An enterprise app store should provide the controlled availability of apps for employees. We look at what is available for organisations to use.
Apple launched the app store concept on 10 July, 2008.
The Apple App Store allowed the company to control the quality of apps and to open a new revenue stream. Sales topped $10bn in 2013.
With the launch of similar services by its major competitors – including Google, Amazon, Microsoft, Nokia and Samsung – the term "app store" now refers to any similar service for mobile devices.
Since then, app stores for a wide range of operating systems (OSs) – Android, Windows, Linux, Symbian, Windows, and so on – have sprung up, but all are consumer-focused and have proved difficult to manage from a corporate perspective.
The US Federal Trade Commission went so far as to describe the Apple and Google marketplaces for mobile apps as "a digital danger zone with inadequate oversight".
With the proliferation of mobile devices, bring your own device (BYOD) policies and the wide adoption of tablets in the enterprise, the need for enterprise mobile device management (MDM) and mobile application management (MAM) strategies became pressing. Companies needed to provision and control access to internally developed and commercially available mobile apps used in business settings.
An enterprise app store can provide the controlled availability of apps for employees and partners. Attempts at developing and deploying in-house mobile apps typically reached only 40-50% of the intended user population, and were a pain to maintain. So most companies look to external app store providers for on-site or hosted cloud systems.
The enterprise apps market
Creating an in-house enterprise apps store involves hardware, software and services (see diagram, below).
Apperian is an example of a company developing pure-play app stores. Apperian’s custom-built and third-party apps, links to public apps, web clips, hybrid apps, device profiles and email configuration profiles can be stored in the enterprise app store. Updates are distributed with alerts and policies can be applied to force updates.
Apperian provides a unified native app store experience for Android, iOS and BlackBerry, as well as a web-based HTML5 version. The app store can be completely configured and branded with a customer’s logo. It supports role-based access and Apple’s Volume Purchase Programme (VPP), so customers can buy and track bulk licences for apps in the iTunes app store. Connection to an enterprise authentication server provides single sign-on (SSO) for users.
Good Dynamics’ pure-play app store is called GDSMP and provides access via corporate directory systems for the extended enterprise of contractors, ecosystem partners and distributors. The app store delivers a consumer-like experience with enterprise controls and dashboards to view performance metrics. Users are notified when new apps or updates for downloaded apps become available.
It is designed to be highly scalable, and can handle hundreds of iOS, Android or HTML5 apps, as well as content such as documents, presentations, images and videos to tens of thousands of devices. Both the "managed distribution" and "redeemable codes" methods of the Apple VPP are supported.
Traditional hardware platform providers are developing server- and cloud-based stores with the necessary servers, gateways and firewalls.
IBM recently formed a strategic alliance with Apple to provide vertical industry iOS systems. The IBM MobileFirst Platform offers a hardware infrastructure with a private app catalogue supported by analytics, workflow and cloud storage on IBM’s Cloud Marketplace, security and integration.
HP’s Access Catalogue offers a secure, private Android and iOS app store for employees to browse, search and download mobile applications and digital content onto mobile and tablets devices, as well as desktops. It is delivered via native mobile clients and a web interface that helps organisations reduce the cost and complexity of managing applications on company-issued and BYOD mobile devices.
MDM and MAM tools
Motorola RhoGallery is a component of RhoMobile Suite and part of RhoHub. It allows IT departments to manage and deploy mobile applications on Motorola servers. Apps are uploaded into a gallery and users receive a text or email invitation with a link to the gallery. All users in that gallery are automatically notified about app updates.
RhoGallery focuses on MAM and data used by enterprise users. It does not provide any MDM component. Software providers offer enterprise app store services that sit on top of their MDM and MAM tools.
The BMC AppZone provides app vetting and curation of both in-house developed apps and externally sourced apps. It allows corporate volume and purchase order procurement process in both Apple and Google environments. Corporate IT can set access policies for site and individual app access and handles licence management.
