The Dangers of Single Platform Strategies
Let’s face it. Executive leadership never wants to own and manage multiple IT platforms.
Who can blame them? Paying for two or more platforms that do the same thing is hard to justify. IT often is tasked with evaluating major platforms and choosing just one for the whole organization. After this choice is made, infrastructure is hardened and the other competing platforms are decommissioned.
Often times, this is no better than getting married after a single blind date.
IT looks tends to only look from a technical perspective. Even worse, IT folks are terrible at predicting where technology is heading (hence the constant platform changes). It’s easy to pick what platform meets your needs today. The issue is that IT is often tasked with predicting changes to platforms they do not understand in the first place.
These platforms include: iOS, Android, IoT, MacOS, Windows 10, AWS, etc
Moreover, I have never worked alongside an IT team where the long-term stability of the vendor was properly considered. Mobility is the best example of this phenomenon.
CIO’s panicked when BlackBerry was facing financial turmoil and ran away from BlackBerry Enterprise Server (BES/UEM). Hilariously, BlackBerry has since bounced back while their competitors are facing similar turmoil. The only difference is BlackBerry’s woes were much more public and executives often play golf with ex-BlackBerry employees.
This breakup of sorts caused an influx of migrations to MaaS360, MobileIron, Intune and VMware AirWatch (Workspace ONE). AirWatch was acquired by VMware in 2014. VMware is owned by EMC. As a part of a very complex merger/acquisition, AirWatch became a part of Dell after EMC and Dell became one company in 2016. Rumours started flying around in early 2018 that Dell was considering a reverse merger with VMware, to allow Dell to be traded as public company.
A similar exodus occurred with XenMobile when Citrix was constantly in the press with weak earnings and rumours of splitting the company. This is sad because many shops ran from one struggling company to another.
MobileIron has been experiencing difficult times since it went public in 2014. Bob Tinker, one of the founders and CEO of MobileIron was replaced with Barry Mainz after share prices slipped over 50%. In 2017 MobileIron announced that it’s CFO Simon Biddiscombe would replace then CEO. Barry Mainz had only been CEO since 2016.
To better paint the picture, some organizations have MDM (mobile device management) stories that look like this;
iOS & Android: Nothing > Exchange > GOOD Dynamics or UEM > MobileIron or AirWatch > Intune
Eventually, most companies ran to their usual saviour Microsoft and Intune gained foothold. It wasn’t until major commitments to CIOs were made by IT departments that they realized Intune does not have the same feature set as more mature platforms.
Hilariously, all these migrations from XenMobile and AirWatch created more problems as Intune does not meet many uses cases and occasionally relies on external integrations with the aforementioned. Some organizations decommissioned AirWatch before Microsoft and AirWatch announced their integrations.
Other than creating work for project and operations staff to keep busy, these platform switches are wasteful. None of the MDM platforms cover every single use case. One might be great now but two years from now will be very behind. AirWatch for many years was the golden child but after being included in some Office 365 licenses (executives don’t want to pay for two platforms), Intune has started to take over.
After this long stretch of platform changes, all of the companies I ever worked with that migrated to AirWatch or Intune for a “single platform solution”, are now working on Jamf for MacOS and “other use cases”.
I normally like to give three solutions to a problem but in this case there are only two viable options.
1) Pick a platform and tough it out. AirWatch has transformed into a powerful suite with Workspace ONE that includes Identity Management and Office 365 integrations. Before this was the case, Office 365 customers were panicked. These are all multi-billion dollar companies. Time plus demand equals change. Pick what platform meets your most important needs (get a BA, not someone from IT to define this!) the best and stick with it
2) Out of the three top players, pick one. Integrate this with one of the smaller players that cover a smaller scope (Jamf or Intune). If for example, you pick AirWatch and Intune but still find use cases for MacOS that are not met for, limit the scope of your Mac computers instead of adding more complications (Jamf).
In either approach organizations have to accept that not every use case will be met Day 1.
InfoSec is going to come with a long laundry list of security requirements that they feel need to be meet Day 1 (everything technically possible is usually on this list). InfoSec has been either complacent or bullied into allowing the security gaps to exist up until this point. This is your leverage to push back.
Pro tip. Using the word “pilot” seems to let IT get away with not having everything in place immediately.
Take your security improvements in steps. Meet as many security requirements as possible. Do not promise all security mechanisms will work 100% of the time (let QA test your deployment and determine reliability). Set the expectation that this step is to improve the weak security measures in place presently and not a holy grail solution.
