International Business Machines Corporation (IBM) Earnings Call Transcript & Summary

Good morning, good afternoon and good evening to our viewers around the world, and welcome to IBM's Securities Webinar hosted here on [ AD24 ]. [Operator Instructions] And without further ado, I would like to have you sit back, relax, ask some questions, engage with us and enjoy this IBM Security Webinar.

Hello, everyone, and welcome. My name is [ Spencer Gibson ]. I will be your host for today's webinar, and I work for IBM Security. Thank you for joining today's addition of the IBM Security Daily Demo Series, a daily webinar to bring you closer to our security experts and a chance to see examples of how our solutions can address today's top cybersecurity challenges. Today is Mobile Security Monday with MaaS360. And I am joined by Ryan Schwartz, Product Marketing Manager; and Eric Geller, Cloud Security Architect. With that, I'll kick it off to Ryan to get us started.

Perfect. Thank you, Spencer. As Spencer mentioned, my name is Ryan Schwartz. I'm a Product Marketing Manager for IBM Security MaaS360. We'll cover what that is, and what the market it exists in. Unified Endpoint Management is in a little bit in this presentation. But first, I wanted to touch on what else we'll be covering today on this agenda. I'm sure most folks on the call are new to this specific webcast. But for those returning, welcome back. We'll be covering much of the same topics but with a little bit of a modernized twist a week on from when you may have previously seen this presentation. So to go over the agenda quickly. The first thing we're going to touch on again are the benefits of work from home and BYOD. The point there being that while we see this -- obviously, we've seen this shift towards folks working from home, we want to make clear that there is a benefit to the amount of people working remotely, that there have been measurable productivity and economic benefits to people not only working remotely but also, in case of BYOD, working from personal devices. From there, we'll talk about how IBM offers to help with MaaS360, what Unified Endpoint Management is, go over a couple of workflows in MaaS360 that can help support this remote work environment, talk about access management and data security briefly and then pass over to my colleague, Eric, for a walk-through of the MaaS360 demo portal. So with that, I'm going to ask Spencer, if you don't mind, go to our next slide. So first and foremost, as I mentioned, we wanted to touch on some stats. So first one, the 2 top ones there are specifically about remote work and working from home. International workplace group, as you can see, kind of 85% of surveyed organizations reported increased productivity through work-from-home programs. A lot of findings there centered around the lack of distractions when folks are working from home. Shorter commute time -- well, no commute time in this case. So no stressful commute. So everyone is starting the day fresh, and you are able to plug in and be productive. The other side there is out of 500 employees studied by Stanford University here, it was found that there was a 50% decrease in overall employee attrition when folks were allowed to work from home. We can assume that most of these people working from home are probably working from a personal device. Well, we can assume that a large portion are working from a personal device. And in that case, we'll talk about some of the benefits of that personal device using BYOD. So personal devices, as you can see there, as found by Frost & Sullivan, save employees about an hour a day, 34% increase in productivity. And again, that is because the device is familiar, they don't have to learn a new operating systems. They don't have too many applications beyond whatever is distributed out by a management tool. But they're comfortable with their device. And they're comfortable with, for the most part, the privacy on that device as well, which is something that Unified Endpoint Management platform should establish. We'll talk about it a little bit as well. And finally, companies that allow BYOD have saved an average $350 per employee per year according to Cisco. Now that is if you've rolled out a BYOD program prior to this shift, that obviously makes more sense because you're no longer purchasing corporate devices. If you continue to purchase corporate devices, you not only can do a BYOD program, that's perfectly fine as well, and there are certainly benefits from a remote work standpoint there. But just to highlight this, if you were to move forward with personal device use in the future, you'll find it worse for your organization after having used it for a few months here now, it is something that's not only productivity viable from a productivity standpoint but also from an economic standpoint. Spencer, go on to our next slide. Now that we defined some of the stats, let's talk about how to secure all of these devices that