Good Technology has become one the leaders in mobile management, amassing more than 4,000 customers, including many in government and highly regulated industries.
CEO Christy Wyatt joined the company in January, after a stint leading Citi's mobile efforts. She boasts considerable experience in the mobile industry, including time as the head of enterprise for Motorola Mobility (she left when Google bought the company) and head of developer evangelism for Apple.
In this installation of the IDG Enterprise CEO Interview Series, Chief Content Officer John Gallant and CITEworld Editorial Director Matt Rosoff talked to Wyatt about her plans for Good, and how she intends to make the company stand out from competitors like Airwatch. In addition to explaining the recent spate of management changes at the company, Wyatt also talked about:
- Good's advantage on security: "Our security model has been tested and proven with large federal agencies, with the world's largest banks, healthcare providers. About 50% of our customers come from regulated industries."
- How Good's approach differs from the competition: "I think the key differentiator is we focus on the data, not the device. There are two other very popular approaches. You have either device manufacturers like BlackBerry or device-management organizations that try to replicate a BlackBerry-type device management experience, but on non-BlackBerry devices. I think you're drawing the perimeter around the wrong place....I think you have other companies that are looking at server-based virtualization. So folks like Citrix or others, and I think that is closer to being data focused, but it keeps so much of the usability and the user experience off the device, that unfortunately the user experience becomes very challenged."
- Mobile vendors cannot ignore user experience: "Citi tried to give me a device that was a non-Good-enabled device; it was completely managed with traditional enterprise mobility stuff....I think my conclusion after that was, by giving a user a user experience that they couldn't embrace, I was actually creating the security and the data leakage that I was trying so hard to prevent. If there was an attachment on something, or if I needed to send a text message to someone, and the solution they gave me prevented me from doing that, I would grab my second device, which was in my bag, and just do it from there."
- Containerization is OK; dual-persona devices are not: "We sell containerized apps or we give you the ability to containerize your own apps and data and then manage and distribute the data between them. So the benefit to that is that it doesn't interfere with the user experience at all. You're not logging into a separate profile or separate work experience.... We're not carving up the OS. We're not separating it. It is completely native and intuitive."
- Good Dynamics is not just about commercial apps: "We have a large number of commercial applications, things like Box for Good. You can do integration with IBM Worklight, with Salesforce, with HP ePrint, DocuSign. But what most people don't realize is that for every single commercial application that you see, there are probably 20 to 30 in-house developed applications behind the firewall that our customers have developed for themselves."
- Good will move downmarket: Over the next year, outsiders "should continue to see us bringing the barrier to entry lower for consumers. I think, again, because our solution has been enterprise-grade, there's a perception that it's somehow inaccessible to the average enterprise, that you need to be a global bank or a large federal agency in order to use Good, which is just completely not the case."
Here's the full interview:
John Gallant: You joined in January after serving as Global Head of Citi's Consumer eBusiness and Mobile Technology Group. A couple of things about that transition. First, what appealed to you about this role? Why did you take this job?
I was very familiar with Good from a lot of different places. I knew them at Palm a long time ago. I'm dating myself. I knew them at Motorola, where they came into Motorola and then consequently left from Motorola. Actually, I first heard of the opportunity with Good in the summer when I was looking at a number of different opportunities, and chose to go to Citigroup. Citigroup is a customer of Good's, so from within Citigroup I was all of a sudden using the products in a way that I hadn't used them before. I had this kind of "aha" moment. It was sort of a transformational experience where my business at Motorola had been heavily focused on enterprise mobility, but looking at it from the inside perspective, from the CIO perspective, it was kind of, as I said, an ah-ha moment. All of a sudden I was doing 99% of my job on my iPad and my smartphone. I was no longer VPN'ing in. I wasn't doing heavy device management. I really had a different sort of appreciation. So when King [Ed. Note: King Lee, executive chairman and former CEO of Good] cornered me again and tried to resell me on the opportunity it was too good to pass up.
