Network World and Robin Layland present

2013
The 2013 Mobile
Application Management
Challenge
Mobile Apps are the key to productivity. Which
MAM solutions are up to the complex task of
managing and securing your apps and data?


The 2013 Mobile Application Management Challenge

2





Professional Opinions
Disclaimer: All information
presented and opinions
expressed in this report
represent the current opinions
of the author(s) based on
professional judgment and
best available information at
the time of the presentation.
Consequently, the information
is subject to change, and no
liability for advice presented is
assumed. Ultimate
responsibility for choice of
appropriate solutions remains
with the reader.





Contact:
Robin Layland
Layland Consulting
(860) 561 - 4425
Robin@Layland.com



Copyright 2013 Robin
Layland / Layland Consulting



Analyst Introduction:
The Answer to Securing and
Managing Mobile Applications.............3

The Evolution of Mobile Application
Management
Enabling the enterprise through
mobile apps .............................................6

Secure Mobile Apps Across the
Enterprise
Mobility as a transformative force..............9

Symantec Mobile Management
Suite
Mobility with Vulnerability.......................12

Apperian Assures Mobile Adoption
Ingredients for moving your
mobility forward.....................................14


2013 Mobile Application Management Challenge

3


The Answer to
Securing and
Managing Mobile
Apps and Data

Mobile Application
Management is the key



By Robin Layland
Principal Analyst
Layland Consulting





Businesses and employees are going mobile. People are carrying multiple devices that are constantly
connected. Now applications are following them and going mobile. The days when using a web
browser was the only way to access an application are disappearing. We are increasingly in a world
where people build their lives around both mobile apps and browsers.

It doesn't sound like a big change, but it is. With a browser, all the important stuff - the application logic
and the enterprise's data - was safely tucked away in a server in the data center. The only important
stuff on the employees mobile device - the laptop - was maybe Excel spreadsheets, Word documents
and PowerPoint presentations - generally not the kind of data that resulted in lawsuits or regulator
action. All it took to make everything safe enough was to encrypt the disk drive, require a password
and use a VPN.

Mobile apps change the picture and require more management, control and security. Apps store the
enterprise's application logic and data on the device. They are easy to lose, get passed around to
friends and family, and fall prey to sites that reveal how to jailbreak them. Mobile devices give senior
executives and IT teams headaches.

You can't even depend on encrypting everything and implementing access control at the device level.
Bring Your Own Device (BYOD) upsets that apple cart. Recent surveys show employees resist
allowing enterprises to put device controls on their devices, and as easy as it is to jailbreak devices,
you can't just depend on device-level controls. Mobile Device Management (MDM) is still important for
corporate-owned devices, but in the BYOD world, you need management and security at the app
level.

You can't avoid mobile apps either. More and more often, mobile apps are key to increasing
productivity. They provide a way to transform business processes and gain competitive advantage.
Enterprise apps are here to stay and are only going to grow in number and importance.
The Answer
There is an answer that protects the enterprise -- using Mobile Application Management (MAM). It is
based on the premise that you can't always control the device, but you can control, manage and
secure your apps and data. MAM builds in controls and enforces policies and security in each
individual app. If a policy says that if a device is jailbroken, and you can't access the app, then the
MAM software in the app will stop any access. If the policy is that data can't be moved out of the app,
then it can't. Access control is at the individual app level. Each app encrypts its data with its own key,
making it safe from prying eyes.

2013 Mobile Application Management Challenge

4


MAM allows enterprises to take a lifecycle approach to apps. This means putting in processes to
ensure that all enterprise apps go through a standard procedure to confirm they do what they say they
do, they don't create problems, they enforce policies and implement security, and that you have a way
to deploy, update and retire them.

First, you need a process to collect all the mobile apps, because unlike server applications, anyone
can create mobile apps. Sure, most of the important ones will come out of the formal application
development process, but not all of them. Mobile apps can be developed by the business units, field
staff and others. The reason is that mobile apps are best when they do small tasks. For example, let's
say you have a delivery person who drives around to your customers. One app could be used by the
driver to record the goods taken off the truck and into the store. Another app records what the driver
actually puts on the shelves. Still another app collects the store manager's signature. Each app is
small and does one task, but also improves the process and allows the business to collect more
information. It understands the process, but it doesn't take a lot of code to create. Some smart person
outside of IT could create each of these apps. Great for the business, but you want to make sure all
the apps have the right security, controls and management. Thats why you want a process to collect
all the apps being used for business.