are remote. The way to do that is Unified Endpoint Management. What is UEM for those that are unfamiliar? It's the next step in the evolution of mobile device management and enterprise mobility management. It takes the principles of MDM that management of smartphones and tablets, that unified security policy, compliance rules, and it pairs it with the capabilities of an enterprise mobility management tool. So the data containerization and separation, distribution of corporate applications, enterprise apps, [ as apps ], having that level of security to allow for relay or VPN to access corporate data. And it goes beyond that as well to add in some of the functionalities of something like client management tool and managed laptops and to provide patching and updates on Windows machines. And also it's another technology such as identity and access management, mobile threat defense and some of these other tools we'll touch on as we go through the presentation as well. It's essentially taking the stance that to effectively manage devices, you need to manage the entire -- the user's entire journey throughout the day. So making sure that you have an identity tool to manage access in the first place provided through the same tool that's managing your devices. You can have a layer of conditional access centered around the place, compliance and location. Once you've done that, you can enroll threat defense tools to secure the session that, that user is now, well, in because they've been authorized for access. They're accessing applications. They're accessing Internet sites. And we want to make sure they don't hit a phishing site, they are not susceptible to man in the middle attacks on a personal Wi-Fi network. And having all of these working in concert to manage those devices and users effectively and minimize the risk that someone brings into an organization with a BYOD device or even working on a corporate device and using it for personal means in some cases. So essentially, I've covered most of it. But to go over the right side there again, it's a single console for all those different types of devices, again specifically laptops since that is something we're seeing on large numbers as folks are working from home and need a main workstation. It's unifying the application of this data protection, device configuration and usage policies that's getting a single view of users for their entire workday, but also allowing for the collection of workplace analytics and other analytics through, in MaaS360's case, the Watson Advisor, which is providing real-time insights into devices and operating systems that are enrolled. So say, if a device or group of devices aren't currently on the latest version of Android, the administer will be alerted through the portal and also told what potential risks are associated with that and vulnerabilities and how to effectively defend against those risks and what to do to remediate the issue quickly through the MaaS360 portal. And finally, with UEM as a coordination point of all of your other solutions that are relevant to device and user management. So in this case, your SIM to be able to send reports from UEM into your SIM solution, will report info around devices and operating systems' vulnerabilities. You have your, as I mentioned, identity and access management tools integrated either outside and integrated into the solution. Or in MaaS360's case, it can come out of the box with SSO and MFA if that isn't currently something that you have deployed in your organization. And again, it'll take up some of the functionality of the client management tool. And those are just tip of the iceberg. We can also integrate and UEM should integrate with things like a CRM or ServiceNow or other tools that are really integral to the organization when managing devices and users. Spencer, go on to the next slide. So right now, we'll talk at a high level. We'll start from the start here. So the first step of any endpoint management deployment is being able to, well, enroll. So what we'll talk about here is the out-of-the-box experience, but there are a ton of different enrollment pathways that can be accomplished through a Unified Endpoint Management solution and specifically through MaaS360. But the out-of-the-box experience is tied to some of these programs on the right that may be familiar to you on the call right now, whether it's Android enterprise, Apple's DEP program, Knox or Samsung KME rather or Windows out-of-the-box experience. These are all programs provided by a device manufacturer to then integrate with the UEM tool to allow for out-of-the-box bulk enrollment. So that in the case of DEP, for instance, when the Apple device is powered on, that Unified Endpoint Management tool is already -- or the application for it is already installed and embedded into that platform. So the management is already there, and the device is already configured for work purposes. All the user has to do is go through a couple