The following is a field report from a Cortado employee who uses a managed iPad for his daily work.
Every IT solution has to prove itself in the field and since I work with our solution every day, I wanted to share with you my experience. Of course, I’m not completely impartial, but I’ll save you the sales pitch today. I’ll report honestly, and I think my evaluation is fair – this will give you a good understanding of how I work with Cortado, how I feel about it and whether it could be something for your employees.
It’s 4:30 a.m. in Berlin. I wake up to the sarcastically carefree, cheerful sounds of my alarm and rain against the window. A painful look at my far-too-bright display reminds me of my appointment today. An on-site meeting with you. That is something that makes getting up at this ungodly hour worthwhile.
Don’t worry, it wasn’t your fault that I had to get out of bed this early. Rather it’s my preference for surface-based transport. But that’s for another day. So, I get ready and make my way by urban train to Berlin’s central station where I have some time to read through once again which points you want to cover with me in today’s meeting.
iOS or Android? Anyway, So Long as its Native.
As far as smartphones are concerned, I would describe myself as an early adopter. Since the arrival of feature phones, I’ve owned pretty much everything that was on the market. Essential things, such as e-mail, calendar, tasks and so on, were always presented in a different way, depending on the platform. Personally, I’m more of an Android guy, but I have to admit that iOS impresses me when it comes to PIM.
I took a look for myself how many PIM apps I’ve tried so far. iOS and Android combined, I have 63(!) different apps. Everything is in there, big and small, commercial, open source, highly praised to completely unknown. I have to say that wherever my experiments took me, I finally always came back to tried and tested, preferably native solutions.
At that time, there were still practical reasons for this since storage space was scarce on early mobile devices. Now I am convinced by the broad compatibility and deep, conflict-free integration into the operating system. At Android it’s Gmail and the stock Android calendar. Every serious alternative was either too expensive or had a hidden disadvantage. I am thinking here of the industry-leader from Vermont with their e-mail app. Why this has no built-in Exchange task sync is still a mystery to me.
I ended up with iOS through my work when I got a fancy iPad Air 2. I was skeptical from the beginning. However, when the thing was handed over to me fresh as a daisy and when I switched it on for the first time after taking it out of its original packaging, the device was fully automatically set up (yes, Exchange, Wi-Fi, VPN, software etc. included and without any interaction on my behalf) – I was impressed.
In retrospect, I understand how end-users must feel when they get an iOS device procured through the Apple DEP. It couldn’t be simpler. Google has to step up to the mark and follow suit here. If you want to know more about DEP (and you want to, if you use iOS devices professionally), then I recommend this article.
MDM: Automation vs. Flexibility
Automation is of course very convenient, but it often suffers from the flexibility that I have come to really appreciate. Many customers tell us that some MDM vendors ship PIM packages that include their own e-mail, calendar and contact apps. This can have its advantages, as it is easier for the MDM manufacturer to provide control and compatibility.
However, to expect an MDM vendor to provide user-friendly e-mail, calendar and contacts apps that supports all current and upcoming operating system features is a bit much to expect in my opinion. I appreciate the freedom to choose which apps I want to use. The only requirement is that these can be configured automatically with an MDM system and come from official, trustworthy sources. Fortunately, the number of apps in the app stores that support these features is constantly increasing.
I am currently reading through the PDF of my presentation for you. One thing strikes me here, which is not yet fully shown in the presentation is that you said you would like to give users the opportunity to work on their own devices and expect to not only have iOS devices in use, but also numerous Android devices.
I should add to the presentation that, in addition to the Work Profile mode (a native Android feature that allows us to create a secure, private application-encapsulated business area on Android devices), we can now route the traffic of any Android app via a VPN tunnel. Since you indicated that you want to deploy several third-party apps in the separately-identified business area of the Android device, this would be very relevant for you.
