_Full control over apps and associated enterprise data

Mobile devices bring flexibility to employees and enable them to work regardless of time and place. While companies require their employees to use certain apps because they are secure and important for efficient work, employees also expect a certain amount of freedom – especially when it comes to using apps. They want to be able to install the apps they are interested in so that they can use the devices for both professional and private purposes. But this is a risk for companies – after all, apps can be a gateway for malicious software and thus endanger sensitive company data.

Organizations must be able to centrally control which applications are installed on a device, which applications an employee can install, and they must be able to easily manage the entire lifecycle of an app: from deployment to update to uninstallation. Mobile Application Management is the keyword here – and this is still comparatively easy with company-owned devices, but much more difficult with private and thus generally unmanaged devices.

_Purpose and types of Mobile Application Management

Mobile Application Management (MAM) involves the central management of applications throughout their entire lifecycle – with the aim of securing these and, above all, the associated company data, with a manageable amount of IT effort and without impairing the user experience.

The MAM functions can be provided in two different ways:

  • Mobile Application Management can be part of Unified Endpoint Management, formerly Enterprise Mobility Management, which serves the central management of devices, content and applications and offers significantly more functions in addition to the administration and security functions for applications. The administration of the devices is absolutely necessary for this.
  • Mobile Application Management is also available as a stand-alone solution (MAM only). The administration and security functions are integrated directly into the app. An administration of the devices is not necessary for this.

Mobile Application Management as part of UEM

_Mobile Application Management as part of Unified Endpoint Management for enterprise devices

With enterprise devices, companies can centrally manage and secure devices, content, and even applications using Unified Endpoint Management (UEM). All functions related to applications are combined under Mobile Application Management and take place at the device level.

_The prerequisite is therefore that all devices are managed centrally, which makes it difficult to use for private devices and those of freelancers. Because their privacy must not be compromised – and this applies to both private and company equipment_

Ulrik Van Schepdael

Mobile Application Management as part of Unified Endpoint Management offers the following functions:

Administrative functions:

  • Implementation of an Enterprise App Store to distribute mandatory or optional applications – including own apps as well as approved apps from the Public App Stores
  • Use of payment and licensing mechanisms for apps and license management (e.g. the Apple Volume Purchasing Program)
  • Configuration, installation, update and uninstallation of applications
  • Monitoring the app status

Safety functions:

  • Securing apps through policies, encryption, VPN technology, multi-factor authorization or single sign-on
  • Introduction of data loss prevention controls to prevent unauthorized disclosure of company data (limitation of file opening to authorized applications and limitation of copy and paste functions)
  • Option to selectively delete enterprise apps and data in the event of device loss, theft, or non-compliance

Further functionalities:

  • Most Unified Endpoint Management systems have deep integrations with OS apps or offer custom applications for standard tasks such as email, contacts, calendar and browser that meet high security criteria.
  • The UEM systems offer management frameworks – such as AppConfig – that can distinguish between professional and private apps and data.
  • In addition, the UEM systems usually also provide software development kits that make it possible to add a security component to company-internal applications.

Mobile Application Management

_Mobile Application Management as a stand-alone solution for private and unmanaged devices

Companies can exert less influence on employees‘ private equipment and freelancers‘ equipment than they can on their own.

_Companies may not fully manage such equipment, unless the employee expressly consents, and exactly as with company-owned equipment may not touch private information in any way_

Ronan Murphy
Managing Director

Does this mean that companies on unmanaged devices have no control over applications that affect professional data?

Or can apps also be controlled on devices that are not managed by IT?

The answer is: Yes. The MAM functions can also be used as a stand-alone solution on private, unmanaged devices. The corporate apps are either separated from the private applications by a container that can be controlled by the IT and secured with high security standards, or by a software development kit that integrates the management function directly into the app and ensures a secure configuration of the respective apps.

Companies can use it to perform the following functions:

  • Definition and enforcement of minimum requirements that a device or app must meet to run the app (e.g. version of operating system and app)
  • Jailbreak/Root detection

A registration of the devices is not necessary for this.

_For businesses, this is a great added value, as even non-enterprise devices are often used professionally and access sensitive data_

Philipp Klomp
Founder & CEO

However, app development and deployment take a little longer and MAM functions cannot be integrated into every app.

App Management Development

_Software Development Kits for proactive protection also for customer data?

Some vendors even offer Software Development Kits (SDKs) that enable companies to add a security component to their own apps and proactively protect customer data. This component ensures that an app can no longer be executed as soon as a risk is detected on the customer’s device.

_In this way, companies can protect their customers‘ data even if the user does not have security software on the mobile device. Especially for apps that manage sensitive data, this protection is a great added value_

Markus Adolph
Founder and Managing Partner

App Management Future

_App management in the future

_In the future, both containers and Software Development Kits will no longer play a role. Instead, all operating systems will support a multi-user approach that securely separates professional and personal applications and data_

Thierry Lammers

Expertise for efficient and effective app management

In companies, there are various players involved in app management and security: IT administrators on the one hand, developers on the other, and data protection and security officers in the middle. As a rule, they have different areas of interest, responsibilities and levels of knowledge in this area. Therefore, companies are well advised to consult the expertise of an app management expert.

Feel free to contact us and let us advise you on optimal application management

EBF Status Check