Once you collect all the apps, you need to make sure they conform to all your internal standards,
including any regulatory requirements, as well as confirming that there is no malware, and the app
does what it says it does. You need to check its user interface and privacy setting and look for any
risky behaviors. MAM solutions can help you do this.
Security
Securing the app is one of the biggest reasons
for a MAM solution. It can put controls in the
app to make sure it follows the right policies.
This can include making sure it doesn't share
data (except with apps you have approved),
that it is not used if the device is jailbroken, or
that it doesn't have a connection back to the
corporation. Since not all apps need an equal
amount of security, it also allows you to move
away from one set of policies for the entire
device to individual policies for each app,

MAM solutions provide access control for each app, making sure only authorized people access the
app, and they authenticate themselves. It can also help with the single sign-on, since users may rebel
if they have to have a different IT-approved password for every app. A MAM solution also allows each
app to have its own VPN.

MAM is the best way to support BYOD. With a MAM solution, you only need to protect the enterprise
apps on the device. This allows you to secure your apps and data, while leaving the rest of device
alone and keeping the employee happy. No matter what happens on the device, your app and its data
are secure. Instead of having to wipe the entire device, the MAM solution allows you to only wipe your
apps.

How does MAM perform this security magic? There are two basic ways. The first is that MAM vendors
provide a Software Developer Kit (SDK) that provides all the controls, management and security the
application developer uses when building the app. That works fine if the app is developed in the formal
2013 Mobile Application Management Challenge

5

application development group, but not if it is field developed, or if you buy the app from a third party.
The second way MAM vendors protect an app is by wrapping the app. Wrapping means taking the app
and running it through a process the vendor provides. The process injects code that interacts with the
APIs in the code and has the same effect as if the developer used their SDKs. The resulting app has
all the control the MAM vendor provides. Wrapping is a good solution if you want to shield your
developers from having to worry about management and security and apps developed outside of IT.
An app that has been developed using the SDK or by being wrapped, is referred to as being in a
container.

A containerized app can use a VPN to communicate back to the
enterprise. MAM vendors provide options on how the VPN is used and
may provide their own VPN solution, so that a plethora of app VPNs
doesn't overload your existing VPN infrastructure.
Enterprise Application Store
The next step is distributing, updating, retiring and managing the apps on
the individuals devices. Again MAM vendors provide a solution under the
label Enterprise Application Store (EAS). An EAS is the enterprises own
version of an Apple or Android store. It provides a place where your
employees and partners can go and download your apps. An EAS solution
can also provide a way to access popular consumer apps from the leading
stores, allowing for volume discounts on popular apps. The EAS provides
a way to automatically update the apps when a new version is available,
along with wiping or retiring an app that is out of date. The EAS also can control who can download
the app based on policies you set.
The Challenge
A MAM solution is clearly a key part of any enterprise's mobility strategy. The question is Which MAM
solution?" Not all MAM solutions are created equal. I outlined above what a MAM solution can do, this
does not mean every MAM vendor does everything I mentioned. Plus some vendors do even more
than I mentioned in the short description. You need to understand the differences between vendors,
and then find the one that best fits into your mobility strategy.

I have brought together four of the leading enterprise-class vendors to help you understand how they
approach the Mobile Application Management:
AirWatch Apperian
Good Technology Symantec

I asked them to explain their primary competitive differentiators, concentrating on where they excel
compared with their competition - not to create a list of everything they do. Your next step is to read
and listen to what they have to say, so you can understand how they can help you implement a MAM
strategy for your enterprise. Then you should contact the vendors directly to answer your longer list of
questions and understand how they can help you gain control of the mobile world.

This document is just one part of The 2013 Mobile Application Management Challenge. There are also
two webcasts. In these webcasts, I bring together two vendors to explore two topics in depth. Each
one will help you gain a better understanding of what a MAM can do for you. The webcast topics are:
Enterprise Apps in a BYOD World: What Do You Need to Know?
Containers & Wrappers: What Does it All Mean?
A MAM
solution is
clearly a key
part of any
enterprise's
mobility
strategy. The
question is
Which MAM
solution?

