Mobile apps are exploding not only in the consumer world, but also in the enterprise. Apps are not all about games and social media. Mobile email, calendar, Evernote and QuickOffice are just the beginning of the business use of mobile apps. Enterprise mobile apps drive the need for Mobile App Management.
Today, a new generation of private enterprise mobile apps is being developed to make business operations more productive, turning enterprises more agile. These may be off-the-shelf ISV apps that are customized for the company, or home grown in-house apps. For example, mobile apps from SaaS enterprise application providers like Salesforce.com and Workday provide more flexible anywhere access to business applications and enterprise data in the cloud.
Similar in function to the Apple App Store and Google Play stores for public or market apps, a private enterprise app store helps to provision and configure internally developed or customized apps for the organization, as well as easily distribute and refresh them over the air. The enterprise app catalog then presents private apps that employees can download and use. By configuring security in user access profiles in MDM, it becomes easy to establish access control, push and update apps over the air, manage app versions, and remotely remove apps and content from devices as needed.
As an added benefit, internal apps can be published securely to the enterprise app store without requiring disclosure or approval from a third party such as Apple or Google. Apps can be configured to be viewed and run only by the employees who have the appropriate access privilege at defined locations within specified time windows, gaining more control over mobile enterprise access and mobile app management.
What about employee owned devices? The premise of BYOD is to offer employees the flexibility to use their own mobile devices, not only for their own private use, but also to connect seamlessly to enterprise resources, simplifying user experience and promoting employee satisfaction. Enterprise data access from BYOD devices bring a whole slew of new risks that need to be managed carefully, with policies that are consistent with the organizational culture, balancing the goals of protecting and safeguarding corporate data while ensuring personal privacy of employees.
Most BYOD users download all sorts of apps—from Dropbox to Angry Birds—that add risks and distractions in the enterprise. Such apps can lead to data leakage, increase chances of malware infections, or distract workers, making them less productive.
Recently, there was raging debate on whether companies should put in place enterprise app stores for mobile app management in BYOD environment. While this particular debate favored a private enterprise app store by three to one, this question needs to be answered in the context of your company. Bear in mind that your answers are sure to change over time, as your organization evolves in its size, mobile enterprise maturity and BYOD culture.
To gain control over mobile apps used by employees, organizations should carefully implement mobile device security and usage policies consistent with their industry practice, company culture and stage of BYOD adoption. Blanket mobile usage policies such as “blacklist” and “whitelist” may not always be appropriate for BYOD. Instead, consider the following BYOD best practices for mobile app management.
The first step for taking control is pushing mandatory apps such as MDM on BYOD devices and alerting users and administrators of its installation or removal.
Then, organizations can put in place time and location based controls on app usage with “geo-fencing” restrictions. For example, blocking applications such as “Facebook” at the work location while the app can be accessed at home or outside the boundaries of the work location helps increase productivity while providing flexibility.
The ability to remove apps safely from a BYOD device is the key in protecting corporate data upon employee termination. With an integrated mobile security and mobile apps management solution, features such as remote locking of devices and full or selective wipe of lost or stolen devices come in handy.
In addition to restrictions based on user privilege, granular access control policies for enterprise mobile app management can be set using location window. For example, in order to assure SOX compliance, policy can be defined and enforced so that a financial app for quarterly closing may be accessed and run only by a subset of the company’s financial accounting team responsible for the closing, on site during business hours, using a company issued device.
By building private enterprise app stores, companies can take control of mobile apps in the workplace. Mobile App Management works best when integrated with a Mobile Device Management solution.