We live in an app economy! Who can forget the famous campaign, “There’s an app for that,” trademarked by Apple in 2010? Apps have completely taken over our mobile lives over the last six years, making it easier to get nearly anything done simply with your fingertips.
With the impact mobile apps have had in our consumer lives, it is no surprise that enterprise app development is picking up. According to Gartner, demand for enterprise mobile apps is expected to grow at least five times faster than the IT organization’s capacity to deliver them.
Enterprise mobile app developers are being tasked with building consumer simple, enterprise secure mobile apps. The app must provide an excellent user experience, meet organizational security requirements and work across all supported mobile devices within corporate-owned and BYOD programs. IT organizations have standardized on enterprise mobility management (EMM) platforms, such as VMware AirWatch, to deploy, configure, secure and manage mobile apps throughout their lifecycle. In this blog post, we will describe how AirWatch can arm developers with the tools to build apps that are consumer simple and exceed the security and compliance standards of the enterprise.
Technical Approaches to Secure Mobile Apps
Once an enterprise has decided to build custom enterprise mobile apps, the first hurdle is usually determining the technology choice for app development. An organization usually considers app content, existing technical bench strength, cross-platform requirements and resources available before deciding whether to build native, hybrid or web apps. It is not uncommon to see an organization build a mix of all three.
The AirWatch EMM app development platform assists developers in securing and configuring all types of apps.
Native App Development
In order to provide a fully native user experience and to make sure of all the sensors available on mobile devices are available to the app, app developers may choose to develop native iOS, Android and Windows 10 apps. The apps built in a dev environment can be secured using mobile app management (MAM). There are two types of MAM: stand-alone MAM and operating system (OS) MAM.
Operating System MAM
OS MAM is the use of native OS frameworks to manage just the apps and data on the device using a workspace profile. The workspace profile takes advantage of a special OS permission model without managing the device. The OS layer separates business and personal data on the device. With the iOS Managed Apps framework and Android for Work framework, IT can ensure that business data can only flow between enterprise-approved apps to prevent data leakage.
As Apple and Google have started integrating security and data loss prevention (DLP) features in the iOS and Android platforms, more enterprises are taking advantage of OS MAM. Because OS MAM is truly native security and does not require proprietary containers and software development kits (SDKs), enterprises can securely enable all the native apps in the public app stores, as opposed to the limited app ecosystems available from stand-alone MAM vendors. The AppConfig Community provides the tools and best practices for developers to take advantage of OS MAM security and management.
[Related: What Is #AppConfig?]
The AppConfig Community is a consortium of EMM vendors aiming to make it easier for developers and independent software vendors (ISVs) to configure apps for the enterprise by using native APIs found in the OS. Developers and ISVs can simply reference the documentation on AppConfig.org and develop against the consortium-recommended best practices.
Native capabilities documented by AppConfig include sending configurations into an app, enabling app tunneling (per-app virtual private network, or VPN), SAML-based single sign-on, data-at-rest encryption and various other security policies. Enterprises can also choose to deploy external apps such as Salesforce, Dropbox and others that support the AppConfig standards to employee devices while maintaining a higher level of information security. Using the AppConfig Community framework, enterprises are able to quickly develop a more diverse app ecosystem with enterprise-grade security leveraging AppConfig so they can focus on building the best possible user experience.
Stand-alone MAM is the use of a proprietary container to secure and protect business apps and data. Business and personal data are separated using app containers and DLP features built into the app. It requires that the app is built with the AirWatch SDK or AirWatch App Wrapping technology.
For apps requiring more advanced security and configurations, the AirWatch SDK provides enhanced security and management capabilities above OS MAM. Developers simply reference the SDK code library to code specific features into their application. Advanced capabilities include password policies, compliance detection and action, data-at-rest encryption, integration authentication, dynamic configuration, logging and analytics and more. The AirWatch SDK is great for organizations deploying apps on devices where users do not want to put an enterprise MDM profile on the device.
AirWatch App Wrapping is another method of securing and configuring apps. App wrapping adds a subset of SDK security and management capabilities to already-developed apps. App wrapping is a technique that begins with AirWatch automatically de-compiling an app that has already been written. The app wrapping engine running in the AirWatch cloud environment will then identify specific functionality in the app to replace with calls to the AirWatch SDK and recompile the app. This allows for a subset of the AirWatch SDK capabilities to be added to an app without requiring any developer involvement. App wrapping is only compatible with internally-developed apps using compatible app development platforms, coding practices and libraries. AirWatch App Wrapping provides a turnkey solution and is ideal for short-term, tactical use. Like the AirWatch SDK, app wrapping supports stand-alone MAM and is great for organizations deploying apps on devices where users do not want to put a profile on the device.
Web App Development
Companies have invested heavily in web app development over the last 10 years. An organization typically chooses to mobilize a web app in order to take advantage of existing investments. Web apps are also easy to build and maintain, do not require app submissions and work on every platform.
One of the major disadvantages for organizations pushing a web app is the end-user experience. Users must first navigate to the web app through a mobile device’s browser. On unmanaged devices, Safari, Chrome and other device native browsers require users to set up a full device VPN to access backend networks. Setting up a full device VPN is not only cumbersome for the user, but it also enables all business and personal data to flow through the corporate network, which could lead to litigation. Once the VPN is enabled, depending on the nature of the web app, the user may need to enter their corporate credentials.
Native browsers also store history, cookies and other data locally using less-than-secure methodologies. If the device ever finds its way into a malicious actor’s hands, that actor may be able to recover that data and find sensitive information on the mobile device. Native browsers may also allow data to leak to third-party resources providing breadcrumb-like information on the end user. This information could provide third-parties visibility into the work and details of the end user’s job within the organization.
AirWatch Browser is a mobile app that provides organizations with a secure, configurable browser while offering an excellent experience for end users. AirWatch Browser aggregates company websites and web apps into a single pane for easy access to corporate information. App tunneling allows users to access sensitive content protected behind secure networks without requiring the user to manually connect to the device VPN. Single sign-on across websites and web apps prevents the user from having to enter credentials multiple times. For IT, AirWatch Browser also offers enhanced security and DLP controls such as copy/paste restrictions, blacklist/whitelist websites, clear history/cookies on a timer and more.
Hybrid App Development
AirWatch also has a Xamarin binding for developers to use. The Xamarin AirWatch SDK binding allows developers versed in C# programming language to easily utilize the AirWatch SDK to secure and enable their enterprise applications.
Watch our webinar for a deeper dive into AirWatch app development tools and view firsthand how to easily deliver secure, pre-configured mobile apps to employees. The webinar includes a demo of the AirWatch SDK and AppConfig Community using Xamarin.