of quick enrollment steps and quick configuration steps that you define, and then they're off to the races. That's one way to do it. And obviously, that's done over-the-air or even done out-of-the-box if it's something like drop shipping corporate devices. But these programs, while they're primarily for corporate devices, many of them can still work for BYOD devices as well for those that are working from home on a personal device. So in Apple's case, there's Apple User Enrollment, which came out with iOS 13, to allow for data to be separated on a personal iOS device as well. For Android enterprise, there's Android profile owner mode, which is a mode that essentially creates a containerized space in that device specifically for corporate data. So the -- and then on Windows, there's also Windows Information Protection, which can, if the user allows it, enlighten, as Windows has called it, an application on that device to encrypt the data they are in. It's used primarily for corporate devices, but it is something that in a high security environment can be used through MaaS360 for personal advices if need be. And that's really just tip of the iceberg with the out-of-the-box experience because you can see there it's something where you can have out-of-the-box SSO for unified app catalog. It's all done, as I mentioned, over-the-air. It has end user self-service capabilities that the user needs to [ link over ] after the device has been configured out of the box, locate their device if they had lost it or reset their passcode on the fly. It's something that they can do their own rather than calling the help desk with simple tickets. And that's something you can do regardless of how the device is enrolled, but it's something that is worth pointing out for these low-touch and no-touch deployments that may not have a lot of immediate [ IP ] intervention out of the box. And with that, Spencer, if you don't mind going to the next slide. All right. Now that the device is enrolled, let's talk about MaaS360 and some of the main topics here that we want to cover with that solution. So there are 4. As you could see here, we really want to go over when it comes to managing these devices that are currently remote. So the in-built security capability, that native containerization and data loss prevention is a major aspect here. That container piece, which we will get into a little later in the presentation, is an application on that device that's essentially an encrypted sandbox. So a user can access their e-mail, calendar, contacts, other necessary applications for work, but you can limit that so they cannot take any of that data outside of those applications and send them in a personal text message, for instance, or put them in a personal e-mail, which obviously is very important now to allow access without allowing people while they're working from home unsupervised to take that data and potentially send it to sources that shouldn't be sent to. And that's really the tip of the iceberg with that in-built security. As I had mentioned, the other aspect there is that mobile threat defense capability, something that's also available through MaaS360 through partnership with Wandera. So beyond just that data security, there's also the capability to -- or the ability to protect against from phishing attacks, man in the middle, cryptojacking and some of the other major threats that users could be susceptible to while they're working from home. The next step there is applications on demand. So this does heighten the security slightly in that some of these -- your enterprise applications can be configured through MaaS360 rewrapped in our proprietary SDK and pushed down into the containers so they can have authentication, they can have -- or enforce authentication, they can have these data loss prevention policies in place off the bat. And then, obviously, outside of that, you can also distribute some of your SaaS applications and have some specific parameters set around those as well. And lastly, beyond that when it comes to apps, you can also go to self-service route. Instead of simply distributing out individual work groups of apps to users, you can distribute out, as I mentioned on the last slide, a unified app catalog. That's something that isn't just specific to the device manufacturer programs, but MaaS360 has a zone app catalog as well. So you can create curated app catalogs per department or per user so users can go and get those applications as needed, which as someone is trying to get access to the apps they need quickly, they don't necessarily want to sort through hundreds of corporate apps. They want to be able to go for the apps that are specific to their job function. So using that unified app catalog is very helpful to get someone set up from home immediately when they need to be. I will add something, desktop support. So we've talked a lot about mobile devices. We've talked briefly about Windows. But MaaS360 does have robust