JG: What did you learn from Citi's experience with BYOD, and from your team's roll out of consumer-facing mobile services, that will shape your work at Good?
A couple of things. First of all, in my role within Citi, I was a consumer of a lot of these technologies in a large, traditional, enterprise environment -- the way that CIOs and the internal IT organization looked at investment decisions and return on investment, as well as the conversation which we were constantly consumed by around security, risk management, and data protection. I had a whole new appreciation for what that looked like from the inside of one of the world's largest banks. I owned a lot of technology that was consumer-facing, so right in the middle of a lot of the cyber attacks, a lot of the cyber security conversations, and it just became completely clear to me that these two things were completely at odds, that there was this massive pressure and concern around the value of data and the risk of that data getting into the wrong hands, and the opposite tension, which was the consumer experience. IT is giving me technologies that were really intrusive or overly confining and preventing me from getting my job done. That became a massive impediment to me being able to be successful. I had a unique role sitting right in between those two conversations within a very large organization, and that, I think, helped me frame the opportunity around Good. When I found out what Good was doing with Good Dynamics and their development framework and the development tool kit, it was powerful. What more could we do, as an enterprise mobility organization within the bank, if I could continuously manage that risk portfolio? And what other bolder things could we do, for our consumers, our employees or our business partners?
JG: Knowing all that, what are, say, the top two or three things that you think Good needs to do?
Number one was user experience. Citi tried to give me a device that was a non-Good-enabled device; it was completely managed with traditional enterprise mobility stuff. If I didn't want to use that that, they would make Good available to me. I think my conclusion after that was, by giving a user a user experience that they couldn't embrace, I was actually creating the security and the data leakage that I was trying so hard to prevent. If there was an attachment on something, or if I needed to send a text message to someone, and the solution they gave me prevented me from doing that, I would grab my second device, which was in my bag, and just do it from there. The user became kind of the liability if I didn't give the user a way to do their job in a very comfortable and intuitive way. I think that was the first one.
I think the second one was just the liability. Prior to coming into the organization I had a very different view of the framework for security investments, and what impact security investments had on a business. I think the realization, for me, was that the bank was essentially a very large technology organization whose product happened to be money. And it wasn't completely different than being a large telecommunications or consumer electronics provider whose product happened to be computers or cell phones. So IT was what was driving that company. It was how they were doing what they were doing. It was how they managed risk. So the value in the organization is the data. And the data became everything. So how IT organizations are making decisions around how to value that data and protect that data is very different than most. I think, enterprise companies think about how CIOs look at ROI conversations.
MR: Good plays in a competitive and crowded market with a lot of other companies specifically focused on MDM, and then security and other companies addressing similar problems. To some degree mobile device management is becoming a commodity offering. So how do you deal with that, and how does Good stand apart from the competition?
The first thing I'm going to say is we're not really a device management company. When I was at Motorola I acquired a device-management company that was created by a group of guys that had jumped out of the Android team from Google. If you would have asked me, I would have said that was absolutely the right answer. What you need to do is lock down the hardware and plug all the holes, because that's exactly how BlackBerry did it, and if I could do those same things on an Android device or an iOS device, then I could provide the same level of assurance to the CIO who is looking at using mobile products.
I think, again, my becoming a user of the Good products made me realize that I had that completely wrong. Device management absolutely has a role. It has a role when your biggest concern is what happens to the hardware. But when your biggest concern is what happens to the data, you need an entirely different set of tools.
