How to craft an application security strategy that's airtight
A comprehensive collection of articles, videos and more, hand-picked by our editors
As mobile devices continue to pervade the workplace, IT must find ways to deliver and manage the applications and services that employees need to conduct business.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Some organizations might use existing consumer services to meet their business needs, such as Dropbox for file storage and sharing. In that case, workers can simply go to Google Play, Apple's App Store or another public marketplace to download the Dropbox app to their mobile devices. The challenge with this approach is that it puts sensitive company data at risk and provides little way, if any, for IT to control and monitor how employees use those services for business. In fact, public apps and services can be so risky that many organizations ban them outright. True, some consumer services now offer enterprise-level alternatives, such as Dropbox for Business, but even these might not address all of IT's security and administrative concerns.
For this reason, many organizations are looking to other approaches for managing and delivering mobile apps and services, including implementing an enterprise app store, delivering mobile services via a private cloud, building Web-based apps or implementing virtual mobile desktops.
Enterprise app stores
Enterprise app stores provide a mobile app delivery platform that lets users browse and download IT-approved apps. But an app store is much more than an online catalog. Normally, it's part of a larger mobile application management (MAM) strategy that helps IT secure apps and oversee issues related to compliance, data governance, bulk purchasing and licensing. Enterprise app stores also provide a forum for user feedback and quality control, much like consumer app stores.
More on delivering mobile apps
Delivering mobile apps with enterprise app stores and private clouds
Creating a private app store is no small task, however. The store must be able to control and monitor the entire application lifecycle, which includes delivering mobile apps, tracking usage, removing outdated apps and controlling which versions workers use. Implementing and maintaining this type of system can require a significant investment in resources.
In some cases, an organization can tie into a public app store, but there are limitations to these programs. For example, Apple's App Store supports only iOS devices and doesn't give IT the same degree of control available in a homegrown system. That said, a private app store should still be able to interface with the public ones, if that service is necessary.
Organizations have several options for implementing an enterprise app store. One is to build their own using development tools such as StrongNode and Titanium Studio. They can then host the app store in-house or with a cloud-based provider that offers Platform as a Service (PaaS) hosting.
On the other hand, organizations can purchase an out-of-the-box MAM tool and host it either in-house or with a PaaS provider. Companies such as Symantec, MobileIron and App47 all offer MAM software packages. In addition, all three also offer cloud-based services that let an organization set up a virtual private enterprise app store (VPEAS). In fact, numerous companies now offer VPEAS services, including Apperian, BMC, FullArmor and Salesforce.
Private clouds for mobile app services
Delivering mobile apps to employees' devices is only part of the challenge IT faces. More often than not, business apps need access to corporate resources, and systems need to be in place to support that access.
In some situations, business apps can interact with existing systems, such as a customer relationship management product, in which case, the app merely taps into the available application programming interfaces and uses the existing infrastructure.
Quite often, however, an organization must not only deliver mobile apps to its employees, but also implement a system for providing the services that support those apps. At the same time, users expect to be able to work with data in a cloud-like manner. They expect to be able to access data from multiple devices, update the data from any of those devices and have those updates automatically synced across devices. Users also expect to share and collaborate on that data with their co-workers.
Many consumer apps already provide these capabilities, and that's where the private cloud comes in. A private cloud facilitates the type of data exchange users have come to expect with their consumer apps, without the risks associated with public cloud services.
To implement a private cloud, an organization can build its own or purchase one from a vendor such as Hewlett-Packard or Microsoft. Another option is to build a virtual private cloud hosted on one of the many PaaS services that have shot up in recent years, such as Amazon's Elastic Compute Cloud.
However, any option an organization chooses is likely to require a significant investment. Taking a PaaS approach might be easier or cheaper to implement, at least at first, but that means losing control over how and where sensitive data is stored.
Developing an in-house service offers IT more control, but it also means investing in the resources necessary to develop, implement, house and maintain that system across multiple mobile platforms.
Despite the costs, supporting mobile apps with cloud services offers a great degree of flexibility and provides a central access point from which to conduct and manage business.