Dealing with the application explosion

The application landscape has changed forever. With fat local apps, Web apps, SaaS apps, and mobile apps, it’s becoming harder to manage and secure the unprecedented diversity of applications that drive the enterprise. In this week’s New Tech Forum, Chandra Sekar (senior director of product marketing for Citrix Mobile Platforms) and Kevin Strohmeyer (director of product marketing for Desktops and Apps) of Citrix take us through some of the challenges and potential solutions to deal with today’s app explosion. — Paul Venezia

It’s all about the apps

For a generation or more, IT has thought about end-user computing in terms of a Microsoft Windows desktop. But today, when you ask people what really matters to them, they talk about the applications they rely on to get their work done. Inside and outside the enterprise, those apps are diversifying rapidly.

With not only Windows applications, but also Web, mobile, and SaaS apps, the desktop no longer stands alone in defining the user experience. For IT, the challenge now is to deliver the apps people need, where they need them, while maintaining security and control — regardless of app type, device, or location.

The latest Citrix research paints a clear picture of the changing enterprise landscape. Our survey last year of 733 customers across the globe found:

• 64 percent of the apps in their enterprises today are Windows-based
• 20 percent are Web or HTML5
• 10 percent as SaaS
• 6 percent are currently mobile

When asked to anticipate what they’ll be doing just a year from now, customers describe a changing mix:

• The share of Windows apps is predicted to be at 54 percent
• Web/HMTL5 apps rise to 23 percent
• SaaS apps rise to 14 percent
• Mobile rises to 9 percent

Windows will continue to be the dominant platform, but to focus too narrowly on the traditional desktop paradigm risks overlooking a fundamental change in the way people are using apps.

Increasingly, the new way of working is characterized by a mobile workspace that securely delivers apps, desktops, files, and services to users on any device from which they choose to work, over any network. In a multidevice mobile world, you need to support a heterogeneous computing environment while ensuring effective security, minimizing complexity, and controlling costs.

As IT strategy focuses on delivering apps to any device, three key challenges emerge.

1. Mobilizing your existing portfolio

No part of IT is more important than the application portfolio. Organizations likely rely on hundreds or thousands of apps to empower people to reach full productivity, generate business value, and move organizations forward. As new delivery models and emerging use cases transform mobile workstyles, companies need ways to continue to leverage their app portfolio investments while meeting a complex matrix of new requirements. How will they deliver existing Windows apps to mobile devices? Should they develop their own mobile apps — or can they afford to wait until native mobile or SaaS versions of commercial Windows apps become available?

Windows application hosting plays a crucial role here. While desktop virtualization models like VDI have received more attention lately, application hosting continues to provide a simple way to mobilize Windows applications for nondesktop workspaces, like smartphones and tablets. Instead of incurring the vast amounts of time and expense required to develop new mobile versions of enterprise applications, solutions like Citrix XenApp deliver applications and data optimized for more native mobile experiences, without back-end recoding. Because virtualized apps continue to be delivered from the same centrally managed instance that supports VDI, enterprises can minimize overhead and make new updates available in every usage scenario simultaneously.

2. Delivering enterprise-ready mobile apps with consumerlike features

Mobility is one of the main drivers of shadow IT, as users bring consumer-grade apps into the enterprise to compensate for the lack of IT-issued, enterprise-ready mobile apps. Native mobile email clients and Web browsers, file sharing services like Dropbox, and mobile calendaring apps all serve important user needs, but they invite security breaches and complicate life for IT. Often, they also lack key enterprise features necessary for full productivity.

Whether through in-house development or a third-party vendor, IT needs to provide sanctioned, enterprise-ready alternatives to consumer-grade mobile apps. To succeed, these apps have to pass the toughest test of all: user acceptance. One way to do this is to provide business-oriented features beyond the scope of a consumer app or service, such as the ability to add an attachment to a meeting invitation or join a meeting right from the calendar request. Equally important, though, the app must offer the consumerlike experience users demand and maintain consistency with the look and feel of the iOS or Android apps they’ve been using.

3. Securing apps in the right way for each scenario

Traditional computing environments lent themselves to a one-size-fits-all approach to security. All apps were used in the same place, over the same network, and on the same type of device, so security policies didn’t need to be granular to ensure effective protection. Today, mobility and the diverse use cases it enables call for a more nuanced approach. People must be enabled to use apps and data in as many scenarios as can be permitted securely, while avoiding risk in scenarios that call for higher levels of protection.

A fundamental operating principle of mobile security is that not all apps are created equal — and their security shouldn’t be handled the same way, either. Similarly, not every scenario calls for the same level of security. IT strategy should focus on managing and securing what matters, when it matters, where it matters.

Consider two common use cases. Let’s say a doctor in a hospital uses a personally owned tablet to access an electronic medical record app on a mobile device. These apps tend to be quite complicated in the amount and structure of information they access in back-end repositories; they also face strict security requirements to comply with patient privacy regulations.

Clearly, a high level of protection is required. One can either deliver the app virtually, avoiding local data storage, or use a mobile app management (MAM) solution. In either scenario, policies restricting the app’s usage to the hospital’s secure network may be necessary. IT may also want to require two-factor authentication, prevent local data storage, or apply other measures. For a more flexible approach, policies could define different usage zones and allow different levels of functionality and data access depending on the respective location and network connection.

Now consider an expense management app — the kind found in any public app store. IT could make it enterprise-ready by wrapping the app to secure it, but might also decide that even this basic protection isn’t really necessary for the organization. After all, no credit card numbers, personally identifiable information, or other sensitive data is being transmitted, just a list of expenses and vendors — as would be displayed on a discarded receipt.

The point is IT doesn’t have to look at every single app as a potential security hole. If it’s a highly sensitive or mission-critical app, by all means, secure it. But if high security isn’t needed, go ahead and let people use whatever app they like, however they choose, so IT can focus attention and resources more productively elsewhere.

SaaS apps should not be overlooked. Whether used on a mobile device or on a desktop PC, SaaS apps can open security gaps, such as when a terminated employee uses his or her credentials to access an active account from outside the network. Citrix handles this with a single-sign-on capability, which proxies user credentials rather than having people use their own credentials directly. Users never knows their actual credentials on the system.

It’s a win-win: Users don’t need to remember multiple logons to access frequently used applications, and the process to securely remove users from the system is easier. By revoking the SSO credentials, IT can render all the user’s SaaS accounts inaccessible at once.

As we develop more granular, app-specific, and scenario-dependent approaches to security, it’s important to ensure that these same policies can be applied easily across all types of apps to ensure consistency and simplify administration.

A more diverse and complex enterprise environment is now emerging, and with the right tools, this comes as good news for organizations and their employees. Empower employees to work in more ways and in more places, and they’ll be more productive across a broader range of use cases. For IT, this evolution calls for new tools and new ways of thinking. By taking an app-centric approach, IT can adapt seamlessly and deliver stable and secure applications across the enterprise.

New Tech Forum provides a means to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all enquiries to newtechforum@infoworld.com.

This article, “Dealing with the application explosion,” was originally published at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.