capabilities around Windows and macOS devices. For Windows specifically, we can do remote patching and updating for those devices. So for devices that are no longer on domain or outside of corporate perimeter, in this case, since they're remote and may not be available for patching and updates from a traditional client management tool, MaaS360 can do it over the air. There's no need for a VPN. There's no need to be on the network. As long as they have an Internet connection somewhere, you can patch those devices through MaaS360. Beyond that, there is the ability to distribute legacy applications and files. So your MSI, EXE, bat scripts, PowerShell, whatever you need to distribute to these devices, you can do so through MaaS360. And obviously, that's all on the client management tool side. But on the other side, you do still have those unified security policies, such as the expectation on macOS, for instance, the FileVault or BitLocker on Windows 10 devices, being able to control the encryption level and enforcement there. And finally, uniformity of experience. So the last thing, and we'll cover it again in the container section, is that through MaaS360, when users are going into those containerized applications, we strive to mimic the native look and feel of the operating system that those applications are running on. So for an Android device, the MaaS360 Secure Mail app is going to look very similar to the native mail app that's on that Android device. Same thing with iOS in this case. So someone doesn't have to learn a new workflow simply to be able to work through a secure application. So we're not hindering productivity by bolstering security. Spencer, go on the next slide. All right. And now we'll talk about a couple of quick workflows here. So now that we've talked about the security around MaaS360, let's talk about allowing folks to access the data they need to access and how that is accomplished and how these devices are bulk enrolled if you're not using a manufacturer program. So through MaaS360, we have a piece of software called the Cloud Extender. That's installed onto a VM or onto your -- onto a physical server, whatever you might have access to in this case. Once that's installed, you configure it to tie into your user directory such as active directory or whatever you might have to then pull in all of your different users and devices that are connecting to your corporate network. Once you are aware of who's connecting and what devices there are, you can then decide who is going to be able to actually enroll in MaaS360 and send out a static URL. In the case of IBM, it's m.vm/ibm. It will be whatever you decide for your organization. You send that out to your users. They can click that and enroll their devices in 5 minutes using their corporate credentials. Once they're enrolled, they can be granted access to SharePoint or similar file shares by another module in Cloud Extender corporate MaaS360 gateway, which then allows secure access to files through the container. Now if someone gets the link that isn't supposed to have their device enrolled and they try to enroll their device, you can also set up an auto-quarantine or a one-off block that block folks that are unauthorized to be enrolled in their devices for corporate purposes into MaaS360. So you can also stop some of those folks as well and just defining exactly who should be getting access. Speaking of access, Spencer, go on to the next slide. We'll talk about identity here as well. So just to touch on it briefly, as I -- because I've mentioned it a few times already, MaaS360 does come equipped out of the box with native single sign-on. We do also have the ability to provide multifactor authentication and conditional access by tying into the compliance rules, the automated compliance rule of the MaaS360 and tying into the Wandera threat defense for risk-based conditional access. So there are multiple ways to be able to authorize a user and ensure that the right folks are accessing the right data with MaaS360. And finally, once they finally get through, Spencer, go on to the next slide. We have the MaaS360 container, which I know I have kind of described ad nauseam here. But just to reiterate, that container, that sandbox space on a device, it has MaaS360 set of applications here which are tied into your e-mail, calendar and contacts. You can push down your enterprise applications and all of them will have that layer of data protection on them. So even when a user is authorized, even when you know it's the right person accessing the right data, you are still able to have control over that data and flexibility to remove that container once people start going back into work if you no longer want to allow device access through MaaS360 or on a personal device or a corporate device. So with that, I went a little over the time I was supposed to go here, so I'll pass it off to Eric. Thank you, everyone, for being on today, and enjoy the demo of the solution.

