Enterprise app stores became a “thing” last year. Initially it was part of businesses’ struggle to control the mobile app boom on employee-owned devices that also access company data, a.k.a. Bring Your Own Device (BYOD). Since then, the enterprise focus has been on refining the App Store concept for internal use, although the primary reasons for having an enterprise app store – namely to enhance corporate security, industry compliance, and employee productivity – have grown by one: to avoid the potential of FTC compliance entanglements.
There is no question that controlling mobile software is essential to effectively addressing an enterprise’s security and compliance concerns. However, previous efforts to restrict app use by outlawing certain apps via company policy failed miserably and fueled the ever-growing Shadow IT. Those same efforts also cost enterprises dearly as IT departments stretched already-limited resources trying to fight the wildfire of app spread.
Meanwhile, the recession made employees job-scared and thus intent on increasing their productivity in order to protect their own incomes. When apps appeared on the consumer scene that could increase their work productivity, the employees circumvented IT and flocked to the apps in droves. Productivity went up and corporate protections fell apart.
Digital Danger Zones and the Rise of Regulation
Now along comes the FTC declaring online mobile app stores, yes, even and especially app stores operated by Apple and Google, as “digital danger zones.”
While the FTC’s focus so far is limited to child privacy concerns, the underlying message is not lost on enterprises: Commercial apps enable unknown parties to collect and share data that users assume to be private. This does not bode well for companies that are trying desperately to make a stopper for mobile security leaks. It also may be an omen of things to come in the way of new regulations concerning app oversight with which enterprises may soon have to grapple.
And so it is that app oversight takes on a heavier meaning and a renewed urgency.
Perhaps that is why Symantec’s 2012 State of Mobility Survey found that 71% of businesses are looking into implementing a corporate app store post haste.
“While enterprise app store adoption is not yet mainstream, there are certainly early adopters and the vast majority of companies are planning to have app stores at some point in the future,” says Brian Duckering, senior manager of the Enterprise Mobility Group at Symantec, a security products provider and makers of Norton Antivirus software.
App Store Shape-Shifting
While the reasons for launching and maintaining an enterprise store are compelling and growing, the overall shape of app stores has yet to gel.
“There will be an entire spectrum of models, from corporate-owned and managed devices with on-premises backends and app stores, to BYOD hosted models with consumer-style app stores, and they will all have a place,” says Duckering. “In the end, however, I think BYOD initiatives will ultimately drive what mainstream enterprise app stores look like and how they are implemented.”
The first step an enterprise needs to take in developing its own app store is to map out which apps it will include. Will the app store contain only apps the enterprise itself created or will it also offer third-party apps? If it allows third-party apps, what should the requirements be to pre-qualify the app for inclusion?
Be aware that the process for including third party apps in an enterprise app store is not as simple as selecting them at will. For example, Apple iOS apps have strong competitive protective restrictions in place. Pay close attention to the iOS Enterprise License Agreement and counterparts found in other app stores.
If third-party apps are included, does the enterprise also need further protection, such as app containerization? Such protective steps should be mapped out and included in cost projections and policy as well.
“The most successful enterprise mobile apps are lightweight and focused, like their consumer-oriented counterparts,” says Nathan Clevenger, author of iPad in the Enterprise.
“What may be just a single enterprise application on a desktop PC might actually translate most efficiently into a half-dozen different workflow-specific mobile apps,” Clevenger adds. Plus, he points out, not every user needs every app. “An enterprise app store is critical to filtering and sorting the apps so that the appropriate users can easily see and install the apps they need.”
Don’t forget to also review licensing and costs issues pertaining to support.
The next step is to decide who is allowed to use the app store. Employees only? Or can partners, vendors, or industry peers use your app store too? Allowing peers to participate can reduce costs and speed development, but may raise additional security issues.
