Earlier this week, Appthority and MobileIron announced a partnership to integrate Appthority's mobile risk assessment service with MobileIron's app management and app inventory features. The move helps fill a void in many enterprise mobile management solutions -- making sense of the data that the device and app management products can provide to IT leaders. Although the vast majority of mobile management tools available today can provide an inventory of the apps installed on managed devices, that inventory has somewhat limited value if the IT professionals looking at it don't know much about some (or all) of the apps being used in their organization.
With Apple's App Store and Google Play offering nearly a million apps each, keeping up to date on the data security risks apps pose is nearly impossible. In the case of Android, the challenge is even bigger because of the range of third-party app marketplaces and the ability to sideload apps. Keeping up on security news and alerts and mandating the use of anti-malware tools can help detect and neutralize some threats, but it's an incomplete and ineffective approach.
Mobile security encompasses much more preventing malware. It also includes ensuring apps don't record or transmit confidential business data without a user's knowledge and it includes limiting the use of apps that store or transmit data in an unsecured manner. The worst offenders might make the news, but there many more apps that don't receive media attention yet still pose some degree of risk. Evem apps that serve legitimate business functions may pose security risks.
Appthority's response to this challenge is to provide a IT professionals with an analysis of the security challenges posed by the apps being used in their organization -- taking the data pulled in from MobileIron or other management tools and creating context around it. The company's cloud-based service uses a range of techniques to assign a risk management score to each app. Appthority works with its customers to understand their particular needs and can weight various types of risks accordingly. This means that the risk scores that each company sees may vary but they reflect each company's security needs and priorities.
Customers can drill down to get information about each app and its ranking and to find out how and why received its ultimate score. Tied to a mobile management product like MobileIron, specific actions can be triggered like alerting IT to potential risks, alerting users directly, or limiting a user's access to company data or networks until a risk-prone app has been removed. IT can also research apps that pose risks and search for apps that meet similar needs but are more secure and then suggest those to users as alternatives.
While Appthority is providing an excellent resource for IT and a great value-add to its various mobile management partners, the security concerns about apps are actually part of a much larger issue for IT teams and business users alike -- How do you navigate through app stores with thousands upon thousands of potential digital workplace tools like alternatives to Microsoft Office, time and expense trackers, and travel apps and select apps with a degree of certainty that they are the best choices available?
Even where an app management product is used to create and manage an enterprise app store, keeping on top of the best apps to include in it can be a full-time job in itself. In some large organizations, like those that have created an internal mobile information desk patterned after Apple's Genius Bar, it may be possible to hire staff primarily to act mobile app experts. Many IT departments aren't that fortunate, however, and are being asked to take on more tasks like mobile and cloud management without major staff increases.
Apperian is one company that is taking on this challenge by using rating and suggestion features that crowd source the preferred apps across the entire organization. That's certainly a step in the right direction (and a great value). Enterprise social networks (and even public networks like LinkedIn and Twitter) are another way that IT can shift some of the app selection process to mobile users while still keeping watch for potentially dangerous apps. The truth, however, is that there may not be a single magic bullet for the app selection process that will work for everyone. Accepting the premise that a single, perfect tool isn't out there means that each company needs to consider what the best app selection or curation options or processes are best for its culture, industry regulations, and staffing options.