2013 Mobile Application Management Challenge

6



The Evolution of
Mobile Application
Management (MAM)

Enabling the enterprise
through mobile apps


By John Marshall
CEO
AirWatch




Mobile applications have become one of the primary ways people communicate, work and collaborate with
others from their mobile devices. The new wave of mobile apps is helping organizations automate
business processes, increase employee productivity and enhance the customer experience.

Enterprises looking to ride the wave of mobile apps to enable their business need to have a
comprehensive Mobile Application Management strategy for securing, containerizing and managing
mobile apps and data on both corporate and employee-owned devices.

Key Elements of a Comprehensive MAM Strategy
Flexible MAM platform for enabling enterprise apps on corporate and BYOD devices
Secure containerized app solutions for corporate content, email and browsing
App Wrapping and Software Development Kit (SDK) for enterprise app developers
Corporate authentication policy across enterprise apps with Single Sign On (SSO)
Seamless integration of apps with back end enterprise systems through App Tunneling
Custom enterprise app catalog with advanced assignment and deployment policies

AirWatch is leading the market with the most flexible Enterprise Mobility Management platform for full
mobile application lifecycle management and Data Loss Prevention (DLP). With AirWatch, organizations
can truly enable their business through mobile apps while protecting enterprise data.
Enabling BYOD and Containerization
With the consumerization of mobility, many enterprises are turning to Bring Your Own Device (BYOD)
programs, or a hybrid of corporate and employee-owned devices. AirWatch provides a flexible model for
distributing apps and securing access to content, email and browsing apps based on device ownership
type, with configurable privacy policies for data collection and self-service management capabilities for
end users.

With AirWatch containerization, organizations can isolate and secure corporate data on mobile devices
regardless of ownership type. With the AirWatch SDK and AirWatch App Wrapping, organizations can
2013 Mobile Application Management Challenge

7

develop and wrap internal applications in secure containers. AirWatch enables ultimate data loss
prevention (DLP), because all of our container solutions work together. Email attachments open in Secure
Content Locker, hyperlinks open in AirWatch Browser and content can be restricted to viewing in only
SDK-developed or wrapped applications.

Developing Applications
As employees become more reliant on mobile applications to do their jobs, many enterprises are building
internal applications customized to their business initiatives and employee roles. AirWatchs advanced
application development solutions provide organizations with the tools required to build secure
applications for business.

App Wrapping
For organizations that already have developed internal applications, AirWatch App Wrapping adds an
extra level of security and management capabilities to business apps. Administrators can easily wrap apps
within minutes directly from the AirWatch console. For each application, administrators can select the
specific features to be added to an app such as user authentication with SSO, data encryption,
geofencing, restrictions on copy/paste and opening files with other applications. Configuration changes to
wrapped applications are performed over-the-air and do not require redeploying the app or code changes.
App Software Development Kit (SDK)
For organizations developing internal applications, the AirWatch Software Development Kit (SDK) gives
enterprise app developers access to a host of core AirWatch functionality. With the AirWatch SDK, the
heavy lifting has been done, allowing developers to focus on the business goals of the app. SDK features
can be configured from the AirWatch console and updated over-the-air. Organizations can add important
security features including user authentication with SSO, certificate integration and detection of
compromised device status. AirWatch SDK applications can query and report device information back into
the AirWatch console. AirWatch provides the ability to configure app restrictions and limit app access to a
specific location with geofencing and easily custom-brand internal apps according to corporate standards.
For complete visibility across internal apps, organizations can leverage AirWatch analytics tools to monitor
app usage, custom events and actions.
Development Workflow
To streamline and track the entire app development process, AirWatch provides a built-in step-by-step
workflow that allows organizations to split the application creation and publishing process into steps. Each
step is assigned to a user role and corresponds to a workflow status that is automatically updated as steps
are completed. When development is complete, apps can be deployed to a specific user, group or device
platform for app testing. App ratings and reviews give developers the insights needed to evaluate how
new applications are being used. If an app crashes, logs are automatically sent to developers for fast
resolution.
Deploying Applications
With the increasing number of business apps deployed to mobile devices, organizations need an efficient
way to push apps based on an employees role, group membership or business process. AirWatch
enables administrators to distribute, update and remove apps across the entire organization using a fully
customizable App Catalog. The AirWatch App Catalog provides a central place where users can browse,
search, install and update public, internal or purchased apps provided by their business. AirWatch directly
integrates with public app stores and external app repositories to link to public apps and access internal
app files. Advanced features of the App Catalog include: user authentication, custom app categories and
featured apps, app assignment rules based on user, device or group. The App Catalog supports multiple
languages and a unified and intuitive HTML5 interface that can be branded according to corporate
standards.
2013 Mobile Application Management Challenge

