As they seek to reverse flat or declining revenues, many mobile operators are expanding their presence in the managed enterprise mobility market by enabling organizations to manage secure access to enterprise applications from mobile devices for their employees. MobileIron, BlackBerry, VMWare AirWatch, and IBM are some of the most recognized brands in the enterprise mobility management (EMM) market. In addition, many local mobile operators have a sizable presence in this market, typically as channel partners for one or more of these established EMM vendors.

Potential for market growth

The EMM market is currently undergoing a transformation. The boundary between Mobile Device Management (MDM) and EMM has blurred considerably. Gartner, Inc. recently identified a third service category — managed mobility services — which it defines as “bundled IT and business process services in conjunction with EMM software.” But regardless of how they are defined, MDM and EMM constitute large, dynamic, and growing markets. According to Research and Markets, the MDM market is predicted to increase from $1.69 billion in 2016 to $5.32 billion by 2021. The Radicati Group predicts that the EMM market will total over $1.8 billion by the end of 2017, rising to over $3.3 billion by 2022.

Drivers for market growth

Several factors are driving growth in MDM and EMM. Applications are increasingly being written with mobility in mind. Employees expect to be able to use their own devices at work, rather than the devices issued by their employer’s IT department. Outsourcing trends mean that more and more businesses depend on third-party contractors accessing their enterprise application and data services. And more and more businesses want their customers to be able to interact with them through mobile apps, to improve customer experience and drive customer loyalty.

In other words, the days in which the scope of EMM was limited to a fleet of enterprise-owned and managed smartphones and PDAs issued to employees are fading fast. In addition, the wirelessly connected “things” that make up the Internet of Things (IoT) must be managed every bit as securely as smartphones and PDAs.

Emerging issues and opportunities

Organizations are beginning to grapple with a new market concern, centered on what is increasingly a vital issue for the chief information security officer and the CEO — in an increasingly connected world, maintaining adequate security, control, and visibility over data for which the organization has custodial responsibility.  

Current-generation EMM solutions rely on security and management controls at the device level. These device-specific access rights and security policies — that is, security is tied to each individual device — served businesses well when the enterprise owned or controlled all the devices that could access its data. However, this legacy security model cannot be scaled to protect the increasing number of devices that have a legitimate need to access corporate data but that the enterprise cannot practically control or manage.

Privacy concerns are also an issue. It isn’t only contractors and customers who prefer not to have a device-level agent on their devices. As employees evolve toward dominance by members of Generation Y, they are increasingly loath to allow employers to install monitoring software on their private smartphones or tablets.

An opportunity — and a solution

The current situation represents an opportunity for mobile operators.  Operators can shake up the mobile security market with a security model that both addresses emerging enterprise mobility use cases and leverages the operator’s position as a trusted brand.

The ideal alternative is to secure the most common manifestation of enterprise data on devices — apps — rather than the devices themselves. Enterprise DevOps teams should be looking for app-centric mobile security solutions that incorporate appropriate controls into each enterprise mobile app, enabling each app to run securely and discretely on any device. Enterprises could then make their apps available from any public app store, to any end user, for use on any supported device, without worrying about security.

The real opportunity therefore lies in mobile security solutions that allow specific security policies appropriate to each individual app to be applied in minutes before launch. Of course, an enterprise can develop its own method of securing apps.  However, for most companies, prohibitive amounts of time and money would be required to develop app-specific security.

App-specific security takes the current device-centric model to the next level. Using available technology, mobile operators can take the lead in growing their mobile security businesses, to incorporate support for their customers’ most critical business processes by untethering security from any user, device, or network restrictions.

As enterprise computation, storage, and processing move from a centralized cloud infrastructure back to increasingly powerful edge devices, mobile operators have the opportunity to offer their corporate customers an app-centric rather than a device-centric approach to mobile security, ensuring that customers can grow their use of mobile and IoT to transact with each other securely with the necessary levels of control and visibility.

John Aisien is CEO of Blue Cedar, a mobile security solution company based in San Francisco.