VMware’s AirWatch integrates an enterprise app catalogue with public app stores, such as Apple, Google and Amazon, and with the Apple VPP for volume purchase and licence management. For organisations building custom internal applications, AirWatch offers software development kit and app wrapping for applying policy to applications.
SAP’s Sybase Afaria software platform delivers centralised control of all mobile devices and tablets, including iPhone, iPad, Android and BlackBerry, as well as the apps that run on them. Afaria offers enterprises the flexibility to deploy on-premise or partner hosted.
Microsoft released an update to Windows Intune last year. Windows 8 developers can install a “company portal” app from the Windows Store and then install apps made available by their company onto user devices if they are enabled for side loading.
Align mobile services with business strategies
Global system integrators provide mobile integration services aligned with corporate business strategies, in order to use mobile technologies as a catalyst to pursue new business models. Many resell Apperian or Good stores, but some take it a step further.
For instance, Atos has teamed with EMC and VMware to create Canopy, a global cloud service company that offers an enterprise app store service allowing customers to manage all their apps throughout the app lifecycle. As well as providing global guaranteed quality of service access to the enterprise apps, Canopy helps manage costs and ensure rapid deployment.
Some telcos now offer dedicated enterprise app stores as hosted managed services for their customers. Again, most telcos rebrand pure play systems, such as the BT Enterprise Mobility Portfolio with Apperian as the app store engine.
The successful enterprise app store
The success of an enterprise app store is measured in improved user productivity and motivation. The app store can facilitate a smoother work process, in a regulated and secure environment. However, enterprise management and the IT department must also be ready for significant changes in user online and mobile behaviour, both in traffic volume and user demands for additional apps.
Selection criteria for the enterprise app store
Type of apps to include
Which types of apps need to be included – public, custom or hybrid? Will the enterprise app store contain only apps that the enterprise itself created or will it also offer third-party apps? What are the requirements to pre-qualify the app for inclusion?
Keeping it in-house allows for hands-on control (where the data is stored, version control, who gets access, and so on). It may also be a requirement of the company’s governance and risk policies – especially if the apps access personal or very sensitive data. The downside is all the maintenance that running the store entails. So companies looking for optimal functionality for the lowest cost will usually opt for an outsourced store. Companies that already operate a hybrid private/hosted cloud environment can maintain sensitive apps and data on their own site, while making the wider range of corporate apps available, and maintained, on the hosted site.
Support for multiple mobile OS
There is a constantly shifting range of phone and tablet OS versions that need access to apps. Corporate IT should ensure the provider they choose has the capability and demonstrated track record to keep up with these changes. Limiting apps to a specific OS risks alienating parts of the user base. However, it is an option to specify which operating systems a given app will run on.
Browser and native apps support
It is sensible to allow apps to be downloaded on user devices via a URL or through an enterprise market app. Alternatively, the emergence of completely browser-based HTML5 apps is OS agnostic – but still rather unstable – and simplifies access significantly. The trade-off is that these HTML5 apps may lack some of the functionality of the OS-specific apps.
Many of the mobile software providers come from the MDM and MAM side, providing additional expertise in maintaining a database of users, devices and apps, including a matrix association (users have multiple devices, devices are used by multiple users).
Users’ access to the enterprise app store should be through the company’s identity access management (IAM) system, and the LDAP-compliant directory can be used to identify individual users’ access privileges. Similarly, app downloads should only be allowed over HTTPS or through VPN tunnels.
OTA (over the air) updates and notifications
Updates and notifications are important for bringing corporate apps up to date on users’ devices, installing patches and other maintenance-related fixes. The app store must be able to push out updates and notify users.
Administration console, centralised management and usage encouragement
The app store administrators must manage new apps, update existing ones and reject apps that do not meet the app store criteria. Maintenance also requires the ability to easily retire, archive and remove apps when necessary. There also needs to be a clearly formulated process for submission, approval and removal of apps.
Besides the essential antivirus functions and malware filtering, the app store platform should provide a means to identify, prevent and take down apps that do not conform to the organisational code of conduct. Access behaviour needs to be logged and regularly analysed to identify aberrant user behaviour, and monitor usage levels of individual apps.