QA: How TiVo’s CIO manages disparate mobile platforms
- 19 June, 2017 20:22
Like many large companies, TiVo has grown in recent years through mergers and acquisitions, which means CIO Steve Palmucci now faces a disparate set of mobile platforms to secure and manage.
While he's yet to see tools that allow him to bring all mobile devices under one management umbrella, Palmucci has at least managed to standardize how corporate apps and data access get rolled out to employees.
In the future, however, he has his hopes set on a unified endpoint management approach that will bring his desktop and mobile environments under one umbrella.
How many mobile devices do you manage? We have probably somewhere around 1,000 on an employee base of about 2,500. I'd say 50% to 60% of our employees have mobile devices that access corporate data.
And, we have a pretty even split between corporate-owned devices and employee-owned devices. At end of last year, my company acquired another similar-sized company and we're still working through bringing them both together. In the end state, I envision that we'll have a single tool and we'll have more employee-owned devices than corporate-owned devices and that ultimately that tool will be able to manage all of the devices -- initially, all the mobile devices and then hopefully at some point in the future all of the devices in the company.
What enterprise mobility platforms do you use, and do they meet all your needs? For the most part we use AirWatch. And then, like some other companies, we grow through mergers and acquisitions. You're always acquiring and integrating new technologies.
We had a fairly large set of mobile users for whom we've used ActiveSync as a mechanism to provide a basic set of MDM capabilities that met our requirements.
It depends on what you need, too. I look at MDM, even the way we've deployed AirWatch and the way we've used ActiveSync, as more of a device management approach than what would be a more sophisticated way of looking at it in the future where it doesn't matter about the device.... It's a matter of how you protect data and applications, regardless of where they run. Our tools and processes today are geared around protecting the device itself.
So, ActiveSync does a fairly good job of that. We're able to provide forced passwords and device wipes and a certain number of failed attempts to log-in to blow up a device and all those things you can do.... But for the most part we have an approach that's about protecting the devices.
What are your biggest challenges with enterprise mobility management? I personally haven't seen, at least in practice, the ability to manage all devices in a unified way. We don't have the tools to do that. In fact, we don't even manage all our mobile divides in the same way, because we're going through mergers and acquisitions and it's a constant struggle to pull even just the mobile devices into a standard way of operating.
One of the big challenges that's just not there yet is the ability to look at a device, whether it's a PC, a laptop, a tablet or a phone -- whatever it may be -- and not care about the footprint or the physical device itself and care about the applications and the data. That's just not the reality. That's not the way things are managed today.
So we have a separate set of tools and processes for managing laptops -- whether they're PCs or Macs -- and a separate set of processes for managing tablets and phones. Actually, [there are] multiple separate processes regarding mobile devices.
So I think one of the big challenges is being able to manage all the devices in a common way.... Obviously, I think that's where it needs to go, where people are able to work from any device and access the same data, the same applications, but you're not able to manage them in the same way currently....
Windows 10 has been around for nearly two years and purports to have some unified endpoint management tools. Have you deployed Windows 10 and have you piloted any UEM? We're not using Windows 10 from the standpoint of managing end points. In fact, we have different tools for different end points. We have different tools to manage our Macs and Linux versus what we use to manage our Windows devices. So, it is very fragmented, not just between traditional devices and mobile devices but even in terms of the way we manage our mobile devices based on the legacy company you're a part of, and then on the desktop or PC side it's very fragmented based on the platform.
And, I'll tell you the other thing that's a challenge in our world is 50% of our personal computing devices are Mac or Linux. So, Windows 10 doesn't provide even an option for me to be able to manage everything in our environment. If you have a heterogeneous environment, it becomes a little more difficult.
Most companies, sizeable companies anyways, are in a position where they have to support multiple platforms - whether it's be Android and iOS on a mobile device or whether it's Windows, Mac or Linux on the desktop or laptop.
Do you see any third-party device management vendors who offer cross-platform management that can address your issues? Well, I've seen that they understand that's the way to go.
We happen to use AirWatch on one of our legacy [mobile] environments; they don't have -- to my understanding, at least -- they haven't articulated a very clear roadmap to being able to manage all the devices in the enterprise, although they have interest in doing that. We use MobileIron for another legacy company and they're in a similar boat. I don't think it's there yet. I would say even some of the companies do a better job managing multiple mobile platforms than others, but none of them really do a job where I can say there's a single provider, and I'm going to have that provider manage all of my devices -- whether they be mobile or more traditional devices.
