For BYOD, gaining control is about letting go

We sit down with Ron Rock, chief executive of enterprise mobility company


There's just got to be a better way to BYOD.

That's bring-your-own-device, in industry parlance, which has swept companies around the globe as consumers—yes, that's you and me—demanded mobile devices that were more like the ones we carried around off the clock.

The notion of bringing your own phone to work is now widely accepted (though contentious), but just how a company goes about it varies considerably.

Pennsylvania-based thinks it has an answer. To learn more, I spoke with Ron Rock, chief executive.

ZDNet: Let's start at the beginning. How did you get into this space?

RR: I started a company in 2003 in business process management software. Big, enterprise, monolithic stuff. I sold that to Accenture three years ago this day. So I started looking for the next new thing. I spent my years in enterprise software development, but usually with a foot in business development. The thing that struck me more than anything was that cloud and mobile are feeding each other's growth. Cloud without mobile would not have been quite the rocketship, and vice-versa. A lot of early success there was consumer-oriented.

But people are seeing stories about how app developers aren't making money. It's hard to see your way clear to a sustainable business model. We spent the last 30 years proactively locking everything down. We built these fiefdoms in Fortune 500 companies.

Every January 2, all my employees show up with the latest device they got for Christmas and say, "I want to do my work on this." I wanted to leverage my enterprise experience and entrepreneurship and help the enterprise embrace cloud and mobile. Enterprises are quite used to spending a lot of money to figuring this out.

ZDNet: Is your company pushing IT departments along in this trend, or are you reacting to increased interest?

RR: We're no doubt pushing it along, but we're getting a lot of help from consumers. This consumerization of IT. As apps proliferate, and the price of them compared to that $10 million project [is nothing]. A lot of this is driven by CMOs and other executives. I can hire an app firm for 25 or 50 grand and get what I need, and the poor CIO didn't even know I did it. It's phenomenal. The CIOs have no choice. Everybody is breaking the rules. The Dropbox problem is real. The BYOD problem is real.

For the first time in history, if IT wants to continue to stand in the way and be a barrier, no problem: with a credit card, I'll just go built what I need and use it. My compliance goes to hell in a handbasket, sure. But the empowerment of the consumer right now, people are just going to find ways to get their job done.

ZDNet: Tell me about your strategy to address this.

RR: A lot of the strategies we're pursuing, it's a lot like the middleware of the 1990s. We had a lot of old, legacy stuff and we needed to wrap it in a new layer to take advantage of this abstraction. C++ and Siebel and the new call centers...the mainframes by themselves couldn't do that. All those new levels of functionality, we couldn't build them in mainframes. You brought a new layer of functionality to the enterprise.

There are a couple of ways to solve this problem. One is mobile device management. That's been done before, by BlackBerry. Proprietary? That model's not going to work anymore. Then there's MDM, mobile device management, where I put software on your device and get control over your device.

My son's employer, they gave him an option: a company phone, or $50 a month toward his phone—but they get control. So now he's one of those people who carry around two phones. They're trying to hold on to that idea that they'll have a footprint on a device you own. That's not really BYOD.

ZDNet: As opposed to...

RR: You need to put a modern middleware there. We espouse an API-modern middleware. We are behind the firewall connecting legacy stuff, but we’re also in the cloud, with a hybrid architecture. We connect with one interface—to Box, Dropbox, etc.—that allows you to build applications that are independent of all that hardcore plumbing and infrastructure. So you could have an app to conducti interviews on your iPad and sync with SharePoint that's single silo.

The analogy I've been using is this: imagine today that the appliances you plug into a UL outlet could only be manufactured by the utility companies. We solved this before: you plug into a UL-approved outlet, it works. You got the power you needed in a device that was approved. Utility companies wrapped the power grid in rules. That's how we got an explosion of development in electronics and all that.

The same thing is happening with BYOD. Microsoft buying Nokia is the stupidest thing! It's not about the device. The Tesla car is basically an electric browser on wheels. We're going to want to consume content on virtually any kind of device. Rather than me try to muck around putting my footprint on every device that connects to me, how about I build out an enterprise organization at the firewall? And at that level, I'll manage the rules around access, security, connectivity and all those things? And I'll publish a set of rules to adhere to, whether you're Google Glass or a coffee table? That's our vision of where modern middleware is going.

ZDNet: How do CIOs feel about this? Terrified, I imagine.

RR: When I share that with CIOs today, they're all over the adoption curve. Insurance and health companies? They're at about 2.5 out of 10. Half or more of employees are [working outside the walls to get their jobs done], and 15 percent have even used their own money to fund an app no one knows about. Very few enterprises right now have a fully figured out cloud and mobile strategy. The effective deployment of that strategy requires a hybrid model. Two drivers there: the cost dynamics are making it so mandatory, and

Security and financial services is quickly becoming a sovereign issue. Keeping data secure isn't a Goldman Sachs problem, it's a United States problem. It's only going to work if we put all bank processing across two or three major cloud providers, because no individual institution can [match that kind of investment].

So for, I can control at a document level what gets stored where. I can support virtually any device by linking it into my active directory or using contextual awareness—geolocation, time of day, app used to support it—and decide whether to authenticate. You don't get that with the VPN or MDM strategies, which I bet will be gone in 36 months.

ZDNet: OK, so how do you sell this?

RR: Our go-to-market strategy is threefold. First is OEM—we're finding that the best use of our technology is to bake us into something that already exists. We have one client, a life insurance underwriting company. 80 percent of those applications get rubber-stamped and approved. But let's say you have high blood pressure, and you have to fill out an additional questionnaire. I've got this HIPAA document. The company doesn't even want to store the document. So companies like SunGard and DocSTAR move into that space and store it.

But now the company needs to shop that application across providers, even though it's stored outside their walls. So you need to transport HIPAA-compliant documents. And it's hot potato—if there's a breach, there's a massive fine. So they're using our technology for a controlled, auditable way to move documents back and forth. In that environment, they had the underlying infrastructure for quotes, but they were faxing them. What control do you have there? Now they’re eliminating that.

OEM falls into two buckets: BPO, and big technology players like VMware or NetApp or Dell Boomi. They've got tons of servers around the globe and they're doing virtualization but they don't have any way to give you a view into your Dropbox or SharePoint. So they bake it in.

The second bucket is system integrators like Accenture and Capgemini. Sometimes I can't convince the CIO but they can often suggest it. And I'm not a complete solution. If you're plugging me in, what are you plugging me into? You need systems integration support or an application.

The third bucket is that I need enterprise companies to prove this out. Like Comcast—they're building mobile apps for senior executives who are tired of VPN on the iPad. So we're bringing in a mobile development firm to build a UI on their platform that matches the old one.

ZDNet: Fair enough. So how would you explain all this to a non-techie employee of a company?

RR: Have you ever been running through the airport and needed access to that darn document you left in SharePoint? That's what we allow you to do. The next evolution is what you want to do with that document; integrating BPM. The things you take for granted sitting behind your desk behind a firewall? Making that possible in a mobile environment is what we're about.