Share This Post


Reduce the Risk of Mobile Apps in the Enterprise

By Christian Hindre', EMEA Sales Director, Flexera Software

Translated from an article on

Encouraged by widespread BYOD approaches, more and more mobile applications connect to enterprise systems and corporate data, without CIOs and IT leaders being aware. This risk was recently illustrated by the case of Flashlight App. The free app, which enables the smartphone to use the flash as a flashlight, secretly recorded the personal user information (location of phone, owner information, etc.) to convey to advertisers.

In fact, an alarming proportion of mobile apps used in the companies are able to access sensitive device functions, or promote risky behavior that are contrary to internal BYOD rules. Without precise knowledge of these applications and what they do, companies face a risk.

App storeApplication Readiness Process

Ensuring that employees have access to approved and authorized apps is a major challenge for companies. Public app store apps are easy to download and have become the first place where employees connect when they need an application for work. But as Gartner points out, "The application download on mobile devices from public app stores upsets IT security strategies and acquisition applications. "

To protect data, while allowing employees easy access to applications they need, companies must establish protected app stores, and test applications for compatibility and compliance with corporate policies. The speed at which new applications and updates can be tested and made available will be a decisive factor in encouraging employees to turn to the company's enterprise app store first.

Many companies use the best practices and automation functions of the Application Readiness process to manage their existing Windows desktop applications. This process consists of six Application Readiness steps:

• Identify the applications to avoid compatibility problems applications and streamline the process, IT management must first identify all the applications that are deployed in the company and have a clear overview of the measures needed to support applications that support activities.

• Rationalize – validate and eliminate redundancies: IT managers should check whether it is necessary to continue to support some applications, and streamline all deployed products and versions. This process of consolidation and reduction not only helps to save money and reduce the costs of migration, infrastructure, and support, but also can reduce unnecessary licensing expenses and non-used software.

• Check compatibility with the environments and packaging formats specified: CIOs can reduce support tasks applications by first determining whether those applications are compatible or not with the existing environment. This involves testing applications in relation to the operating system, the browser and hardware devices. It is also necessary to check whether applications will run on the future environment, and test compatibility with the operating system.

• Plan resources: Companies should consider the hardware devices and software, and check the potential conflicts between operating systems and applications to accurately calculate the costs and delays.

• Package and test for target environments: companies today deploy their applications on multiple environments (on-site, cloud / virtual, mobile). Changes are often necessary and it is often necessary to convert the applications in new formats. Ideally, you should favor an approach "packager once – deploy everywhere"

• Publish applications for deployment: once all the applications deployed in the enterprise are identified and verified to determine which versions of need to be migrated, application packages are deployed and made available to end users. Some companies set up enterprise app stores to allow employees to download the business applications they need. If the app store is also integrated with Software License Optimization process, self-service is in accordance with the licensing agreements and financially controlled.

Standardizing and automating the Application Readiness process for physical, virtual and mobile applications promotes agile deployments and better quality. Automating the entire process, from the request of the user to the installation of the application on the device of their choice, guarantees a better experience and eliminates any manual errors. This not only reduces risk but also improves employee satisfaction and reduces the dependency on "shadow IT".

Principles of Application Readiness applied to mobile applications

Seemingly harmless mobile apps that employees regularly install on their mobile devices can carry a threat to the company. Mobile apps can potentially access confidential data, personal or sensitive such as contact lists, photos and schedules. In addition, apps can access social networking accounts via mobile device or capabilities such as GPS, camera, audio recorder, etc. In fact, many mobile apps have "hidden" features that can be used virtually by malicious people.

The risk for companies is high because most IT managers do not have the same visibility and the same control over the behavior of mobile apps that they have with conventional enterprise desktop software. It is therefore necessary to adopt the same processes and best practices for Application Readiness to prepare mobile applications and make them available, build institutional knowledge about behavior and thus significantly reduce the risk.

Also, thanks to the automatic check of functions and configuration of applications, CIOs can determine which functions of the mobile device are used by the app, and more easily define the rules of use and behavior to minimize potential risky apps. This approach, in addition to reducing risk, improves the user experience by enabling employees to use applications that are approved and authorized with confidence.

Teams already familiar with the procedures in place to reduce risks

Many corporate are recruiting new teams to manage mobile applications and security issues associated with them. However, the existing client management teams have all the necessary experience. CIOs who already rely on good practices, processes and technologies of Application Readiness to deploy their applications can safely apply the same principles to mobile apps. With this approach, companies can simultaneously improve operational efficiency and establish a standardized procedure for deploying all applications. Adding mobile applications simply means extending existing processes to mobile formats, additional operating systems and deployment solutions, such as mobile device management systems.

Application Readiness has already proven its ability to handle new formats (such as virtual applications) and new OS's (such as Windows 8.1 or Windows 10). The same team can also arrange to prepare the PC applications for access via mobile devices with Citrix / RDS. Using a single Application Readiness process, allows for standardization and consistency across all the company's applications – including mobile apps. Benefits from the knowledge and experience of the teams in place makes sense, and results in greater agility and lower IT maintenance costs.

Even the most innocent mobile app can turn into major risk for companies that ignore how the configurations and features can access sensitive data and potentially disseminate this information despite internal rules BYOD. By adopting a global approach to manage the full life cycle of applications, companies can rely on the teams, expertise and existing technologies to test mobile apps, understand potential threats and take appropriate action.

For more information on Mobile Application Management register for the research report, from Flexera Software with input from IDC’s Amy Konary, research vice president – software licensing and provision at IDC – The BYOD Trojan Horse: Dangerous Mobile App Behaviors and Back-Door Security Risks, that examines whether enterprises are aware of the risky behaviors associated with mobile apps that can compromise data security, and what they are doing about it.

Share This Post

Don Hite began writing as a columnist for Rod Trent on SWYNK.Com (Now Enterpriseitplanet.Com) in the winter of 1999. In January of 2002 he co-founded the Kansas City Regional Systems Management Users Group (KCRSMUG) along with Janis Keim. Don is the eldest of four children and was born in the Army hospital at Wurzburg Germany in November of 1957. After living in Bad Kissingen Germany for the first few years of his life the Hite family moved back to the United States after his father retired from the army when Don was still in kaki army diapers. Educated by trade as a commercial master electrician Don made the career change from terminating Copper Conductor cable to terminating Ethernet cable in the early 1990’s. Don is married and lives on a farm in rural Kingsville Missouri with his wife Virginia (Ginny) and has a Son Lee, Stepdaughter Lisa and an 11 year old grandson named Blake.

Leave a Reply