are either not integrated with LDAP for groups or not integrated in real-time with LDAP; so admins have to go in and manually keep all personnel changes up to date, and the chances of being out of compliance are far higher. As one of our customers in the electric supply business, Codale, put it: “With Zenprise, I can just ‘set it and forget it’.”
Not only are we simple to manage, but we’re simple and transparentfor users, which means fewer support calls to IT support. Some of our competitors require, for example, the user to have a GMAIL account to register an Android device, which creates a huge headache for IT at enrollment time, and others burden users with things like agreeing to having location services turned on on the device so they can monitor device status like whether the device is jailbroken. But that’s really a burden for users who have to deal with the battery drain of location services just so they can enroll in their company’s BYOD program.As one of our Phoenix-based Transportation customers put it, “users don’t even know it’s there”.
A basic requirement of all of our customers, no matter where they are in their mobile adoption, is great services, support, and training. Our competitors talk about their support offerings, but make sure you push on them to make sure you’re getting the same level of commitment.We’ve made customer success our number one priority. Only Zenprise offers global, 24x7x365 support across all time zones, and with support in key local languages: English, Spanish, German, French, Russian, Mandarin, Hindi, Filipino, Portuguese, Japanese.Our customer success professionals are top-notch in their field, with an average of a technical bachelor of science degree and 10 years of experience.We’ve also shown commitment with lots of product communications choices, clear SLAs, a social presence, and by simply prioritizing the hiring of really talented support folks.
Again going back to our Mobile Maturity Model, as we move from basic requirements into the more advanced territory of tighter security requirements or regulation, we help there too.Most of our competitors’ security story is around configuring thesecurity on the device, and it kind of stops there. This is necessary but not sufficient. Zenprise’s capabilities extend beyond the device to apps, the network, and data. A testimonial to this is that one of our medical device customers in the Southwest chose us because some of their users had mobile access to an application that contained some patient data that they needed to protect and they knew we had their back with our application and network security.Our competitors talk about being secure, but again, the devil is in the details. Do they have “always on” device compliance, and security beyond the device – at the app, network, and data layers?Beyond configuring security on the device, we have what we call “always on” device compliance, which includes a pre-deployment compliance check, policy enforcement at the gateway, and the ability to differentiate between individually-liable and corporate-liable devices. This is unlike some of our competitors who can’t check device compliance, so non-compliant or even malware-infected devices can get enrolled onto and infect the network before the first policy is even deployed. Also, some don’t block on really basic things like blacklisted apps. Finally, some allow users to decline location services or even remove a profile from their device, which means that a single infected device can put the whole corporate network at risk. “Always on” device compliance is something we uniquely deliver.Beyond some basic things like application blacklisting, whitelisting, and restricting apps or resources like iTunes or the Android Market (yes, we do it on Android too!), we have some really unique app security for Android and Windows Mobile, including app lock and kill, and something we call Mobile App Tunnels. Mobile App Tunnels are like VPNs but for an individual app, and encrypt and compress the app connection and data. One of our customers – a national railway in Europe – uses Mobile App Tunnels not just for security but also for transaction reliability. Mobile App Tunnels and this level of application security is absolutely unique to Zenprise – only we provide it.On network security, let’s face it: your users are going to log in from insecure places. So we protect you by letting you either restrict access in certain circumstances or by helping you provision VPNs or Mobile App Tunnels. Something we do that our competitors don’t is provide Mobile Security Intelligence, or information about what mobile users are doing on your network. We integrate that data with your SIEM, so you can see things like mobile compliance violations and insider threats as part of your overall security visibility. Mobile Security Intelligence is absolutely unique to Zenprise – only we provide it.Finally, we protect data at rest, in use, and in motion. Our mobile DLP feature is kind of like Dropbox for mobile, but with enterprise controls. We let you securely distribute sensitive files to a secure doc container, synchronizefile changes across all users for version control, and let you block users from doing things like printing, saving, and emailing from the device. We integrate with content repositories starting with SharePoint. Mobile DLP is absolutely unique to Zenprise – only we provide it.Some of these features are basic, some advanced. But together they make for a pretty comprehensive and differentiated security and compliance story.
Also in the more ADVANCED category is architecture. Given how important mobile access is, architecture can make or break you. CLICK. We pass muster with your security architects. Unlike some of our appliance based competitors, we don’t hold your data hostage in the DMZ. We also don’t require that you synch or store LDAP data in the DMZ like our competitors do. Finally, the way we’re built doesn’t require you to open a bunch of ports to make the solution work. Some of the appliance based solutions would have you open 3x the number of ports we do. And because we meet security best practices, it’s just a lot easier and more straightforward to get buy-in on the deployment plan from your security and network counterparts.CLICK. Any business-critical mobile environment needs to be highly available. We support active-active clustering at all tiers so there are no points of failure. It’s industry-standard, straightforward, and clearly documented, so there’s no mystery. Some of our competitors say they are highly available, but make you call customer support for any information on how to configure it, and some do it through a series of steps that involve virtual machine snapshots, which is either a manual process or requires you to run scripts to make failover and failback work. Those just don’t scale – when you go down, you need your HA to just work. We also have a scale-out architecture with load balancing built in, so we can scale as your deployment grows.We also don’t require changes to your mail environment. Some of our competitors do, and we’ve learned that this has caused grief for IT because simple things like an upgrade or even a patch can cause downtime for Exchange, your MDM, or both until they can give you a patch to fix the problem.
Our customers have the option of taking advantage of our cloud deployment as well. We run on SAS70 Type II and FISMA Moderate compliant and Federal Cloud Certified infrastructure…CLICK. …that’s highly available, scalable, and globally redundant with four datacenters around the world. CLICK. It’s a truly cloud, multi-tenant solution, but with separate database instances for each of our customers so that their data won’t be co-mingled. This is unlike some of our cloud competitors who do co-mingle customer data in the cloud, and whose customers have experienced data loss, exposure, or corruption. This is also unlike some of our cloud competitors who do not offer secure access to the corporate backend such as LDAP, PKI, Exchange ActiveSync, and even the BES environment.
It’s one thing to make a theoretical argument about how our architecture is secure, available, and scalable, but we’ve proven ourselves in large, production deployments with some of the most demanding enterprises and government organizations.
As you plan for BYOD and beyond, consider some of our customers and their stories, from arming healthcare field personnel around the world with secure access to their apps while also making sure they’re compliant with local employee privacy laws.Or this large European logistics company who is not only using Zenprise for their field personnel but also our Mobile DLP solution to distribute and time-expire sensitive docs to its board of directors.Or this medical devices company that migrated its sales team to iPads, and uses Zenprise to make the latest version of sales collateral and presentations available when and where they’re needed.