Allies and Monsters
Why should you consider peers, key vendors, and even competitors as collaborators on your enterprise app store? Because apps are not simple plug-and-play components in the corporate world. Back-office integration, scalability, security, and compliance are time- and cost-eaters and are better subdued under the force of many.
The big surprise in all this is the role your own employees are likely to take in supporting an enterprise app store in their ongoing struggle to retain control over their own devices. Employees are not happy with the privacy intrusion mobile device management (MDM) brings, not to mention their fury over the occasional accidental wipe of everything on their phone in the name of corporate security. More than one lawsuit has sprung from the backlash.
Enterprise apps, on the other hand, are neatly compartmentalized on the device so enterprises can remotely lock them down or erase them at will without disturbing any of the employee’s personal data, private apps, or the functionality of the phone.
“An app-centric approach is much less intrusive to the overall mobile experience,” Duckering explains. “It is a better solution than MDM to address the complex privacy and liability issues that are coming more to the forefront of current discussions, especially around BYOD.”
Once word gets around on how un-intrusive enterprise apps are, employees are quick to embrace them. Indeed, employee enthusiasm can even fuel the growth of the app store.
“I believe mobile application management (MAM) might end up being the catalyst needed to move corporate app stores forward more quickly,” says Duckering. “I don’t mean simply MDM that has added MAM features, but rather the other way around.”
Four Problems, One Cure
While one could easily make the argument that employee enthusiasm and high-adoption rates of enterprise apps are almost reason enough to have an enterprise app store, there are specific reasons beyond that as to why it makes great business sense to do so.
First and foremost is the increased security. If a company does not offer enterprise apps, or offers too few or poorly made apps, employees turn to consumer apps. No ifs, ands, or buts to that; indeed, odds are you are already seeing heavy consumer app use in your organization. Consumer apps in the wild are less secure than enterprise apps or enterprise-approved third-party apps. Nonetheless, your company data will be tucked away in consumer apps, beyond the reach of your security measures, if you do not provide safer and better enterprise alternatives.
Increased compliance and reduced legal costs and headaches ties for first place. In heavily regulated industries such as healthcare, compliance is arguably a bigger issue. However, nearly all industries are required to meet a bevy of regulations. Enterprise apps ensure compliance; consumer apps do not. Unless you’re willing to take a huge gamble, an enterprise app store is your best course of action.
Enterprise app stores can help prevent the formation of new regulations. The FTC is currently nosing around commercial apps that expose children’s private data to unnamed third-parties because app developers and app stores are not proactively addressing privacy concerns themselves. Instead, developers tend to throw everything in the app soup in the hopes they’ll meet future app store demands; thus privacy issues lose out. Commercial app stores, on the other hand, are looking only at meeting consumer demand; in the absence of consumer complaints, privacy becomes a non-issue.
This being the case, the FTC investigation could broaden and so could the resulting new regulations. To prevent entanglement with the FTC and other agencies, it’s best to contain corporate data to enterprise apps where the organization can proactively address potential problems and avoid both unwanted scrutiny and potentially new regulations.
Increased employee productivity. Almost no corporation can function without a mobile component these days. Indeed, every IT department spends a great deal of its time issuing mobile devices or networking in BYOD and managing the data on all of it. But simply having mobile devices at the ready is not enough to get the job done.
Increased productivity is the number one reason employees turn to commercial apps in the first place. The apps are easier and faster to use than signing on a company or SaaS website with a tiny screen keyboard and waiting on the download. The apps are lightweight and designed to fulfill a specific need. All told, employees find that commercial apps are the perfect fix for whatever ails or annoys them. You can leverage the desire for increased productivity by providing apps that: fulfill the business user’s specific needs; are integrated with other company software; and that can capture unstructured data. Plus, you keep company data inside the company where it can be secured.
As to reasons not to have an enterprise store, no one of a modicum of credibility has yet been able to find one. Providing of course that the enterprise app store is set up well.
Expect to see a variety of enterprise app store models and refinements but almost universal adoption of the concept across all industries.