8


Deploying Purchased Apps
Administrators are able to streamline the purchase, management and distribution of Volume Purchase
Program (VPP) apps through integration with AirWatch. AirWatch enables administrators to centrally
manage app redemption codes and track user acceptance and installation of apps. If applications are
being purchased and deployed for different business units, AirWatch is able to associate those costs to a
specific purchase order or department. With AirWatch, administrators are able to view details on VPP
orders, including order date and number, and track the number of codes purchased, redeemed and
remaining. If codes are remaining, administrators can re-allocate them to different users to ensure the
organization is making the most of their investment.
Integrating Applications
The AirWatch App Tunnel helps address mobile access to corporate resources within a single application.
Typically this business challenge has been answered with a device level VPN configuration, but with a
device level VPN, data leakage can occur. AirWatch App Tunneling allows a single secure connection with
corporate systems that may exist behind a firewall without needing a VPN. To establish this application
tunnel, IT administrators create an application wrapping profile within AirWatch leveraging the AirWatch
Mobile Access Gateway. This enables a secure connection between the app and the enterprise system.
SSOs identity management makes it easy for users to access multiple apps without having to log in every
time within an approved active timeframe.
Securing Applications
AirWatch gives organizations ultimate application security with advanced user authentication options and
SSO and the ability to create app whitelists, blacklists and compliance policies. Restrict access to pre-
installed applications on a device, such as Bluetooth or camera, and disable access to public app stores.
AirWatch can be configured to automatically uninstall apps when a user un-enrolls or when a device is
compromised. For dedicated line of business devices AirWatch provides a lockdown kiosk mode where
user can only access specific apps and settings configured by the administrator. AirWatch has the ability
to scan applications to detect privacy violations, risky behaviors and designer programming to detect
unsecure protocols to post data via the application.


About AirWatch
AirWatch is the largest Enterprise Mobility Management provider in the world with over 1,300 employees
globally. More than 7,000 companies trust AirWatch to secure and manage their mobile enterprise. Our
mission is helping organizations successfully deploy, secure and manage the mobile initiatives that drive
their business through market-leading solutions for mobile security, device, email, application and content
management.

For more information about AirWatch solutions described here, please visit:
http://www.air-watch.com or call AirWatch at +1 404 478 7500.

2013 Mobile Application Management Challenge
[ T y p e t e x t ]
9


Secure Mobile Apps
Across the Enterprise

Mobility as a
transformative force






By John Dasher,
Senior Director,
Product Marketing
Good Technology





Be User First Without Compromising on Security
BYOD users want more than just access to corporate email/calendar/contacts on their smart devices
but they don't want to sacrifice personal privacy in the name of security. Mobile Application
Management (MAM) can be effective, but not all solutions are created equal.
Good Technology provides a new approach in this mobile-first era via unique mobile app
containerization and associated app lifecycle management technologies. Users get their choice of
preferred device and can use both personal and containerized business apps on the same device. IT
retains complete control over containerized business apps and nothing else, irrespective of the device
managed by MDM or not on which those apps are being used. Good enables users to work as they
wish, more productively, without privacy infringement so personal data is not viewed or lost in the
eventuality that IT has to take protective actions over containerized business apps.
At Good, we respect the personal nature of the users workspace and uniquely preserve the expected
experience ensuring IT-certified mobile apps are embraced. As a result, businesses are freed from
worry about where their data travels and can pursue bolder mobile strategies.
Not All MAM Solutions Are Equal
The unique capabilities of Goods MAM offering, listed below, make it the only comprehensive MAM
solution that does not require an enterprise to compromise where it matters most business
innovation, user satisfaction and productivity in the name of security and manageability.
Good's mobile app containerization technology safely segregates business apps for use on any device
and provides IT with extensive security and compliance controls over those apps.
Develop containerized apps faster. Apps can be containerized via wrapping (i.e., no source code
access or development experience required), a cross-platform SDK (i.e., code integration required),
and the most popular hybrid development environments, including Adobe PhoneGap and IBM
Worklight. We make it easy for anyone to containerize apps. Developers are relieved of the pressure of
learning and keeping up with the latest security techniques and can focus on building best in class
apps. IT can quickly containerize the enterprises custom apps via wrapping without having to know
anything about app development.
Constantly protect information shared between apps. Good secured apps are capable of sharing
documents and data between apps through Goods unique encrypted application-to-application
2013 Mobile Application Management Challenge
1 0