Good morning, good afternoon, good evening, everyone. My name is Eric Geller. I'm a Cloud Security Architect with IBM. And today, we're going to be talking about MaaS360, which is a mobile device management and Unified Endpoint Management platform. That's going to enable us to very, very easily and rapidly allow our remote users who may not have had access to corporate resources from their home or from personal devices before, engage with a lot of the resources that they're going to need when they are accessing these data sources from remote locations where they may not have accessed them before. A lot of times, we require people to use corporate devices to access services, and that's completely understandable. But in today's climate with all of the things that we are having to deal with, a lot of times, it's easier to get people to access corporate resources utilizing personal devices. And MaaS360 enables us to do that, both easily and securely, most importantly. So we're going to talk about different aspects of the MaaS360 platform that is going to set security policy to be able to perform important actions on devices as well as to give them access to those corporate resources, such as calendar, contacts and e-mail. So each step of the process we're going to do to show you exactly how to set this up. So this is the MaaS360 home screen, as you can see. It gives us a variety of information like alerts that may be in things that we need to be aware of as well as what is called My Advisor for Watson, which essentially is a proactive alert panel that brings to the administrator's attention, things that they may want to take a look at in regards to informational and security alerts. So you'll notice that these menu items that we have going across the top, of course, each one of these has many different subsections to them, but we're going to start out here under Setup. So the most important thing when we begin MaaS360 is we essentially go to the MaaS360 IBM page. We sign up for a portal trial. And literally instantaneously, as long as we type in our username and passcode or our IBM ID, we are going to get a portal that's substantiated immediately and that we can start working with. So the very first thing that we do when we initialize that portal is go into Services. So Services is the area that essentially gives us the ability to turn on and off the different components within the MaaS360 platform that we want to make available to our end users. So you'll notice we have mobile device management, secure mail, mobile application management and so forth. Now each one of these essentially turns on or off these major subsections of the MaaS360 platform that is going to enable it to then give you the ability to offer these services to your end users. So for example, you've got mobile device management. And you see more -- each one of these has little more buttons to them. And each one of these subsections allows you to, for example in MDM, to upload certificates for iOS or Android mobile application management, allows you to distribute applications out to users and so forth. Okay? So that's the very first thing that you want to do, is go to Setup, Services and choose which components you want to use. The next thing we're going to do is go to Setup and then Settings. Now under Settings, once again, this has several subsections, but the one that I'm most particularly interested in right now is the corporate identifier and the user authentication mode. So these are the 2 really important things to start out with after you enable your different components, your different services. And the first is this corporate identifier. So right now, you see that it's a secure demo. So this is just a human readable word or series of letters and numbers that I'm going to choose that makes my portal unique to me as an organization. Now when you get this by default, it's actually going to have the account number. So if you see down here in the bottom, this 30097 and so forth, that is the portal ID number. And by default, that's what's going to be in your corporate identifier. But I generally want to replace this with something human readable, whether it's an organization name or a company name or whatever, and that makes life easier for both the administrators and the end users. And I'll show you exactly why right now. So the very next section is the default authentication mode. This becomes very, very important because this is exactly what kind of authentication is needed when a device gets enrolled within MaaS360. So you will notice, for example, that I've got authenticated against corporate active directory. Now that's generally the way that most organizations are going to choose because it allows MaaS360 to talk directly to your AD, LDAP or your environment to determine whether the username and passcode that someone uses for their enrollment credentials is authorized and authenticated, okay? You can, of course, just use a unique passcode, which MaaS360 autogenerates and sends to a user. Or if you want to create usernames and user accounts within MaaS360, you can do that as well. But generally, people are going to use corporate active directory because those authentication databases already exist. Now notice that I have the corporate identifier as secure demo and then I've got users can add a new device from m.vm/securedemo. So this enrollment URL simply needs to be made available to a device, and then this is the initiator for that device to become enrolled in the MaaS360 portal. Okay? So whether that's sent to the user through an Internet page or an e-mail or an SMS text, whichever way you would like to essentially expose a device to the enrollment URL, as long as you do that, then the end user clicks on that, they go through literally a less than 5-minute process. It's very, very easy if you're using corporate active