I believe a CIO is going to need a variety of different tools to be able to deploy a number of different mobility strategies across the organization. Let's say I'm a bank and I want to put a tablet in the retail branches so that a new customer coming in just wants to pick up a tablet and open an account. That's a great usage for device management because I really care about the hardware. I don't want the hardware to leave the building. If the hardware leaves the building I want to turn it off, shut it down. It's going to be almost purely a corporate device. So it's a very fixed functionality kind of purpose. The second I start to believe that there's any mixture of personal and corporate data being intermixed on that device, you need an entirely different set of tools. I like to use the analogy of a hotel. Device management is kind of the doorman. He lets the people who have authority to have access, access, and people who don't have a reason to be there, he asks them to leave. But it doesn't actually help you secure your watch from the housekeeper. It's not going to help you at all.
When you really care about the assets that are inside the phone -- and what I really care about is that you don't breach the data that's either in my productivity applications or in my corporate developed applications or in any of my applications -- that's an entirely different set of tools. They need to be able to secure the app, secure that data within the app, be able to create workflow with multiple apps that share data across in a secure and transparent way. Most people don't realize that a lot of the data leakage comes from the space where data moves between applications, not from when the data goes in and out of the device. So that's, I think, a very different approach. There's a whole suite of products and solutions that sort of stream out of that if you fundamentally believe your focus is the data. So we do offer device management, but I would say it's, in our world, a feature. It's not a platform. The platform is really the end-to-end security architecture that will let you secure productivity apps, secure development of your own apps, create secure workflows, do distribution and management of data and applications as well as devices.
MR: It was almost a year ago that Good acquired AppCentral. How has that played into these plans and how has that acquisition gone?
AppCentral has been integrated. There is a stand-alone app store which is made available separately, but also as a part of our collaboration suite. If I take the broad view of what the portfolio is, then maybe that helps explain how AppCentral fits in it.
What people are most familiar with is Good for Enterprise. Think of it as a vertically integrated productivity-in-a-box solution. It is your email, calendar, address book, etc., a self-contained, kind of a single container that just gives the employee productivity. That lets them secure the data and things that are going in and out of that secure collaboration workspace, but doesn't necessarily have any impact on the rest of the environment around it.
We also have simple app wrapping, which was a part of the AppCentral acquisition, and then we have a separate security platform called Good Dynamics. Think of Good Dynamics as accepting the security framework that we use in our own application, our secure browser, SharePoint integration, DFE, and we separate that and make that available as a set of tools. So now you can not just create applications that leverage the secure platform that we use, but you can also expose services between those applications, you can show data between those applications, you can create these complete end-to-end workflows. And we can secure the data through every point of that workflow.
Take the simple insurance worker use case, the claims agent right at the scene of an accident. I want to take a picture securely. I want to upload it into a form. I want to fill in the rest of the form with my report. I want my customer to digitally sign and say yes, that's their description of the accident. I want to upload it to corporate, have them approve it and send it directly back down so that user knows right on the spot what's happening with their accident. On a mobile device that's not one application, that's probably five applications. It's the photo app, the communications, the DocuSign, etc. If each of these are done with Good Dynamics, either written with Good Dynamics or wrapped with AppCentral wrapping, then they can share data between them. AppCentral is the way a CIO can actually deploy-manage those applications, either by profile, by user, by job role, by device, if they need to.
MR: How is Dynamics adoption going? Do you have a lot of developers on board ?
Dynamics adoption has been amazing. The company really only started shipping Dynamics in earnest in, I'm going to say, Q3 of last year. So we're just under a year, and we have a large number of commercial applications, things like Box for Good. You can do integration with IBM Worklight, with Salesforce, with HP ePrint, DocuSign.
But what most people don't realize is that for every single commercial application that you see, there are probably 20 to 30 in-house developed applications behind the firewall that our customers have developed for themselves. So the adoption has been fantastic. We're seeing very quick uptake of the development platform, and mostly it's driven by the need to do secure workflows, just getting data on and off the devices, and to know if they actually need to be able to do these complete workflows across.
MR: If I'm not mistaken, you take a "containerization" approach to app management so there's a separation of apps for work and apps for personal life. There's been some push-back against that approach, suggesting that that's kind of undercutting the whole benefit of BYOD in the first place. Consumers or workers choosing the apps they want to use for their own workflows and getting those apps done. How do you deal with that?