tunneling technology. This translates into constant information protection and prevents accidental
exposure of data between applications (e.g., IT can prevent corporate data moving from a
containerized app to a personal app that eventually places data into the consumer cloud).

Figure 1: Constantly Protect Information Shared Between Apps
Share services between apps. Only Goods mobile app containerization enables the reuse of high
value services and features developed by Good, our ISV partners, and your own custom services.
Secure document sharing, described above, is just one example. Another example is print services.
Instead of requiring a user to save a document somewhere then open a separate printing app to
reformat and print, the print service can be made available from within the original app, allowing the
user to print without switching apps. Services dont have to be publicly visible. An enterprise
development team can create their own private services (e.g., a presence service that indicates when
employees are not in meetings) and only publish to their internal developer community to consume.

Figure 2: Share Services Between Apps
Encrypt data at the app-level, independent of the device. Your business can consistently comply
with the highest security and data protection standards and regulations across all supported OS
platforms as corporate data is encrypted at app-level via FIPS-validated cryptographic modules. This is
unlike solutions that require device management to turn on native device encryption or provide non-
2013 Mobile Application Management Challenge
1 1

uniform encryption across different platforms. So, even if the device password is hacked, your
corporate data stays protected.
Consumer app store convenience, enterprise control. IT can distribute an unlimited number of apps
whether they are custom-built or off-the-shelf, to corporate-liable or BYO devices. Apps can be
authorized for a wide spectrum of users, including non-employees (e.g., partners, distributors, board
members, etc.) who are not in the corporate directory system. MDM requires membership in the
corporate directory system prior to making apps available to a user. With the enterprise app store, any
authorized users, whether in the corporate directory or not, can acquire these apps and also via a
privately branded enterprise app store that provides a consumer-like experience i.e., searching,
browsing, app ratings and feedback. App-level authentication provides granular controls but single sign-
on (SSO) across all containerized apps makes it easy for the user. IT can centrally manage
enforcement of compliance (i.e., OS version, hardware models, jailbreak and rooted detection), data
loss prevention (i.e., user authentication and password strength, auto lock, cut/copy/paste prevention)
and developer-specified custom app policies that have been enabled via mobile app containerization. A
global view of user and app analytics, beyond simple inventory reporting, helps businesses understand
how apps are being used.
Securely access resources behind the corporate firewall. IT can ensure secure access to
resources behind the firewall without opening additional inbound ports which exposes the enterprise to
unnecessary risk; requiring upgrades to the VPN infrastructure (i.e., no additional VPN concentrators or
licenses); or adding or changing anything in the DMZ.
Safely unlock mobile data for business growth. IT can sanction the broad adoption of containerized
business apps across a broad spectrum of users and devices including external business partners,
board members, customers whose devices are not managed by IT or are not in the corporate directory
confident in the knowledge that corporate data will be secure on the device. This is a step above mobile
device management (MDM) solutions that are unable to secure data on devices that are not under
MDM's control.
Put IT Back In Control
Good allows IT to regain control of BYO environments, enabling security and management of mobile
apps and data, without infringing on user privacy and providing a great business user experience.

Goods app wrapping allows IT to easily containerize custom apps without needing source code or
development resources, ensuring secure corporate data within the respective apps.

