An admin's guide to mobile application security and delivery
A comprehensive collection of articles, videos and more, hand-picked by our editors
Building an enterprise app store is one way IT departments can rein in consumerization, but these app stores must be user-friendly and secure to be successful.
Thanks to the popularity of mobile app stores such as Apple’s App Store and Google’s Android Market, business users now expect that all applications should be easy to find, install, update and use. And with these raised expectations comes growing concern about the risks to an organization’s sensitive data and proprietary information. Private app stores are a way to offer workers the personalized application management they expect, but doing so under IT’s control.
What are app stores?
In July 2008, Apple launched the App Store, an application distribution platform that lets users browse and download apps directly to their iOS devices. It wasn’t long before other companies, such as Google and Research in Motion, introduced their own app stores.
App stores control distribution and delivery, and they centralize the payment process for users and developers. In addition, app stores offer a forum for user feedback and quality control, so developers can respond quickly to user input. These features have essentially spoiled consumers, who are now using their personal devices -- or company devices with unapproved apps -- to carry out business. And that’s where the enterprise app store comes in.
An enterprise app store does much of what a commercial store does, and more. Only approved users -- i.e., employees -- can access the store to browse and download apps specific to their business needs. The store can include a mix of commercially available apps approved by IT and apps developed specifically for the organization.
In addition, certain apps can be made available for different types of users. For instance, sales employees might need customer relationship management and travel apps, but they should not have access to human resources apps.
Controlling consumerization with app stores
When employees go outside the enterprise to procure applications, they can introduce risks that IT has traditionally mitigated. For example, employees who use Evernote, a free note-taking app, might save confidential information to the Evernote cloud, which of course lies outside IT’s control.
If these employees could get similar functionality through an in-house app, it would be much safer for the organization -- at least in theory. An enterprise app store must provide full visibility into which apps employees are using, how apps are implemented and how data flows. At all times, the app delivery process must conform to IT policies, while ensuring that employees remain productive.
For an enterprise app store to be effective, IT must take into account a number of considerations:
- App management: IT should be able to control which apps (and which versions) a user or user group can browse for and download. IT should also be able to remove apps from mobile devices if an employee changes roles or leaves the organization. In addition, the enterprise app store should allow IT to track details about how employees are using each app.
- Data governance: IT must be able to manage data, enforce policies and ensure data quality as it relates to the programs in the enterprise app store. IT should also be able to remove data from devices as necessary.
- Compliance: App stores should control applications and data in such a way that the organization does not violate any policies, standards, regulations, or laws.
- Licensing: IT should be able to monitor and control the licensing and purchasing of apps from the enterprise app store -- and to reclaim apps should an employee leave or lose a device. Purchases made through the store must go through normal procurement channels and according to an approved budget.
Challenges of an enterprise app store
Building an enterprise app store is a tall order, and one that’s difficult to fill. In addition to the above requirements, organizations must also consider the upfront investments and ongoing costs around such a project. And even if an organization can get its own enterprise app store in place, it doesn’t guarantee that employees won’t use unapproved apps for certain tasks.
Fortunately, the enterprise app store industry is rapidly evolving. Citrix Receiver and VMware’s Horizon App Manager, for example, provide portals through which users can access corporate-approved apps from their mobile devices and PCs. And even Apple has implemented the Developer Enterprise Program, which lets companies publish in-house apps to the Apple Store. (IT is still relinquishing control under this program, however.)
As the consumerization of IT accelerates, organizations must address the growing concerns over security, management and control. Enterprise app stores can be at least part of the solution, provided they meet both business and consumer requirements.