directory. Then they type in their username and passcode. They hit Next and Okay. There a few screens that are needed in order to enroll, and then that device is automatically enrolled into the MaaS360 portal. Okay? Now you can use 2-factor as well. So if you want username and passcode as well as a unique passcode, MaaS360 can support that as well. And if you're using a SAML provider, you can access that SAML provider in order to have another layer of security for the enrollment process. Okay? So remember I said, we're going to start out with Setup, Services, turn on the services that we want and then go into Settings. And then from here, we're going to decide what our corporate identifier is and how we want that user to enroll and the enrollment URL, and this is the URL that's going to be exposed to a device so that they can then enroll whatever device into the MaaS360 portal. Okay? The next thing we're going to do is we're going to talk about device inventory. So you will notice under Devices, I have Inventory. This brings up a list of every device that is currently enrolled or has been enrolled in the MaaS360 system. And I have the ability to scroll through here. I can search it. I can see the user names, the platforms, the OSs, the last time it was reported into the portal and so forth. Okay? So I'm going to take a look at Scott's device here. Scott's got an Android. And as soon as this pulls up, so this is the summary. Notice that this says Summary. So all of this great information down here is a summary of all of the information from the different subsections that we've pulled from -- or query from Scott's Android. Now if I scroll over Summary, you'll notice that I have a huge complement of additional full sections of information such as the security and compliance of the device, where it is in the network, the applications that are installed and so forth. Okay? So a huge amount of information. Then if I want to, I've got action buttons up here on the right-hand side. So I have the ability to locate the device or message it or buzz it. If I hit more, I have the ability to reset the passcodes, wipe the device or selectively wipe the device, change the policy and so forth. So this makes it easy for your administrators or your help desk operators to come right into the portal, pull up a particular device and make actionable events from these different action buttons that we provide here in the upper right. So very, very easy to do. Okay? So the next section that we're going to talk about is setting security policy on these devices. So if I hover over Security, you'll notice that these 2 top items, Policies and Compliance Rules. Policies essentially are what set the policy on what a device can do or not do, what it has access to. And then Compliance Rules say if one of these policies get broken, then what am I going to do about it? So we're going to check out Policies first. So here's a list of all of my policies. Now I have all of the names that I have obviously given these. But notice that I have under here, under the Type, these are the different types of policies that I can create and then deploy to my various devices. So you'll see some that have operating system icons. So I've got Android and iOS. I've got Windows down here. And then you see a MaaS360 icon here. This is a user policy. So all of these with operating system symbols, these are device layer policies or MDM policies. They apply to the operating system only, doesn't care which user is logged into the device. My MaaS360 personal or persona policy does care who has logged into the device. So this policy will follow a user no matter which type of device, whether it's iOS or Android or Windows or so forth. Okay? So this follows the user. This stays with the operating system. So let's take a look at one of these iOS policies real fast. So I'm going to go into View. And there's quite a few subsection of these, as you can imagine. These are exposed to the operating system, API management, API. And so example here is I've got passcode. Now notice it's device. This is a operating system or device policy. So this passcode is going to apply to the device itself, okay, not to the user or the secure container. So I have a variety of different options I can set, whether I'm going to enforce it, whether I'm going to allow simple, the minimum passcode length and so forth. Okay? Now if I want e-mail, for example, and calendar and contacts to be presented to the local or native e-mail, calendar and contacts on that particular device, this is where I'm going to set it up, under ActiveSync. So right now by default, it's by no. If I check this box, then this gives me the ability to set my ActiveSync server and the host name, whether I'm going to use SSL, the account username. And of course, I can use variables such as percent e-mail percent because it's authenticating against corporate active directory, whether I'm going to use OAuth, how long often I'm going to synchronize and so forth. So when I want to enable e-mail, calendar and contacts to the native mail application on the device, whether it's Windows, whether it's iOS, whether it's Android, this is the way that I'm going to do it, right through ActiveSync. Okay? I save the policy. And then when I want to publish it out and deploy it to different device groups, then I can do that through save and publish. Okay? Let's very quickly look at another type of policy, and that's that user policy. So the user policy essentially is a policy that follows no matter what operating system it is. It doesn't care. So this is how I turn off and on those services, right? Do I want secured mail or secured browser? These are all of the secured MaaS360 applications. And if I set a passcode here, notice that, yes, it has all of the same options, but this passcode is going to be for the secure container and not the