alotofpeople - Fotolia
IT administrators should consider deploying mobile user experience policies that give the best possible UX without compromising on security or productivity.
Whether organizations deploy corporate-owned or BYOD devices running Apple iOS or Google Android OS, there are some common guidelines that can help users get their work done and reduce the need for user training and helpdesk tickets.
1. Keep it native whenever possible
Most users can pick up a smartphone and begin using it with little to no training, so it makes sense that anything IT deploys to the device should maintain the look and mobile user experience they are used to.
Separating apps and data based on whether they are for work or personal use can create a usability barrier, but it is possible to keep personal and work data separated without implementing an overlay UI in most cases. This is important for corporate-owned, personally-enabled devices and BYOD smartphones and tablets that will have plenty of personal data on them.
IT can still deploy local data partitions while maintaining a native appearance and allowing users to arrange the app icons however they want. This isn't always an option with BYOD deployments, but where there isn't a specific need to change the native UI, IT should maintain it.
2. Single sign-on
Securing mobile applications often requires an additional step of user authentication to access. Users will have a difficult time remembering unique passwords for each application, and this can lead to users either opening their productivity apps as little as possible or re-using passwords across apps.
This type of password reuse can compromise security, and obviously organizations don't want to discourage users from working with their mobile business apps. Single sign-on (SSO) for mobile apps, whether in-house or cloud-hosted, can help IT avoid a poor mobile user experience.
3. User testing for in-house apps
Too often, IT develops in-house enterprise mobile apps and rolls them out without significant user testing. Beta testing is a useful step in the mobile development process, and user feedback can often highlight issues in functionality that developers could not foresee.
Organizations should seek honest feedback from users; after all, they will be the ones who have to interact with these mobile apps daily. Their input could unveil a key flaw or inefficiency that might hinder the overall success of the rollout.
4. Keep security invisible
Using SSO is only a part of IT's goal to keep security invisible but effective. When a user presses an icon for an app, they expect to access that app and the required data immediately.
If the mobile app requires a VPN connection, IT must ensure that the device initiates this connection silently with the proper per-app VPN configurations. Mobile admins could also deploy a client associated with users' business apps so they don't have to switch between multiple apps to start being productive.
It is also worth replacing passwords with certificates whenever possible. This allows secure sign-on for cloud applications and can cut down on help desk tickets and calls when a user changes their network password and, for example, the mobile email app stops working.
Most cloud-based enterprise mobility management (EMM) platforms now support security assertion markup language or OAuth protocol for sign-on. Not only does this improve mobile user experience, but it can prevent users from accessing cloud applications via unapproved personal devices.
5. Limit user notifications
If a device becomes compromised in a manner that the user cannot resolve, alerting the user on the device is of no benefit. Mobile threat defense tools can be particularly noisy if IT configures them incorrectly, and these tools should only alert users when they need to take action.
For example, if a user attempts to access an inappropriate site, they will see in their browser that they have been blocked. Additional automated emails and pop-ups do not provide any value in most cases. If notifications provide no additional value to the user, they will only cause distractions and hinder the mobile user experience.
6. Accept app permissions for users
Most EMM platforms allow admins to accept mobile app permissions on behalf of users for managed apps. This helps IT push out and activate mobile apps without requiring user input. For iOS, the option to accept permissions still largely rests with the user, regardless of the app's source, but silent iOS app deployment is possible on supervised mobile devices.
7. Enrollment programs for onboarding
Regardless of whether organizations deploy Android, iOS or both OSes, streamlined device setup is available. This presents no additional cost to the organization, so there is no reason not to implement these setup methods.
Instead of the OEMs delivering the devices to IT departments for staging and re-boxing, organizations can instead pre-register these devices with the appropriate enrollment program. This way, OEMs can ship mobile devices directly to the desired office or the work location of remote users with the factory seal intact. Users can then enroll devices quickly with very little input, and this method allows mobile admins to restore devices to a working state if they ever need to be wiped.