By Blake Brannon, AirWatch
While on the surface the announcement appears to be a simple product integration between AirWatch and Box, the new framework for how the integration was done is an industry first and will launch the industry into a new direction regarding how ISVs and EMM solutions integrate together. This new integration model moves beyond the legacy approach of individual vendor SDKs inside applications. This will reduce development overhead costs and delayed time to market to support newer versions of applications and features while conjointly increasing IT controls and simplifying the end user experience.
Security Challenges Today
One of the biggest challenges for organizations that use cloud applications revolves around access control. Traditionally access control was focused on user authentication because most cloud services were web applications and little or no data was resident on the end user’s device. This meant simple SSO integration (e.g. SAML) met IT needs to ensure data was protected and could not be accessed by unapproved users.
Now that mobile devices are the dominant way to access cloud services, most all of these services are accessed via a native mobile application rather than a simple web application. The core difference is that these native applications, typically do store information locally on the device for both performance and app functionality
This creates a security concern for IT, which now must check not only user authentication but also the security posture of the end user device to ensure policies like encryption and passcode requirements are properly enforced. With traditional corporate workstations, IT was able to restrict access to these cloud application by ensuring access was only granted if the end user device was on the corporate network. In the world of mobile, no longer can IT assume the device will be on the network nor can they assume the device is owned by the company.
These changes have forced cloud security policies to now require access to only be granted to mobile devices that are properly under EMM management. This means cloud applications need to integrate with the EMM platforms to determine if the device requesting access is actively being managed by the company before granting access. For something like Box, IT only wants devices managed by AirWatch to access and use the Box service.
The Complexities of SDKs
Several technologies of integration exist today to help solve this problem but they are all centered around vendor-specific SDKs or application wrapping. AirWatch, Citrix, Good Technology and MobileIron all have taken action to build an ecosystem of ISV applications to provide access control and security to 3rd party applications however this model is faced with several challenges.
SDKs are vendor specific and require large amounts of time and money to integrate, test and release as a separate application. Each EMM vendor has their own SDK which causes the time and cost associated with integration to quickly become unsustainable. Some of these SDK enabled applications also come at an additional cost to the customer as a pass through for the development overhead. Even if you look at a typical enterprise app in the App Store today you will see a confusing set of applications all including different vendor SDKs.
Additionally the primary ISV application and EMM SDK both have independent software release cycles. This means that when a new version of the ISV application becomes available, it could be months or even years delayed before the SDK enabled equivalent version of their app is released. Not only does this create confusion from the end user but also becomes difficult to support and can cause compatibility issues between users using two different versions of the app because they each have a different EMM solution.
New and Unique Integration
The difference is that this new and unique integration developed by VMware and Box moves beyond the legacy approach of SDKs and uses a less complex, standards-based model, that provides a framework for sending additional configuration settings such as user information and preferences, single sign-on (SSO) configuration, and security controls, among other settings, for centralized policy management. By eliminating vendor-specific SDKs for third party applications and MDM environments, this new approach will create a more scalable ecosystem ensuring that the broad landscape of applications can take advantage of the most current, most robust security capabilities.
This partnership is just the first step in our efforts to enhance secure mobile collaboration. Mobile computing and content sharing is here to stay and there is no way to put the genie back into the bottle so organizations must use the most efficient way to enable this for their end-users without over-burdening IT.
We will definitely have more to share with you as our work with Box comes to fruition in the near future, so stay tuned. Until then, let us know what you think in the comment section below.