Is the rollout of EMM/MDM somewhat decentralized in your environment, as in some different tools are used by the varying business units? For us, it's not that way. Although we don't have a single set of tools, we do have a centralized method of deploying the various tools we do have. We don't have business units that deploy their own tools. It would be hard to do that because if you think about it, for the most part, the types of resources we're talking about are corporate resources. It's access to things like corporate email and file share and a limited number of applications.
In our world, it's centralized even though it may not be the same tool. So, depending on which organization you may be coming from as a result of a merger or acquisition, it may be simply we're enabling ActiveSync for your personal device because you need to access corporate mail and other things, or if we give you a corporate device, we're giving you AirWatch.
The disparity..is more a function of the fact that we have multiple companies coming together, as opposed to a strategy that says let's deploy a disparate set of tools because eventually we want to get to one set of tools, whether it's for all platforms or just mobile. I think initially it will be one tool for mobile devices, whether they're corporate issued or employee owned, and then over time maybe it becomes a tool for all devices, whether it's mobile or PCs.
How have you focused on securing mobile devices, i.e., corporate-issued smartphones and tablets, mobile application management strategies, etc...? We have two companies that have come together. It so happens that the company that had the very large number of corporate-issued devices isn't using an industrial-strength MDM solution. So corporate-owned devices are protected with those basic device capabilities using ActiveSync, whereas in a company where there are a lot more employee-owned devices we actually have used an MDM solution -- AirWatch, in particular -- and mandate that if you're going to use your own device you have to allow us to enable AirWatch on your device.
We just don't happen to have a lot of enterprise applications we're pushing to mobile devices; it's more access to corporate data and things like email and other types of shared data, whether through file shares or cloud-based services like [Microsoft] One Drive and things like that.
We don't have a ton of applications we develop and have to deploy through something like a MobileIron or an AirWatch. It's more so protecting the device and the data that sits on the device....
Do you have concerns about mobile device security? Of course I do. I think mobile devices are becoming a much more attractive target for malware and obviously these things can become an entry point to a corporate network, so you have to be concerned about it. They're not immune to the same kind of problems you see on other devices.
I'm very concerned about not only the threat to the data that sits on the devices, but also the ability to use those devices as entry points into our corporate network if not properly protected.
I think the lines will become more blurred in the future to having to protect an Android or iOS device to protecting a Windows PC today. I think they're all vulnerable and they make the corporate network vulnerable as well if not properly protected.
Do you think it's easier to protect mobile devices now than desktops? I think that's true today, but I think it's definitely not inherently more secure. It's just the nature of the usage patterns, but that's changing very rapidly.
I think it's easier today, but it will become increasingly less easy as you begin doing more things on your mobile device than you do today on your desktop or laptop. Think about the way you use a laptop; you use web browsers and you're running applications on your laptop and not everyone is doing that in a meaningful way with mobile devices. Over a period of time, that's going to change and I don't think you'll have a big differentiation between how you use a tablet or a phone and how you use a PC -- even for things like content creation, content editing and things like that. I think over time those lines will blur and then the challenges are going to become the same. That's why having a single, common tool set and process for how you manage them is inevitable.
What percentage of your mobile enterprise apps are custom, partially customized or off the shelf, and what's lacking in off-the-shelf apps? We don't really have a very significant numbers of mobile apps we deploy -- certainly not a lot that we develop. I'd say an insignificant percentage are custom developed.
I think [the lack of mobile functionality] has to do with form factor and the ways things are developed. But I think it's a fair statement to say right now they're not in parity, so you don't have the ability to run an app through a PC and have the same experience as that app on a mobile phone. I think over a period of time this will normalize.
I think over time they'll become more in parity with apps you can run through a full, mostly browser-based application that you can run on a PC.
I've spoken with CIOs who've said one particularly onerous task is replacing damaged mobile devices in the enterprise. How do you address that? I agree. It's not something I'd want to spend a lot of time on because it's not like a PC where you can live without it for a couple of days. People need and want their mobile devices. If they're corporate-issued,l obviously then it's incumbent upon the company to get a new one into their hands as fast as possible, if not right away.
If it's employee owned, your obligation is to ensure when a new device is purchased you can apply the right policies and get access to the same data and make the setup as quick as possible.
We use a third party to manage our corporate-issued mobile devices. So, they're provisioned by a third party, the plans are managed by a third party, the replacements are managed by a third party - either under some warranty or a purchase and replace provision.