Main content

Why MobileIron CEO Simon Biddiscombe isn’t scared

Gary Flood Profile picture for user gflood May 4, 2020
A look at what MobilIeon - the IT security company that did it ‘the other way round’ - plans to do next

Image of Simon Biddiscombe, MobileIron CEO
(Image of Simon Biddiscombe, MobileIron CEO)

At diginomica, we're pretty used to speaking to a Silicon Valley executive whose accent reveals themselves to be Home Counties born and bred.

But hearing the Valleys lilt of Welsh-born Simon Biddiscombe, who went to Uni in Glamorgan but who is now President and CEO of 900-strong endpoint security vendor MobileIron, through the Zoom mic was something of a first, we have to say. If Biddiscombe's accent makes him stand out a bit in the Mountain View coffee shops, so does his resume: it's not many people who train as a Chartered Accountant who end up heading up a Californian technology company, though many do end up as CFOs (as he has done, for companies as varied as Wyle Electronics and QLogic).

Biddiscombe puts this down to a life-long passion for technology, inherited from his radio ham Dad, it seems. Conveniently enough, interest in the nuts and bolts of communication comes in handy in his latest role, shepherding a pretty unique security company.

Maybe as unique as being a Welsh accountant tech CEO, in fact. MobileIron's origin story can be dated more or less to the day back to the launch of the first iPhone, when the company's original founders decided all the world's C-suite executives would want one of the shiny new things, would dump their Palm Pilots and BlackBerrys… and would then expect their CIOs to make them safe to use for making multi-billion dollars from the beach, kind of thing.

Hence the noun MobileIron keeps coming back to: ‘endpoint'. Unlike security companies that come out of the datacentre or the network or the firewall, it's a company that sees its perspective as being from the end user device back into the enterprise, as opposed to the other route of travel. It hangs its hat, then, on the idea of so-say ‘unified endpoint management' (UEM), a category it claims it pioneered in 2007, when it became the world's first ‘mobile centric' security offering.

Another key concept in the MobileIron lexicon is the idea of ‘zero trust'-that busy users hate passwords and that another approach needs to be offered them. And, so far, it's a story that has been working. Biddiscombe says:

The company was born around the idea of delivering to the C-level executive, secure and managed email. Over the course of time, that managed set of capabilities continued to expand beyond just the management of the device: management of applications, the management of content, secure browsing and so on. The management stack continued to grow, and we've sold the technology to 20,000 customers over the course of the last eight years.

What you've got coming together is this concept of everything associated with the endpoint; how do you think about management, security and identity at the endpoint? So we've introduced identity-based solutions that ultimately allow you to use your device as your identity to access the various services you need to get into the enterprise, to be able to do your job. For 30 years, CIOs spent their money making sure that laptops connected over corporate networks all inside the firewall, ultimately connected to datacentres that they had complete control over and built themselves.

How we work today, it's mobile devices connected to cloud services, whether it's an iPhone connected to Office 365 or Salesforce or Dropbox or NetSuite, there's very high likelihood that no part of that ever touches your corporate network. So we validate the device, establish the context, check app authorisation, verify the network and then detect and remediate all the threats before we grant access to those services. We give the CIO a new way of thinking about how to solve that security paradigm, which is ultimately about just making sure they have control over their corporate data.

A competitive landscape

It's a solid proposition. And the customer roster is solid, too, though luxury car-making (Aston Martin, Biddiscombe's favoured use case) is a bit of a niche vertical. The challenge is that the company is doing fine, but is still pretty small and faces some hefty competition. Granted the special circumstances of the Pandemic, predicting sales of between $195 million and $205 million, for a decline of 5% to flat over 2019, for 2020, is not Unicorn-level valuation, and when Biddiscombe goes into sales beauty contests he's facing people like Microsoft, VMware and the like.

So how does he cope… what's the MobileIron buy reason, if it's ultimately a challenger brand? For Biddiscombe, the USP is focus and expertise:

Historically, we've always won when security mattered. Because we've had a much stronger security framework set of certifications, we've always won when security mattered. Our competition didn't historically have the same certifications for security that we had. In order to compete effectively against Microsoft and VMware, if we don't have the best-in-breed technology for what we do, then obviously the breadth of what others can bring makes it harder for us to compete. So we've always got to have the best in breed. There's not a customer or an analyst out there who doesn't think that MobileIron is the best technology in the market, and we believe it wholeheartedly.

When I think about what we offer today, in terms of how simple it is to onboard a customer, the user experience associated with our technology, the flexibility we offer... competing with Microsoft is often about nobody really wants to do business with Microsoft, right? They didn't get to be the biggest company on Earth giving software away for free. They usually don't have the best product in the market either. Microsoft ultimately wants to lock you into the Microsoft stack. They don't want to make it easy for you to send business to AWS. So we're Switzerland-agnostic as to services, client services, and OS.

The other thing that's hidden in our numbers is that we're going through that transition that many software companies have to go through-from being a perpetual on-prem license business to an increasingly cloud business that's subscription-based. When I think about what we've done with our identity solutions, when I think about what we're doing with threat defense, when I think about what we're doing with the Mac OS, the new solutions are growing very nicely in the market at this point in time.

My Take

MobileIron came out of an interesting place, and has been able to maintain its distinctiveness. Undeniably, it's a smaller company than its rivals, but if it can pull off its planned expansion into Identity, the corporate Mac world, and field worker (especially in healthcare - think, clinicians with iPads needing secure access and prove their credentials on the move), then the immediate future will be (ahem), secure.

Indeed, just as we were going to press, in another sign there's no lack of confidence at the top of the company, MobileIron announced it had made its first ever acquisition: a swoop on German/Polish mobile automation app release software specialist incapptic Connect, with the claim that enterprise app release processes can be simplified and brands can bring their security and employee productivity strategies "to life" in parallel.

On the call, Biddiscombe also told us about plans for mobile phishing defence, which is another intriguing fresh market certainly worth exploring. Yes, it could be bought out by a bigger layer-but CIOs (and CEOs with their still-favourediPhones) may well agree with this Welsh former accountant that things like COVID-19 actually show why we still need companies like his:

MobileIron's vision was to enable workers to be able to work on any device connected to any service and give the CIO confidence that corporate data is secure, regardless of where it sits. With our new passwordless authentication capabilities and the device becoming your identity, which we've picked as our focus moving forward, enabling employees to have secure passwordless authentication into whatever service it is the need to be able to do their job and allow the CIO confidence that his corporate data is protected as robustly as he'd always have expected it to be, I think the current crisis is actually going to help make that a convincing proposition to many people.

A grey colored placeholder image