The brandable enterprise app store and the security and compliance controls enabled by mobile app
containerization allows IT to support the complete app lifecycle from app distribution and provisioning
to analyzing ratings and usage to updates and decommissioning. Unlike MDM solutions that require
users to be in the corporate directory, Good supports the app lifecycle for both employees and external
business partners without compromising security or manageability. IT can focus on managing the
enterprises apps and data without having to take on management of devices not owned by the
enterprise.

With Good designed to allow for cost savings, IT can align with end user demands and LOB mobility
initiatives such as improving productivity, while protecting corporate data.

For more information about Good Technologys solutions described above, please visit
www1.good.com/man or call 1 (866) 7BE GOOD.
2013 Mobile Application Management Challenge

1 2





Symantec Mobile
Management Suite

Mobility without
vulnerability


By Brian Duckering
Sr. Mobility Strategist
Symantec

Businesses today are dealing with incredible advances in mobile device technology, massive
adoption of smart devices and an unstoppable BYOD trend. In response, most enterprises
have multiple mobility initiatives spread across their organization some focused on mobile
email, some focused on mobile apps, and others focused on mobile content. Within these
initiatives, there are diverse ownership models and varying levels of enterprise management
possible. In some use cases (corporate owned devices), complete management of devices is
needed, but in other cases (personally owned devices), enterprises may only want control of
specific corporate apps and data not the whole device.

To achieve these widely varying enterprise business objectives, an ideal enterprise mobility
solution should address diverse use cases and ownership models. To help enterprises take full
advantage of mobility without sacrificing protection, Symantec offers Symantec Mobile
Management Suite a single solution that includes the technologies to address mobile device
management, application management, and threat protection challenges faced by enterprises
today.

The Mobile Application Management capabilities deliver comprehensive distribution and
protection for mobile apps and content on iOS and Android devices. Corporate apps are
containerized using a unique technology that doesnt require source code changes, and enables
clear separation of corporate and personal data on the device.

Symantec Mobile Management Suite can be employed in use cases where complete device
management cannot be employed or is not needed, and where control over just specific
corporate apps and data is desired. Typical use cases include mobile application deployments,
and mobile content driven deployments in both corporate and personally owned BYOD
environments. Key features include enterprise app distribution, app and content protection
policies, enterprise content distribution and selective wipe.

The Mobile Device Management Capabilities offer visibility and control over iOS, Android and
Windows Phone devices. Symantec Mobile Management Suite can be employed in use cases
where complete device management is required or desired. Typical use cases include mobile
email deployment, BlackBerry migration, mobile policy management, and mobile configuration
management. Key features include enterprise user activation, configuration and policy
management, app and content distribution, compliance enforcement, selective wipe, secure
email and asset management.
2013 Mobile Application Management Challenge

1 3


The Mobile Threat Protection technology provides award-winning antivirus technology,
advanced firewall, and anti-spam functionality for Android and Windows Mobile platforms. With
centralized policy-driven management and reporting, it helps ensure there are compliance
policies in un-trusted ecosystems.

Symantec Enterprise Mobility Strategy:
Symantec Mobile Management Suite can be employed in use cases where end users download
apps of their choice from any app store in the Android ecosystem by protecting from malicious
apps. Typical use cases include securing sizeable Android deployments in global user bases,
field users and contractors, as well as securing legacy Windows Mobile and CE operational
devices. Key features include antimalware, Web protection (safe browsing), anti-theft, enterprise
policy management, application blacklisting, visibility and compliance.

Symantec Mobile Management Suite simplifies the licensing process with a per-user
subscription model, making mobile costs more predictable. With the common device-based
licensing, and users carrying multiple devices in the form of smartphones and tablets,
enterprises are forced to pay multiple times for the same user. With Symantecs new model, IT
teams no longer need to count the devices and instead use a simpler user count. Additionally,
Symantec Mobile Management Suite uses subscription based pricing, so organizations can
better address their capital and operational expenditures.

