Addressing new challenges in enterprise mobile management [Q&A]
Although many enterprises are keen to deploy mobile apps for their workforce and to support BYOD and extended working, they've often been held back by traditional app distribution options. Historically this has required IT organizations to bring devices under management -- for corporate owner, corporate liable, and BYOD devices -- which can put a brake on enterprise mobile app deployments.
To find out how new approaches can allow data to be secured at the app level, we spoke to Mark Lorion, Chief Product and Marketing Officer at mobile app management and security company, Apperian.
BN: Is a lack of flexibility in app distribution holding back the implementation of mobile strategies?
ML: In the past, Enterprise Mobility Management (EMM) platforms were the go-to for enterprise mobility initiatives. But because they typically require that a Mobile Device Management (MDM) 'profile' be installed onto a users' device, it requires IT to bring the device under management before any apps or content can be deployed to the user. This isn't really an issue for corporate-owned devices, but with the move to BYOD many users are not willing to allow the IT organization to install MDM profiles and control their personal devices. Similarly, many organizations want to enable their business partners, contracted workers, dealers, and other non-employees with mobile apps and those users often will not -- or cannot -- have their devices under management. In other cases, a mobile device may be under management by another IT organization (could be another company or another agency in the public sector) and therefore can only receive enterprise apps from one source (because mobile devices can be under management from one MDM profile.) These scenarios reflect users who are unreachable using traditional EMM platforms.
A big shift that has occurred in the mobility industry is the move toward app-level security and management. This best-of-breed mobile app management (MAM) approach applies policy to each app and enables the app to be deployed with appropriate security and management controls so that MDM is not required to ensure the safe delivery and use of the app. When policy is applied at the app level, instead of directly on the device, enterprises can maintain security and management control without having to issue corporate devices, or install policies on users’ personal devices.
BN: How does applying security policy via the app rather than the device help?
ML: Applying security policies to apps enables fine-grained levels of control, security and management capabilities, without requiring that device be under management. A truly effective approach to applying the policies to each app can be done via a dynamic 'wrapper' that will apply desired policies directly to the app itself and without requiring that developers make code changes or use SDK's. For example, app-level policies can allow IT to lock access to an app, or wipe data on a specific app, or require two-factor authentication for app access, and more – without MDM being on the device.
One huge benefit of this approach is that the app can be deployed anywhere -- with or without MDM being on the device. This means those unreachable users highlighted above are now within reach of corporate mobile apps. Another benefit is that it allows the organization to apply many additional layers of security and control over the app, making the app suitable for deployment in highly secure settings.
All of this increases the number of potential users who can be served and drives the adoption of mobile apps while reducing the burden on app administrators. This allows organizations to focus on what matters most – building critical apps for their employees and getting them into the hands of 100 percent of users.
BN: Does this improve the experience for employees too?
ML: Yes. Modern workers tend to move back and forth between personal and work activities on one device. By allowing them to do so without encroaching on their personal device and data is becoming an expectation, especially with the proliferation of BYOD. Employees can feel confident in their ability to work from any location, without giving their employers access to the entirety of their personal information.
The app-level approach to security and management is less intrusive, but it also creates a more secure app and one that offers a smoother user experience. If an app is updated on the back-end, policy can push that update to a user directly, without them having to proactively go look for a download. IT can also gain remote access to help troubleshoot any challenges with the app. There’s no learning curve, or foreign platform users need to access apps through. It really creates a more native experience, similar to the way users experience consumer apps.
BN: Is this only for larger enterprises or does it scale to smaller businesses too?
ML: If an organization has an app that is important to securely get into the hands of all possible users, then a MAM-based approach to app security and deployment should be considered -- regardless of company size. In the past, larger organizations tended to be the early adopters of this approach, mainly because they were the early developers of mobile apps for enterprise use. With the costs and complexity of developing mobile apps decreasing while expectations of mobile-enablement by workers increasing, organizations of all sizes will face these requirements.
Virtually every worker has a smartphone today -- and many of them are doing work in places other than a traditional office where they'd have access to more business technologies. Apps that streamline workflows that can have a significant impact at SMBs, too, when it comes to business-critical processes such as sales teams closing deals or writing contracts on-the-go.
BN: What safeguards are in place to deal with lost devices, employees leaving the company, etc?
ML: The app-level security and management offered by a best-of-breed MAM platform should provide a number of controls to handle these scenarios -- all without requiring the use of MDM on the device. There are a variety of access controls, such as passcode access or 2-factor authentication that can be activated to keep an app from launching. There are 'data wipe' policies that allow centralized administrations or security personnel to remotely delete all data contained in the app or they can force updates to the app, which render it useless. These approaches and others can be activated remotely and without requiring that the devices are under management. This provides tight security controls over just the organization's apps without affecting a user's personal apps or data.