We do use a lot of containerization in our solutions. But sometimes that term gets intermixed between containerization of the operating system -- think of it as dual persona, or a single container that all of your work stuff goes into -- or containerization of individual applications. So we do the latter. We sell containerized apps or we give you the ability to containerize your own apps and data and then manage and distribute the data between them. So the benefit to that is that it doesn't interfere with the user experience at all. You're not logging into a separate profile or separate work experience.
We do have single sign-on and identity and access management across Good Dynamics and Good Applications, so if you signed in to the first Good Application or any one of our partner's applications, those credentials would be propagated across all of the Good Apps, but it's invisible to the user. So it's not a separate workspace. We're not carving up the OS. We're not separating it. It is completely native and intuitive.
JG: What we've seen over the years is that companies either in the management space or in the security space usually start off being very good at a specific set of offerings, a specific set of challenges, and then over time they either get acquired or they become an acquirer and dramatically expand the portfolio. Where do you see Good falling on that spectrum, and what do you ultimately see as the broad portfolio for the company if that's the direction you're going in?
I'm going to make the assumption that Good continues on its path to be a broad enterprise solution provider. We all agree there is likely to be a lot of consolidation in enterprise mobility, organic and inorganic. Whenever you have a large and growing market -- there are 122 vendors, which is what I think Gartner just quoted in their last Magic Quadrant -- something is going to shake out.
But we're not new. We've been out there for quite a long period of time. Our security model has been tested and proven with large federal agencies, with the world's largest banks, healthcare providers. About 50% of our customers come from regulated industries. The rest come are large retailers, manufacturing, distribution, I think we're in an age now where there isn't a company alive that doesn't care about their data and their IP. So what used to be relegated to kind of a niche regulated market solution is now a broad platform that spans across industries and across different enterprises.
We have done a couple of acquisitions. You mentioned AppCentral. There was another called Copiun, which did SharePoint integration and cloud file storage. It is, I think, inevitable that there will be likely more as we go forward. But I think right now our focus is really on completing the integration and making this broad enterprise platform available to a broader number of customers. We're not in a race to scale the products. Our products have been proven and they've been broadly deployed in very, very large organizations, so I think scalability, reliability, extensibility, those are things that the company has had to work out over the years.
I believe that we're in a world where the value of enterprise mobility is just starting. I think right now there's so much of the conversation being driven by employee-driven devices. It's just such a small part of the conversation. We have a large financial institution that is using Good Dynamics to secure the private banking application they're giving to their top management clients. We have an insurance company that is using Good Dynamics to give secure and policy-controlled access to their insurance brokers. Because the brokers are not employees, they're partners, I can't do device-management, I can't take over, I can't give you a whole second profile, but I can give you secure and policy-managed applications through Good Dynamics, where to you it just looks like another app you downloaded from the app store. But there's somebody behind it who really cares about controlling the access and controlling the data and can set policies to make sure that those assets are protected.
JG: When you look at the competitive set today, what would you say is the single key differentiator in the way you solve these problems for customers?
A: I think the key differentiator is we focus on the data, not the device. There are two other very popular approaches. You have either device manufacturers like BlackBerry or device-management organizations that try to replicate a BlackBerry-type device management experience, but on non-BlackBerry devices. I think you're drawing the perimeter around the wrong place. Because if you understand that what is required is policy and control at the data level, then anything you do at the device level is great, and it's a great first step, but it doesn't solve your data challenge. You need a solution that focuses on the data.
I think you have other companies that are looking at server-based virtualization. So folks like Citrix or others, and I think that is closer to being data focused, but it keeps so much of the usability and the user experience off the device, that unfortunately the user experience becomes very challenged. Therefore you get that risk of organ rejection or user experience rejection that I was talking about earlier, where the user will just, instead of VPN'ing in and using virtualization, will just forward their data to their Gmail account and deal with it there.