With scalable device management, innovative application management and trusted threat
protection technology, Symantec Mobile Management Suite provides all the capabilities needed
for enterprises to enable, secure and manage mobile devices, applications, and data.
Organizations that rely on Symantec Mobile Management Suite for the management and
protection of their mobile devices will enjoy specific benefits that include:
One Solution for Enterprise-Wide Mobile Deployments: BYOD, COPE, COIT
whichever deployment models an organization chooses to support, Symantec Mobile
Management Suite provides a modular and scalable solution for all mobile initiatives and
use cases.
Complete Protection for Enterprise Mobility: With trusted protection at the device,
app and data layers, Symantec Mobile Management Suite ensures that corporate data is
isolated and protected from data loss, malware, and unauthorized access.
Lower Total Cost of Ownership: With users carrying multiple devices, Symantec
Mobile Management Suite makes it cost-efficient with a per-user model (instead of per-
device). In addition, integration with enterprise management products and automation
tools enable operational efficiencies.

Symantec Mobile Management Suite is specifically designed to address a diverse set of
enterprise mobility needs. Whether organizations want to enable mobile email or take
advantage of mobile applications and content, or all of the above, Symantec Mobile
Management Suite provides the most complete solution to support diverse use cases in
personally owned, corporate owned and hybrid deployments.




For more information about Symantecs solutions described here, please visit:
http://go.symantec.com/mobility.

2013 Mobile Application Management Challenge

1 4



APPERIAN Assures
Mobile Adoption

Ingredients for moving
your mobility forward


By Alan Murray
CTO
Apperian




At Apperian, our sole focus is successful mobile app adoption for our customers. As the pioneer of
Mobile App Management and a company with extensive history in the enterprise, we continue to
deliver innovation and set the standard for what it means to be a premier MAM provider. We at
Apperian operate on a core philosophy to evolve our platform forward and drive the highest level of
app adoption for mobile workers. The key points of this philosophy are listed below:

MAM more than a pretty app store. When Apperian first started out, the main focus was on
the development of enterprise app stores. However, enterprise app stores currently represent
just a minimal viable product for most mobile vendors. The truth is that the engine for
successful adoption lies in whats behind the app store. Thats why Apperians platform not only
provides a best-in-class, fully customizable app store, but also an entire suite of app
management capabilities, allowing IT to deliver apps to users in a way that even non-technical
people can administer. We provide access to sophisticated lifecycle capabilities for inspecting,
securing and deploying apps with a single click, making your mobility management easier and
more efficient. If a vendors definition of MAM is only an app store, be wary; they are missing
the larger picture.

App Lifecycle Management is the heart. There are many steps an app must take to get from
developer to device. Apps and content come from multiple sources (custom development, web
links, public app stores), then must be inspected for malware and malicious code, protected with
dynamic policies, signed and packaged, integrated into enterprise systems, and then delivered
to the right users on the right devices. Even then, deployment is far from the end of the
enterprise mobility lifecycle. Reporting, metrics, and compliance are required for mobile apps
and content as much as they are for other company assets. That is why we believe App
Lifecycle Management to be the heart of MAM, and why Apperians platform delivers a full-
service suite of capabilities that handles every step of the app lifecycle, easing the challenge of
managing your mobility and providing proper care every step of the way.

Usability and experience is the soul. Our efforts have never been compromised in this area,
and from the beginning we have ensured a corporate experience that users demand and
expect. Mobility is transformative, changing how, when and where we consume information in
our personal and professional lives. With these transformative qualities now being realized,
users are migrating to smartphones and tablets in numbers never seen before in IT.
Consumerization of IT has raised user expectations to believe a corporate app experience
should be every bit as good as a consumer-based one. Apperian provides customers with a
2013 Mobile Application Management Challenge

1 5

beautifully designed private app store; one that is familiar and intuitive regardless the device
users are on. But more importantly, we allow organizations to brand their app store not as
Apperians, but as their own, allowing for complete corporate identification and creativity. User
experience is the soul of our product, which is why we devote so much of our energy providing
the best user experience on the market.


App-based security. Security at the device-level is an all-or-nothing solution, and one that
inevitably hampers adoption and creates friction with users who bring their own devices to work.
Security solutions that require SDKs create additional work for app developers, adding time,
expense and vulnerabilities. The most optimal security solutions are delivered at the app level,
created post compilation by wrapping the app with policies that are SDK-free. With this, any
administrator can manage the security policy settings of an app, such as requiring corporate
authentication, data encryption or app-level VPN. The Apperian platform compresses the
lifecycle of delivering apps to mobile users by removing lengthy development and testing cycles
otherwise required to deliver similar capabilities. It also separates the duties of coding from
security policy administration, making your app management easier, painless, and more
efficient.

