The traditional way of building enterprise applications has centered on the IT organization. In the past, if an application needed to be built, the IT organization was responsible for the end-to-end development, deployment and governance of that app. However, in today’s era of mobile and cloud apps, the demand to create bite-sized, mission-focused mobile apps is growing faster than IT resources and budget can keep pace with.
As a result, business units throughout companies are taking matters into their own hands when it comes to integrating and adopting mobile apps in the enterprise. The advent of cloud and third-party ISV app vendors makes this easy to do outside the purview of IT. Enter the “citizen integrator” or “Shadow IT” as others call it.
Citizen integrators enable business units to get the apps they need in a timely manner on their own accord. Here’s the problem: security and compliance for these apps is still the responsibility of IT. This creates new concerns for IT to address, such as:
How Do We Securely Integrate Third-Party Mobile Apps into Existing Infrastructure for User Context and Identity?
In order to accommodate a heterogeneous app ecosystem, utilizing an open authentication standard is the best, and at times the only, way forward. Luckily, the current state of affairs for open identity protocols are fairly mature. Protocols such as SAML, OAuth and OpenID Connect enable any type of application—whether web, native, or hybrid—to authenticate to an existing backend without having to expose the user credentials to the third party. Many app vendors (including Salesforce, Google and Microsoft) have already adopted one or more of these authentication standards.
Deployment of identity providers such as VMware Identity Manager will become a strategic point of enablement for businesses and apps as we progress further into the next era of end-user computing.
How Do We Maintain the Integrity of the Data in Third-Party Mobile Apps?
For security-minded organizations, certifying each app in the mobile fleet is using adequate data encryption and containerization approaches can be a challenging task—especially when third-party vendors enter the equation.
This problem is best tackled at the lowest common denominator, which is the device and platform layer. IT can use a combination of enterprise mobility management (EMM) policies and native platform encryption (through enforcement of passcode policies) to strengthen encryption of the storage facilities on the device itself where the apps reside. Doing so also ensures alignment with the doctrines prescribed by EMM consortiums and open standards such as AppConfig.org.
At the same time, this warrants some thought around what the definition of BYOD should be moving forward. BYOD should become more than a black-and-white argument of whether the device has a mobile device management (MDM) profile installed. The focus of BYOD should shift to providing end users with transparency into what data is and isn’t being managed and why. Understanding how to foster a contract of trust and understanding for why higher degrees of management are required for access to more sensitive corporate resources will become paramount.
Empower Citizen Integrators with an IT Center of Excellence
There’s a common theme here: IT needs to shift focus from modifying the apps themselves to building out the fundamental platform. The days of IT being the sole builder and distributor of apps are over. Instead, IT will need to evolve to become more of a center of excellence to help citizen integrators carry out their business in an agile, yet governed, manner by providing a sound and secure integration platform for mobile apps.