_Full control over apps and associated enterprise data
Mobile devices bring flexibility to employees and enable them to work regardless of time and place. While companies require their employees to use certain apps because they are secure and important for efficient work, employees also expect a certain amount of freedom – especially when it comes to using apps. They want to be able to install the apps they are interested in so that they can use the devices for both professional and private purposes. But this is a risk for companies – after all, apps can be a gateway for malicious software and thus endanger sensitive company data.
Organizations must be able to centrally control which applications are installed on a device, which applications an employee can install, and they must be able to easily manage the entire lifecycle of an app: from deployment to update to uninstallation. Mobile Application Management is the keyword here – and this is still comparatively easy with company-owned devices, but much more difficult with private and thus generally unmanaged devices.
_Purpose and types of Mobile Application Management
Mobile Application Management (MAM) involves the central management of applications throughout their entire lifecycle – with the aim of securing these and, above all, the associated company data, with a manageable amount of IT effort and without impairing the user experience.
The MAM functions can be provided in two different ways:
- Mobile Application Management can be part of Unified Endpoint Management, formerly Enterprise Mobility Management, which serves the central management of devices, content and applications and offers significantly more functions in addition to the administration and security functions for applications. The administration of the devices is absolutely necessary for this.
- Mobile Application Management is also available as a stand-alone solution (MAM only). The administration and security functions are integrated directly into the app. An administration of the devices is not necessary for this.
_Mobile Application Management as part of Unified Endpoint Management for enterprise devices
With enterprise devices, companies can centrally manage and secure devices, content, and even applications using Unified Endpoint Management (UEM). All functions related to applications are combined under Mobile Application Management and take place at the device level.
_The prerequisite is therefore that all devices are managed centrally, which makes it difficult to use for private devices and those of freelancers. Because their privacy must not be compromised – and this applies to both private and company equipment_
Ulrik Van Schepdael
Mobile Application Management as part of Unified Endpoint Management offers the following functions:
- Implementation of an Enterprise App Store to distribute mandatory or optional applications – including own apps as well as approved apps from the Public App Stores
- Use of payment and licensing mechanisms for apps and license management (e.g. the Apple Volume Purchasing Program)
- Configuration, installation, update and uninstallation of applications
- Monitoring the app status
- Securing apps through policies, encryption, VPN technology, multi-factor authorization or single sign-on
- Introduction of data loss prevention controls to prevent unauthorized disclosure of company data (limitation of file opening to authorized applications and limitation of copy and paste functions)
- Option to selectively delete enterprise apps and data in the event of device loss, theft, or non-compliance
- Most Unified Endpoint Management systems have deep integrations with OS apps or offer custom applications for standard tasks such as email, contacts, calendar and browser that meet high security criteria.
- The UEM systems offer management frameworks – such as AppConfig – that can distinguish between professional and private apps and data.
- In addition, the UEM systems usually also provide software development kits that make it possible to add a security component to company-internal applications.
_Mobile Application Management as a stand-alone solution for private and unmanaged devices
Companies can exert less influence on employees‘ private equipment and freelancers‘ equipment than they can on their own.
_Companies may not fully manage such equipment, unless the employee expressly consents, and exactly as with company-owned equipment may not touch private information in any way_
Does this mean that companies on unmanaged devices have no control over applications that affect professional data?
Or can apps also be controlled on devices that are not managed by IT?
The answer is: Yes. The MAM functions can also be used as a stand-alone solution on private, unmanaged devices. The corporate apps are either separated from the private applications by a container that can be controlled by the IT and secured with high security standards, or by a software development kit that integrates the management function directly into the app and ensures a secure configuration of the respective apps.
Companies can use it to perform the following functions:
- Definition and enforcement of minimum requirements that a device or app must meet to run the app (e.g. version of operating system and app)
- Jailbreak/Root detection
A registration of the devices is not necessary for this.
_For businesses, this is a great added value, as even non-enterprise devices are often used professionally and access sensitive data_
Founder & CEO
However, app development and deployment take a little longer and MAM functions cannot be integrated into every app.
_Software Development Kits for proactive protection also for customer data?
Some vendors even offer Software Development Kits (SDKs) that enable companies to add a security component to their own apps and proactively protect customer data. This component ensures that an app can no longer be executed as soon as a risk is detected on the customer’s device.
_In this way, companies can protect their customers‘ data even if the user does not have security software on the mobile device. Especially for apps that manage sensitive data, this protection is a great added value_
Founder and Managing Partner
_App management in the future
_In the future, both containers and Software Development Kits will no longer play a role. Instead, all operating systems will support a multi-user approach that securely separates professional and personal applications and data_
Expertise for efficient and effective app management
In companies, there are various players involved in app management and security: IT administrators on the one hand, developers on the other, and data protection and security officers in the middle. As a rule, they have different areas of interest, responsibilities and levels of knowledge in this area. Therefore, companies are well advised to consult the expertise of an app management expert.
Feel free to contact us and let us advise you on optimal application management