No containers. This is a core design choice and reflects our focus on user experience, while
still providing the protection IT requires. Although some may consider app wrapping a container,
for this point we will define app wrapping and containers as separate. Containers are self-
contained environments that typically include multiple apps (including PIMs) and require users
to purposefully enter and exit. Barriers that worsen user experience, or assumptions that users
are discretely either at work or at play (persona based containers) are artificial constructs,
and built simply because the industry doesnt know any better. Invisible containers, or
wrappers as we call them, are a different story. We understand that corporate assets must be
managed, protected, and secured in mobile devices. With this in mind, we created a win-win
solution for both IT and end users. By wrapping individual apps with policies that can extend
the capabilities of an app, individual policies are tailor made for that app's security, management
or metric requirements. These policies are invisible to end users yet still provide IT with an
important layer of security to corporate data. A best practice MAM solution should protect the
user, ensure that they have the best experience possible, and behave in a way that best
matches their lives and that is what Apperian delivers.

Continuous innovation. As a company focused on innovation, it is imperative not to rest on
todays solutions. That is why for us, Mobile Application Management has evolved into a full app
lifecycle solution. Continuous innovation is listening to our customers and challenging our
assumptions. It is why our app wrapping is evolving into a dynamic solution that can be changed
on the fly by administrative policies, or applied on demand to the right individuals without re-
signing or redeploying. It is why we continue to develop new app wrapping policies that make
the security and management of apps easier. It is why we will continue to grow and expand as a
company, constantly redefining the definition of a premier MAM provider.

2013 Mobile Application Management Challenge

1 6

Service from the cloud. By having a SaaS-based, multi-tenancy, native-built platform, we
provide unrivaled scalability and ease of implementation, along with continuous updates that
incessantly move the needle for our partners and customers. The ability to deploy a solution to
thousands of users with little work and time elapsed is another one of our core design principles.
We are built from scratch to scale up or down on a moments notice. Our enterprise connector
allows single sign on (SSO) into corporate identity providers using SAML, easing adoption
issues for users by not requiring unique usernames and passwords.

No MDM required. MDM undoubtedly promises security, yet does so without any subtlety. It
will lock a device, wipe out all the content, and control everything on it, both personal and
corporate. Because of the hassles and friction this creates, MDM as the only solution for
enterprise mobility is insufficient. Vendors and analysts of MDM have finally acknowledged the
limitations of device management, and now claim to be much broader than MDM. However,
their Mobile Application Management solutions are only enterprise app stores, or only provide
additional functionality if the device is under MDM, along with other technical limitations. We
believe building value in addition to MDM as well as without MDM ensures that customers have
the richest set of choices along with a broadest capability of action in their enterprise mobility
environments.

No SDK required. The need to inject an SDK to get the full value of the platform is a serious
limitation of other vendors. The value for ISVs, developers, and enterprises are much higher if
this limitation is removed, allowing IT to get the full value of the richest enterprise mobility
platform without forcing a recompile of the app. Similarly, there is no need to track down the
developers who built it, change it when a new piece of functionality is added to the platform, try
to decipher an older app, or try to build a relationship with a vendor to access the vendors
source code or engineering team.

Dont harm BYOD devices. We believe that the Y in BYOD truly means its YOUR device.
We recognize consumer trends that determine what devices arrive when, and we work in a way
that is flexible and applicable to multiple platforms. In BYOD environments, its really about
security of corporate data, so we focus only on those apps that have access to that data.
Secure them, track them, and manage them in a way that is transparent to users and doesnt
touch any personal information on the device.

By operating on our core philosophy listed above, we have set the standard for what it means to
be the premier MAM provider. Having a complete understanding of our clients, products, and industry
has given us the ability to properly innovate our platform to be user friendly, efficient, and reliable.
Apperian assures mobile adoption, and will guide your enterprise through every step. To find out more
about how Apperian can help you, and how Apperian has helped other companies such as Cisco,
Allstate, Barclays, New Balance and others, review our contact information below, and begin moving
your mobility forward.

For more information about Apperians solutions described here, please visit:
http://www.apperian.com/ or call (617) 477-8740