This is a great Android feature, by the way. About 2 years ago things looked completely different on the Android side. Nearly every smartphone manufacturer seems, for some reason, motivated to adapt the OEM version of the Android operating system for its (more or less meaningful) purposes, and then adds more or less well written, meaningful applications. This means there were never really uniform, cross-provider interfaces guaranteed that the MDM software manufacturers could use to configure Android devices remotely. Since the release of Android Enterprise this is no longer an issue. Of course, not all manufacturers adhere to the strict guidelines that Google now provides for the implementation of APIs for MDM software and by which all Google partners must adhere to. Fortunately, the Android enterprise interfaces belong in most part to the obligatory part of the operating system.
By the way, a current list of manufacturers and models that are fully compliant is available here with the directive can be viewed here. I’ll mention this in more detail in the presentation.
File Access – Be Productive When It Matters
I’m using the Office package – yes, even on iOS. My love of the native iOS apps is unfortunately limited to the PIM apps. Pages, Numbers and the like are probably great apps and, frankly, I probably didn’t pay enough attention to them. But since university I’ve been in love with the Office package. My relationship with an open source alternative ended, which besides support of add-ons (e.g. Citavi), simply could not provide the stability required when cramming all night before exams.
But how do you edit a presentation that you have saved on your company’s network drive and that you (or me!) unfortunately only have saved locally as a PDF version? A classic problem, not just for those who would have liked to spend 20 minutes more on the presentation yesterday and now have to try to update the presentation when sitting in the train.
However, something else always needs to be taken into consideration – data protection and IT security. Unfortunately, a topic that can’t be ignored. Conflicts of interest between admins, data protection officers and end users are an everyday reality. However, the management of a business is often forced to add to this traditional area of tension with the necessary adherence to the applicable laws. Personal data and generally all data records provided by the company have a special need for protection. If you want to know more about data protection, then I would recommend downloading this whitepaper. But right now, I’ll focus on how to practically enable secure access to corporate resources.
Admins can distribute apps to end devices as so-called “managed apps”. These are treated differently on the end devices. It is possible to use a policy to prevent me from opening business content with “unmanaged apps” – apps that I’ve installed privately. In this way, our admins prevent us from opening or distributing (unintentionally) sensitive material in unsanctioned apps. It has happened before that I had to access a file on the road for which I didn’t have a suitable managed app. This is of course not desirable, but fortunately our admins are flexible and can simply assign me a suitable app remotely on request, which then lands on my device instantly.
In this case everything is fine, and I can open the file with PowerPoint without any issues. I’ll edit some slides, add some additional information for you and just close the app again. I sit back while my train speeds through the grey morning. I listen to some music on my headphones, happy in the knowledge that I don’t have to forgo private apps even with a managed mobile device. Relaxed, I put my iPad into the seatback pocket in front of me and sink into the sounds of Pink Floyd.
The Unpleasant Feeling of Forgetting Something
I’ve arrived at my destination now. It is busy, so I quickly pack my things and step off the train. I try to orientate myself and make my way through the crowd. I jump in a taxi and drive to your headquarters. I put my Bluetooth headphones back on and I’m surprised that I can’t hear anything. Instead of Dark Side of the Moon, just meaningful silence.
I’m sure you know the feeling of forgetting something valuable somewhere. If you leave your wallet somewhere, the loss is fortunately limited to a manageable value. This does not apply to business mobile devices that have access to the corporate infrastructure. Here, neither the loss is capped, nor can it be estimated in any way. Fortunately, EMM systems offer an effective way to limit the potential damage.
With a sinking feeling in my stomach and the overwhelming certainty of having left my iPad on the train, I open up the User Self Service Portal on my phone. With one click I reset the iPad to its factory defaults. Because the iOS device runs in DEP mode, it cannot be used by anyone else. It is now just a fancy piece of aluminum and glass.
I leave the taxi and standing in front of your building’s entrance start to think that I don’t really need the presentation anymore. I could actually just tell you about my journey today and you would already have all the facts required to make the right decision.
P.S: My iPad was given in to lost and found and I picked it up on the way back to Berlin. To get it back up and running, I just needed my AD credentials, the provisioning of all business profiles and apps is done automatically in the background by Cortado.