Application Readiness Strategies for Reducing Mobile Application Management Risk and BYOD

With the meteoric growth of mobile Bring-Your-Own-Device (BYOD) in the enterprise, IT is facing an existential crisis. How does it enable and empower employees yearning for mobile access to enterprise applications and data – without sacrificing security or control? How organizations ultimately resolve this crisis is yet to be determined. But the strategy IT adopts will forever brand it as facilitator or inhibitor of the inevitable, democratized mobile workplace.

Formerly,  IT had a monopoly of control over devices, operating systems and applications, which made it much easier to ensure systems were working as intended and the organization was protected from risk. IT distributed the approved devices, operating systems and applications. Behind the scenes it conducted all the Application Readiness prep work – testing applications for compatibility with OS’ and devices, fixing problems, and then handing off the approved application package – assured it would function properly – to the deployment system for distribution to the employees.

Now comes Mobile and BYOD and everything is rapidly changing. Central control over IT systems is rapidly disintegrating. As employees ask for (and get) the devices and applications they want – empowered by management – IT must respond, without sacrificing safe, reliable systems.

This is a daunting task in light of new risks introduced into the workplace. And it’s creating some heartburn. How can IT manage as employees connect their devices to the corporate network, all the while replacing their phones and tablets and updating operating systems and apps at will?

For instance, how would IT know whether a stock traders’ financial app, which moves millions of dollars in securities at the swipe of a finger – will work tomorrow when the trader upgrades to iOS 8? How can IT know that an employee’s cloud-storage app is capable of moving sensitive corporate data outside of the firewall to an unknown environment? How would IT know that a notes app an employee is using to track sensitive customer data can connect out to email, texts, Facebook and Twitter – making it easy for the employee inadvertently to leak confidential data out to the world?

IT needs to expand its Application Readiness processes and automation capabilities to accommodate the new world of mobile devices, operating systems and apps. To do this, it must address two fundamental questions:

1) Will the mobile environment break your apps?

2) Will the mobile apps compromise your environment?

This question is important, because in the mobile world – IT no longer controls the devices, operating systems and application versions accessing corporate data. Employees are constantly purchasing new phones and tablets. And they’re also completely free to upgrade to a new OS whenever they want.  As a result, IT can no longer know for sure whether corporate-approved mobile apps will function on the myriad devices and operating systems employees are actually using.

So, while IT may no longer be able to control the environments – it can test apps’ compatibility with those environments so that it can warn employees ahead of time when an upgrade will break the app.

How IT conducts these tests is a matter of strategy. Some organizations will throw more headcount at the problem. Some will acquire new testing tools. But best practices dictate that organizations should incorporate mobile application management into their existing Application Readiness processes so the same effort and technology solution around testing and repackaging can be used for all applications – including mobile.

Sophisticated Application Readiness solutions already do this. They enable automated compatibility testing for mobile devices and operating systems – at the same time as tests are conducted for on premises, web-based and virtual apps – saving time, money and headcount.

While an organization may not be able to control whether a financial trader upgrades her iPhone or OS, it can learn ahead of time whether her stock-trading app will work in that new environment. This gives IT the opportunity to warn traders not to upgrade their iOS until the detected compatibility issues have been resolved. IT can be a hero in preventing the previously functioning app from breaking – and in the process head off the mobile meltdown that would otherwise ensue had that app broken – with millions of dollars on the line.

IT must also be able to address the second critical question in mobile application management. Will the mobile app introduce risk into your environment? Does IT know what the app does? What device features it can access? And whether those functions comply with existing corporate policy or require new policies?  

For example, how would IT know which apps employees use for business-related (a.k.a. confidential) purposes that can also access Facebook?  Twitter?  GPS function? Camera?  If this question can’t be answered, IT has a security problem.

All organizations need to enhance their Application Readiness processes to identify the mobile apps that display behaviors that may introduce risk to corporate security and data privacy. These tests can be done manually. But Application Readiness best practices would dictate the use of tools that provide automated processes that look inside the mobile app property files and APIs to understand what features the app is accessing on the device, in order to identify apps that exhibit risky behavior. Transparency to these behaviors will help enterprises establish mobile application management policies and configuration profiles designed to reduce risk.

Today mobile is creating risk and disarray – tomorrow it will be something new. Organizations must address these issues around BYOD and mobile in order to secure their corporate data and prevent unacceptable risk today. 

The bigger question is how to address this issue efficiently and cost effectively tomorrow, and the day after that – across all environments (on premises, virtual, cloud, mobile, and whatever comes after that) and across all devices. Companies need the confidence that the approach they choose will accommodate today’s needs as well as change that is inevitably around the corner.

How organizations execute their Application Readiness Strategy and implement appropriate automation will determine how well they are prepared to meet the challenges of the future.