That is our differentiator and that is also what allows us to get into some of these other use cases like the banking applications or the insurance applications and doing things that are B2B and B2C, not just corporation-to-employee.
JG: In light of the portfolio discussion in the earlier question, what should people expect over the next six months to a year from Good?
They should continue to see us growing out the ecosystem around Good Dynamics. They should continue to see us bringing the barrier to entry lower for consumers. I think, again, because our solution has been enterprise-grade, there's a perception that it's somehow inaccessible to the average enterprise, that you need to be a global bank or a large federal agency in order to use Good, which is just completely not the case. And you should expect to see us break out into some new markets by taking this platform in some interesting new directions, either through vertical markets or into different market segments, layers of productivity.
JG: I wanted to ask about a market you're currently in with collaboration tools. So we talked about mobile management being a crowded spot. Collaboration is a really crowded spot. Why would a company go with your set of collaboration offerings versus one of the better known competitors out there?
A: With our collaboration suite, we're really very narrowly focused on those core user productivity applications as kind of an out-of-the-box, get your users up and running on the basic mobility applications they need, which are email, calendar, contacts, browser -- sort of "office-in-a-box." We don't believe for a second that that represents the user's entire need for collaboration applications, so we actually work through Good Dynamics with a number of those other vendors to do Good Dynamics versions of their apps. If you are using somebody else's IM or a collaboration application, or not using Good's, so long as they are supporting a Good Dynamics protocol, there is nothing that would stop the data from going back and forth. In fact we encourage developers and we reach out to those other collaboration solutions and help them incorporate Good Dynamics technology into their applications.
Largely it's customer-driven. If a company, a very large organization, has deployed Good across all of their mobile users, but they've deployed one of the other more traditional collaboration suites across other screens and they're looking to try to do some sort of intersection within mobile, it's a relatively friendly meeting place, where we consider ourselves to be a platform, and therefore we don't assume that everybody is going to use all of ours. I don't think that that's limited to even just the areas where we don't have apps. We have an IM client. We support other IM clients. We have a browser. If the user wanted to use somebody else's browser we'd support that as well. What we care most about is giving the user that secure workflow and the ability to share data across applications whether they're ours or anyone else's.
JG: Are there any big customers that have committed to using your collaboration suite as their standard?
A: Absolutely. Keep in mind, for mobile, our collaboration suite is really an extension of decisions they've made in other places. For example, many of our customers, not all, are Exchange customers. So this is Exchange extension. We have some that are Lotus Notes [users]. We have others that are in other buckets. But those are the two bigger ones. I would say yes, almost all of our customers have defined us as a standard.
MR: When you are thinking about the mobile platform landscape, do you prioritize support or development of new features for some platforms first, and which ones and why?
The answer is yes. I'm going to break that into what platforms do we support, and then how do we try to get equitable feature sets across multiple different platforms? The platforms we support are always a reflection of what our customers are asking us to support. Platform agility is not really a problem for us. And part of that is because we don't assume that the platform we land on is secure. So we secure within the container. We provide our own encryption, our own security APIs. So that means we have a lot less dependency and a lot less vulnerability as a result of whatever is happening in the underlying OS.
Right now, we publish a report every quarter on what we're seeing behind the firewall in terms of activation. So iOS for a long time has been the leader in terms of activations. I think in terms of growth Android is clearly right now the fastest growing platform, and we're just now starting to see Windows Mobile, although I'm expecting we'll see more of it. But a lot of our customers ask us to support it in an expectation of them wanting to support users on that platform, not in a realization of seeing a lot of those devices come in yet. As we know, the one constant in mobile is change. So I'm sure that portfolio will continue to change every year.
