For IT, security and management strategies focused on devices will break down; they'll need to move to policy-based security and management, likely combining user identity and information rights management. Apps will need to handle this rights information, as it will become increasingly difficult to manage what apps people use on devices or via the cloud. IT will need to move beyond the notion of apps as firewalled endpoints, as it's now starting to do with devices. But OS developers and app developers need to create the hooks for such information management for IT to be able to carry it out.
In other words, there is no perimeter to defend; information needs to carry its own permission policies, and management tools then need to compare the user permissions to the content permissions and apply appropriate policies for that combination. The major mobile management vendors -- Good Technology, MobileIron, and SAP Sybase -- are moving in that direction, as are smaller vendors such as AppCentral and Nukona, not to mention Symantec (via Altiris) and Centrify on the systems management front. To a lesser extent, so are Microsoft (via System Center) and Apple (via OS X Server). Several vendors offer information management APIs for mobile developers, but they're all tied to specific management tools, so no scalable, standards-oriented approach is in place.
This is an area where Microsoft and Apple should get together and jointly define a standard, as they have both the market power and stand much to gain from a standard. We've seen it work before: When Apple and then Google adopted Microsoft's Exchange ActiveSync (EAS) protocol for basic device management, they created the opportunity for IT to accept non-BlackBerry devices. In doing so, they also made the BYOD phenomenon viable for messaging by creating a core set of assurance that software vendors could augment for more specialty needs. We now need an EAS equivalent for information management to bring the same benefit.
The end of siloed data
This fluidity of information, state, and credentials is fundamental to the architecture of Windows 8 and to the iCloud-mediated OS X/iOS duopoly. I'll call it "iOS X" now rather than "MiOS," as Apple has dropped "Mac" from its PC OS name, when referring to common capabilities in iOS and OS X.
For example, both Windows 8 and OS X distinguish between local storage and cloud storage in their developer APIs and, with Mountain Lion, in its user file-access UI. (iOS doesn't differentiate; instead, everything can be synced to the cloud even if stored locally.) For developers, the key is that some data has to be assumed to be synced at any time with the rest of the user's devices -- it's no longer in its own silo. Rather than caching work in memory and writing the file explicitly to disk on each save (the long-standing PC approach), changes are saved in real time and synced nearly as fast via Windows Live or iCloud.
iOS has never had explicit save; files are saved as you work. OS X Lion introduced this concept to PCs last summer; Lion-savvy apps also save as you go, and the old save operation has been redefined to mean save a version in the file so that the user can go back to specific breakpoints he or she defined in each save. Windows 8 takes the same approach.
This will sound like technobabble to many users, but it's a fundamental change that points to the separation of device from the data it is working on. After all, that's why Apple introduced iCloud -- first as an app-specific document-syncing service but now growing into a more flexible cloud storage service -- and why Microsoft is reworking its Windows Live service to do the same with Windows 8.
Of course, they sync much more than data; Windows 8 also allows syncing of application state, so you can pick up your work on, say, a tablet, where you left off on a PC. By contrast, iCloud ensures the file state is consistent but not the active tools.