Be prepared for BYOD

06.06.2011 by Martin Kuppinger

BYOD: Again one of these acronyms. It stands for “Bring Your Own Device”. You’d also say that it stands for IT departments accepting that they’ve lost against their users. They have lost the discussion about which devices shall be allowed in corporate environments. When I travel by train, I observe an impressive number of different devices being used. There are Windows notebooks, netbooks, iPads, iBooks, other types of “pads”, smartphones,…

For a long time corporate IT departments have tried to limit the number of devices to a small list, thus being able to manage and secure them. However, the reality especially in the world of mobile devices proves that most IT departments have failed. For sure many have restricted the access to corporate eMail to Blackberry devices. But many haven’t managed to achieve that target. And the popularity of Apple devices increases the heterogenity of devices being used by employees.

It increasingly looks like the solution only can be acceptance. Accept, that users want to use different types of devices. Accept that the innovation especially around smartphones and pads is far quicker than corporate IT departments can adopt their management tools.

At first glance that sounds like a nightmare for corporate IT departments. How to manage these devices? How to secure the devices? However, it is not about managing or securing the devices. That would be “technology security”. It is about managing and securing information, e.g. “information security”. It’s about the I in IT, not the T. Thus, we have to look at when to allow access to which information using which tool.

To do this, a simple matrix might be the starting point. The first column contains the classes of devices – notably not every single device. The first row contains the applications and information being used. In the cells you can define the requirements, based on the risk score of both the devices and the information. In some cases you might allow access based on secure browser connections, in others you might require to use virtual desktop connections. In others you might end up with having to build a specialized app. However, if banks are able to secure online banking on smartphones, why shouldn’t you be able to secure your corporate information on these devices?

You might argue that building apps or deploying desktop virtualization is quite expensive. However, trying to manage all these different devices or trying to restrict the devices allowed is expensive as well – and much more likely to fail. I don’t say that it is easy to protect your corporate information in a heterogeneous environment, supporting BYOD. But it is much more likely to be feasible than to manage and secure any single device – given the increasing number of these devices, the speed of innovation, and the simple fact that corporations don’t own all these devices.

Thus it is about preparing for BYOD by providing a set of secure paths to access corporate information and to protect that information – and by understanding how to protect which information where. When you start with BYOD, do it risk-based.


VDIs – more than a deployment option?

25.06.2010 by Martin Kuppinger

Virtual Desktop Infrastructures (VDIs) are hype. But are they really a strategic element of IT? Or are they just a deployment option? I think that the answer is influenced by two major aspects:

  • Time and the maturity of Desktop Virtualization
  • The functional breadth of VDIs

With respect to the first aspect, VDIs today are more sort of a more expensive, more complex alternative to Terminal Services. Less users per server, the same (sometimes a little bit more advanced) protocol for remote desktop access, very limited capabilities to run the VMs locally on a hypervisor – VDIs aren’t really mature yet. However that will change. We will see more deployment options, improved management capabilities, some improvements regarding performance (however, VDIs will always be expensive in terms of compute power at the server), and so on. And especially with different local deployment options (streamed, synchronized), the need for remote desktop protocols will disappear, mobile users will be fully supported and less servers will be required – without giving up advantages like the (relative) independence from hardware and some centralized management aspects (which are, however, not that different from other deployment approaches).

The other aspect is about management. Is isn’t sufficient to integrate the management of server and desktop virtualization – and even adding storage virtualization management to that is not enough. Application virtualization has to be integrated as well. But even then we have some lack of capabilities:

  • There will most likely be other types of desktops for a pretty long time – the more specialized ones for “power users” and “knowledge workers”, for specific user groups like engineers or stock brokers, and so on. It is not only about the 50% or 80% of desktops which fall into few standardized categories. The main issue are always the remaining 20% or 50% of not-that-standardized desktops. And they have to be managed centrally as well.
  • That requires configuration management and software deployment beyond building few standard images. Image management in reality is far more complex than just having few standard images. And not every application can be virtualized. Beyond that, we need several other elements which typically are found in Client Lifecycle Management today: Think about inventories and License Management. With other words: You will either need Client Lifecycle Management (CLI) or VDIs have to fully integrate that in the future.

In the future, a more complete VDI stack with full CLI support and optimized support for local deployments and mobile users might become the standard – even for older operating systems and non-Windows platforms. For the meantime, it is probably the better strategy to understand VDIs as one deployment option amongst other and to integrate all these deployment options under centralized management system. At least it is a good idea to be realistic about VDIs and not too enthusiastic.

So I’m a believer in VDIs – but I’m a sceptic regarding their short-term value for most use cases. What is your opinion on this?


System Lifecycle Management – survival of the smartest

12.12.2007 by Martin Kuppinger

One of the IT market segments I’m observing for a quite long time ist the System lifecycle management market, including software distribution, OS installation, inventory, patch management and some other technologies. There are few segments which are that crowded. If I count the vendors/brands which compete in the central European region I end up with something aroung 20 at least. Given this number of competitors it is obvious that not all of them will survive. There will be the big ones to survive – and there will be the smart ones.

Read the rest of this entry »


Trying to find the next niche

03.12.2007 by Martin Kuppinger

This afternoon I had an analyst briefing with one of the vendors which offspring the market segment formerly known as system management which is usually defined today as client or system lifecycle management. This change has been definitely necessary because system management covered a very broad range of different technologies.

But the system lifecycle management segment, which exists for a while, is as well pretty heterogeneous. There are vendors which still mainly support software distribution, OS installation, patch management, and some other administrative functionalities. There are vendors which are moving towards the security market, like LANdesk with their NAC products or Symantec. Many vendors are adding license management capabilities and move towards the ITSM (IT Service management market) or at least to some part of this market – Enteo/Frontrange as one example –  whereas others set their focus on compliance and related topics. The borderlines aren’t always clear. There are many vendors which claim to support license compliance. But there are few which really cover all the details of licenses and which integrate their license compliance tools as well with asset management and automated inventory services as with contract management. In this area you’ll find Managesoft as well as Brainware.

But even for these vendors, there’s the question about how long the niche will exist. The approach of ManageSoft is pretty interesting. They are providing a strong technical integration with the inventory and asset management as well as a dashboard for the business user and IT management. Thus, they might move towards more controls they support in this “compliance dashboard”, they might add risk management functionality or they might do both.

But ManageSoft, like every other vendor who has successfully done the step beyond the administration-focused system lifecycle management, will always have to find new niches fast – because other companies will enter interesting market segments and because the big BSM players always will try to position their solution as the “swiss army knife” you can use for everything.

My observations of the vendors in the system management space over the last years are, that there are some vendors which are able to reinvent themselves. There are vendors who try to grow through acquisitions – not always successful. There are the big ones which sometimes struggle when it comes to the details and still need support of smaller specialists who are able to fulfil the customer’s demand in the context of an enterprise framework. And there are many companies which are neither able to reinvent themselves (at least not fast and innovative enough) nor to grow through acquisitions. In a market segment like system lifecycle management with more than 20 active competitors in Europe – not counted the ones in other areas – the ability to move forward is one of the most important aspects for product decisions. It is because the ones who aren’t innovative are the ones who will in the best case become acquisition targets and in the worst case just will disappear.

Thus, it isn’t done with re-positioning in a newly “invented” market segment which is just a new name for something existing. It is about re-inventing the market segment.


© 2015 Martin Kuppinger, KuppingerCole