device itself. Okay? Now notice, instead of having an ActiveSync icon, we've got e-mail. So this is how I'm going to configure e-mail to the MaaS360 secure mail client and not the native mail client that's given to us by whatever the native operating system is. So it's all exactly the same. It's just a difference of where that information is going to be ingested by the device, whether it's going to be the native mail, calendar and contacts or whether it's going to be through MaaS360 secure mail. So I configure it, and I do all the same things here. Okay? The last thing that we're going to take a look at is compliance rules. So compliance rules essentially say, if a policy says something and it gets broken, then what do I want to do about it? What kind of action do I want to take? Because remember, with iOS and Android, for example, you can't stop somebody from jailbreaking or rooting that device. But I can have a compliance policy that says, well, this is what I'm going to do about it if that happens. So for example, I'll go into my enforcement rules, and I have a variety of different enforcement rules. I can enforce certain operating system versions or whether it's allowed to be encrypted. And then here, we've got, for example, jailbroken, rooted or Windows DHA failure. So I've got a check box. I definitely want a compliance rule on this. And I go down to immediately after an out a compliance event, what do I want to do? I want to alert. But that may not be the only thing I want to do. So I can say, for example, after 2 hours, then I want to change the policy to something more restrictive. Okay? And then if that doesn't work after another 2 hours, then maybe I want to selectively wipe the device, just as an example. Okay? So you've got security policies that state what you can and can't do, and then you've got compliance rules that essentially state if something gets broken, then what do I want to do about it. So just a recap here. We started off on the home screen, taking a look at all of the things that are available there with my alerting structure. Then we went into Setup and Services, and we turned on the services that we wanted to enable for our end users. Then we went into Settings, and we gave ourselves a logical URL identifier, and we created a connection to active directory so that we can authenticate using corporate e-mail and passcode. Then we went into our device inventory, we looked at all of the different factors resolving from that. Then the last thing we do is we look at security policy, the policy from a user perspective as well as a device perspective and the differences between them. And the last thing is we took a look at compliance rules. So I want to thank you very, very much for attending this very quick and very short introduction to how to set up MaaS360 for your users when we are enabling these remote services maybe for the first time. So I hope everybody is safe. I hope everybody is well. Thank you very much, and I appreciate everybody's time.

Great. Thank you so much, Eric, for that demo, and Ryan, for your presentation. Next, we'll move into a Q&A portion of the webinar. I do see that we have had a few questions that have come through in the portal. So I will read the question out loud and direct it for either Eric or Ryan's answer.

Our first question is how quickly can I enroll 1,000 devices in MaaS360? And this question would be for Eric.

So to answer the question, since MaaS360 is a cloud-provided platform, we have absolutely no technical limitations on how fast or how slow you enroll devices. We have customers that have 250 devices. We have customers that have 250,000 devices. So frankly, as fast as you want to handle your deployment, we can support you no matter what the speed of that deployment is. IBM, for example, was doing approximately 7,000 a week way back when, when we were deploying MaaS360 right when we first started to deploy it. So any speed is good with us.

Great. Thank you for answering that, Eric. And our next question is, does MaaS360 replace a client management tool? And this question would be for Ryan.

It's a good question. So it's not so much should we replace the client management tool. It is something that has been discussed by analysts, such as Gartner or Forrester as a future state for endpoint management. The idea that modern management will eventually supercede UEM and CMT as separate platforms. The concept that any device or any laptop or desktop managed through a Unified Endpoint Management solution will also have patching, updates, the distribution of legacy apps and files. But then any other CMT type responsibility also available through that UEM. So everything is truly a single pane of glass. But again, that's a future state. That's something that is expected within the next 5 years according to analysts. So right now, the story is really more along coexistence, being able to manage through UEM, the same devices that are managed through that CMT tool and just being able to compare notes against the 2 teams that are managing each of those solutions. So you still have the ability to secure those devices with UEM policy while also being able to take necessary actions through the CMT. So you have that -- and you also now have the cross-team visibility and accountability as well. So no, it's not meant to replace anything just yet, but it is meant to coexist and enhance the capabilities that CMT management already has.

Great. Thank you, Ryan, for that answer. This question -- I don't see any other questions in the queue, and we will move on to close out the webinar. So please feel free to reach out to our speakers from today, Ryan or Eric, and you can do that using the tab on the right. Their e-mail addresses are also there in the Resource tab, and we would be happy to take any additional questions you may have or follow-up with you.