In terms of feature parity, again it's generally a reflection of what customers are asking us to do. And the one example would be where of platform prevents us from doing something. So iOS has some very different idiosyncrasies versus Android, and so there are always going to be cases where we have to code around or do something different or unique for one platform or another based on whatever the inherent native attributes are of the platform, just in terms of basic things. Think of background processing as the most glaring example.
MR: With iOS 7 it looks like Apple is starting to work in some application management APIs, some standard APIs. How do you deal with that, do you worry about the big platform vendors like Apple and Google starting to build more of this functionality into the platform and kind of squeezing third-party vendors out?
A: I don't spend a lot of time worrying about that. First of all, I worked at Apple for a while and I worked at Motorola and worked very closely with Google for a while, right up until the end. I think we have a reasonable understanding of where they're headed and how aggressive their interests may be or not be with respect to supporting our kinds of customers.
Our product is very focused on enterprise. We're not a prosumer solution, we're not an SMB solution, per se. So I think there are always going to be cases where the native solution may be enough and if the native solution is enough then that customer is likely not going to be looking for us. I would say nine times out of 10 what we hear from customers is that they've been in a one-platform world before. They've sort of gotten stuck. When the hardware that they were locked into was no longer what their users wanted, that's when they got themselves into trouble. We don't hear a lot of customers looking to deploy a pure native solution, I think mostly because of the pressure on mobile needing to span across multiple kinds of users, on lots of different devices. So that's going to mean that they need to have different tools for different implementation for those.
Penetration testing for security solutions in a large enterprise can be six, nine, 12 months, depending. They're not going to want to do that over and over again for every flavor of OS that comes out. It's just not feasible. It's one thing to win the proof-of-concept. It's another thing to actually win the implementation, which means you've got to be great at both.
JG: You joined in January. In April you announced a new CMO, Chief Revenue Officer, and new SVP of operations. Why so much management change?
A: I'll give you my version. I'm sure others will give you theirs. I came in knowing that this is a business that is in massive growth mode. We've seen tremendous growth, which means we should only expect to see tremendous growth from here. And it's not always the same skill set. And I don't even just mean with people. I even mean in terms of operating processes and how we run the business. It doesn't look the same when you are kind of a single product technology licensing company versus when you are an enterprise solutions company. It has big implications. It has implications for the kinds of customer conversations when we're talking to them about software development and business transformation. It's not always the same people even in the organization that we're having those conversations with versus the folks that would be buying a mobile management solution. We're at a different level within those customer conversations. It had big implications on our customer care organization. How do we do enterprise-grade service and support for our customers? How do we do developer support for our customers, because they're actually building solutions with us? And how do we speak a language that resonates with their business challenges?
So, like I said earlier, lots of folks think they know who we were, and because they think of us as that cute little secure email company, many folks don't know who Good is today. I said myself, even when I went into Citigroup, I wasn't even aware. And of anyone on the planet, it should have been me. So I think part of that is getting folks to kind of take a look at the new Good and to really understand the power and the potential of the technology that's sitting in this organization. And we're having a great time.
JG: Are there things that we didn't ask about that are really important to convey about what's happening at Good?
A: I think that more broadly across the industry I am looking forward to the conversation shifting from protecting devices to really driving business. We have a very aspirational view, which is: If I could remove the conversation about risk, what bolder strategy would you undertake as a business? Right now we feel like the powerful conversation happening with our customers is the CMO, the CEO, the line of business leaders saying -- I want my data at the edge. I want my insurance agent in front of the customer solving a problem, or my lawyer in front of the client getting access to data, and the value that that brings to a customer in terms of being able to drive results for the business.
Those conversations get met with: We can't, it's scary, it's hard. We really think the opportunity is at the intersection of those two conversations. Let's shift the conversation away from what device management, how do we white list and black list applications? How do we do email? Let's refocus that conversation on the value of the data and the power we could be bringing to your business if you could really embrace mobility. We think that is a conversation that's worth having in a very broad way. We're looking forward to that being a broader conversation across the industry.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.