Intelligent tablets and smartphones are quickly becoming the primary personal communications and computing platform for business. However, they introduce cost, risk, and usability challenges that traditional mobile device management strategies cannot address. MobileIron was founded to bring simplicity to the chaos of smart devices in the enterprise. We spoke to the company’s CEO, Bob Tinker, to find out more about its approach to simplify the problem for IT, finance, and end-users by moving smartphone data to the enterprise cloud.
How and why are mobile apps being developed for the enterprise?
There has been a massive wave of app development and adoption in the consumer world over the last couple of years and now it’s hitting the enterprise. Mobile devices are now an essential corporate computing platform. Lines of business and IT departments are building apps to solve business problems, improve data collection and to make things go faster. It’s simple and inexpensive to build mobile apps and, as a result, it’s unleashing a wave of innovation we call the Enterprise AppStorm.
One of our customers has an in-house mobile app development team that has built 16 corporate apps in the last two years—from modeling tools for scientists to an app for reserving conference rooms. These new mobile apps are radically different than the old big iron mobile apps companies used to develop and implement. They are no longer the “go spend $1M to extend ERP to mobile.” Instead, the new mobile apps are more focused on specific needs and deliver a positive user experience. The latter part is a big change. Customers are investing an enormous amount of thought into the user experience for their mobile apps—a new way of thinking for IT.
This mindset shift represents a monumental the change in the user/IT relationship. IT’s approach used to be parental: “we are going to dictate what you can do and if you don’t do it you will be punished.” Now IT is taking an entrepreneurial approach: “we need to use mobile to make business go faster and therefore the experience needs to be simple and intuitive.” One of our customers in the healthcare industry transformed their patient intake and patient care delivery with tablets and specialised mobile apps, drastically improving efficiency and patient satisfaction. It’s a great illustration of how companies can use mobility to transform their businesses.
What security and management challenges does this pose?
A lot of app development is happening outside of IT. Lines of business are developing the apps they need for their work and IT may not even be aware of them. It’s great that groups are taking the initiative on their own to build the tools they need but what if these apps are accessing sensitive corporate data? That creates a big security and compliance headache.
We think the most important thing for IT is to own the last mile. This means ensuring the app is properly secured, for example, integrated with the company’s certificate authority. It also needs to be distributed in a centralised way so that only company users can discover and download it.
Most companies are not going to post a proprietary app in a public app storefront even if the data can only be accessed by employees. Enterprises want to combine the discovery, recommendation, and distribution of the consumer app storefronts with enterprise-grade security and management. In short, they want their own private enterprise app storefront.
What advice would you give to enterprises looking to develop a mobile app strategy?
The strategy is pretty straightforward: get the good apps to the right people and keep the bad apps out. The complexity is in how you do it.
An enterprise app storefront gives a company a centralised distribution mechanism. This is a great first step but do you want to give any employee the ability to download any app? Probably not. Which means that you need to figure out how to deliver apps to users based on their role in the company, their seniority, their geography, etc. And don’t forget, platform matters too. IT may not want someone to be able to download an app built for a tablet onto a smartphone or vice versa.
From a security perspective, IT wants to prevent users from downloading an app with highly sensitive corporate data onto a device that isn’t fully secured, for example, an older iOS version that does not have encryption. IT also wants to ensure that any app that’s accessing corporate data is properly traversing their corporate firewall.
When it comes to keeping the bad apps out, we find that many of our customers want to be able to blacklist certain apps, meaning they can block a device with a particular app on it from accessing network resources such as corporate email. My advice is to look for distribution platforms that provide 1.) very granular policy controls because distribution can be complex and will only increase in complexity as more and more apps are built, and 2.) ways to ensure that enterprise services are protected from devices running rogue apps.
Lastly, one of the mobile app best practices we see in our customers is to provide their users with a private enterprise app storefront that delivers discovery and distribution. The discovery and distribution attracts the app developers around the company. In return for being listed in the enterprise app storefront, the developer follows best practices for mobile security and management.
What are the main differences between the consumer app stores we all know and love, and the enterprise app storefronts that are being developed?
The big difference is that an enterprise app storefront lets businesses privately deliver in-house apps—this can be for iPhone, iPad, and Android—to their employees without posting them to public app stores. No one who is not an employee will ever see those apps. However, an enterprise app storefront only works if people use it.
As I mentioned earlier, when it comes to mobile, user experience is the most critical component. Apple’s App Store has been incredibly successful because it is easy for people to use. They can easily find and install apps. They get clear alerts when there is a new upgrade. Ideally, an enterprise app storefront should feel as straightforward and intuitive to use.
Companies that have already deployed mobile apps usually have two kinds: those developed in-house either by an internal team or a vendor and external third-party apps such as Salesforce or Box.net. An enterprise app storefront should be able to deliver both to users seamlessly, saving them the hassle of having to go through a consumer app storefront, as well the enterprise app storefront to provision their device.
How easy is it for businesses to implement a centralised process for the discovery, deployment and management of their mobile apps?
There are two ways for companies to set up an enterprise app storefront: 1.) a stand-alone app storefront, or 2.) an app storefront that is integrated with mobile device management and security. Our belief is that private app storefronts that do not integrate with management and security will fail. Here’s why:
- Without knowing a device’s security state, e.g. has it been hacked by the user to get at the file system or does it have encryption, IT is handing out apps with potentially sensitive data inside them to devices with no guarantee that they are secure.
- Without being able to authenticate the device and the user, authorised users could give their credentials to others. This means you can end up with users having information to which they should not have access.
- Without knowing the apps that are already on the device, IT cannot inform users about which apps to install and which need upgrading. This leads to helpdesk calls and frustrated users.
- Without knowing what kind of device a user has, IT may be handing out apps that can’t run on a device, for example, an older iPhone without a forward-facing camera or an earlier version of iOS that doesn’t support the multitasking features the new corporate app uses.
Let me give a couple of examples. Let’s assume an employee has been using their own mobile device for work and has downloaded corporate apps. When that employee leaves the company, IT wants to remove corporate data and apps from their device. If the enterprise app storefront is integrated with device management and security, all IT needs to do is revoke the corporate profile to block the user from accessing corporate apps as well as corporate email. If there is no integration with device management, IT has no way to stop the user from continuing to use corporate apps.
Here’s a more serious scenario: an employee who wants to maliciously distribute corporate apps outside the company. An enterprise app storefront integrated with management and security can identify unauthorised devices and users and deny them access. A stand-alone corporate app storefront has no way of identifying the device or the user so someone outside the company can download a corporate app using the credentials of a legitimate employee. For most companies that’s a terrifying situation. An enterprise app storefront that is integrated with mobile device management and security ensures that corporate apps only get to the people who should have them.
How do you see the market for mobile apps developing/accelerating over the next 12 months?
Enterprise mobility is the most exciting thing that has hit IT in years. In just a few years smartphones, and now tablets, have become central enterprise computing platforms. 2010 was all about figuring out how to secure and manage all these devices. Now, many companies are getting serious about developing a strategy for building and deploying mobile apps.
My prediction is that, in the next 12 months, we are going to see a huge wave of mobile innovation in the enterprise and an explosion of apps. A year from now, mobile enterprise apps will be mainstream and employees will find them as natural to use as their favourite consumer apps. The Enterprise AppStorm is going transform the enterprise landscape and IT needs to get in front of it and prepare.