Web apps easier for IT to secure, but BYOD users go native

BYOD shops deal with constant push and pull and the tension increases when it comes to Web apps vs. native apps. Users like native apps, but IT can’t seem to secure them.

Most companies support a combination of Web-based and native apps, but when it comes to mobile devices, IT finds Web apps easier to manage and secure -- end users just want whatever’s fastest.

“I see IT wanting to manage Web apps, but I see users just wanting the easiest way to access their apps,” said Dwayne Lessner, an infrastructure specialist at Husky Energy in Alberta, Canada.

The bring your own device (BYOD) trend means employees use their personal smartphones and tablets to work from anywhere, and many of them download mobile apps to do so.

“Whatever they need, employees are going out and getting it themselves,” Lessner said.

Employees download mobile apps for everything from LinkedIn and Gmail to instant messaging apps so they can communicate with colleagues and consume information. But native applications that aren’t controlled by IT can compromise corporate data. For example, native mobile apps aren’t easy for IT to secure because they often don’t connect to the company’s servers.

“It’s Wild West out there with application security,” said Tim Ehrhard, IT manager at Merrill Corp., a technology services company based in St. Paul, Minn.

Why users want native apps

It’s Wild West out there with application security.

Tim Ehrhard ,
Merrill Corp.

Browser-based apps can work with any browser and OS, while client-based apps are platform-specific. IT shops choose Web apps or native mobile apps depending on which provides a better experience.

“Native apps can deliver the most complete experience, achieving 100% functionality in a given platform,” said Claudio Rodrigues, CEO at WTSLabs Inc., a server-based computing consultancy based in Nepean, Ontario. “The drawback is it ties itself to a particular platform. But that can be solved by centralizing app execution and remoting it to the endpoints.”

Native mobile apps also provide better functionality for transaction tasks such as banking, processing-heavy applications that require a lot of images, and anything that requires access to device-specific features, such as the camera, said Apoorv Durga, a senior analyst for Real Story Group, a buyers advocacy group based in Olney, Md.

But BYOD security is a major problem for companies that support employee-owned devices. To secure native apps with a BYOD policy, IT managers often have to follow certain vendor requirements.

“Apple’s code is very tight,” Ehrhard said. “It’s very difficult if IT doesn’t own the machine for them to control the machine.”

With Web apps, on the other hand, IT can make its own rules on its own servers and add login credentials to increase security. Organizations with mobile workers need to create downloading policies, Durga said, but restricting certain native apps might not jibe with users -- especially if the device in question is a personal device, rather than a company-provided one.

“If I lock down your iPhone, what’s the point of having the iPhone in the first place?” Lessner said.

Still, users can often access native apps with the click of a single icon, so they are more likely to download platform-specific apps for functions they use regularly (social apps, email, messaging).

“It’s three clicks less to get to what you want to get to,” Ehrhard said. “But to do real work, native apps aren’t quite there yet.”

IT prefers Web apps

Applications that IT can host itself and deliver remotely to end users via a Web browser allow users to access and navigate through information the same way they would on a desktop. That makes browser-based apps better suited for information consumption -- reading documents, for instance. HTML5 will also improve the user experience for those apps.

And for IT, “It’s just a matter of comfort level” with Web applications, Lessner said.

More BYOD policy resources

HTML5 Web apps add device integration but trail native apps

Is the Web dead in the face of native apps?

How to create a BYOD policy

BYOD and cloud services cause – and ease – IT security concerns

Web apps are also far easier to patch and update than native mobile apps. Since they work universally with any platform, IT can manage Web apps with the same tools across different desktops or devices. Plus, Web apps usually have better user intelligence than native apps, so IT can track activity or data leaks.

“Why you want a server-based app: pure control, freedom and security,” Ehrhard said.

To decide what works best for the business, IT shops can look into both the Web and native versions of an application. For instance, Google apps such as Gmail and Google Maps come in both forms, but the Web version doesn’t always win out. The browser-based apps can’t take advantage of device-specific features like push notifications for Gmail or GPS locating for Google Maps. Other Web-based apps run into browser compatibility issues, Ehrhard said.

“The whole promise of Web apps was being able to run on any device on any platform,” Rodrigues said. “Have you noticed how many companies are still tied to IE6? If Web apps were as agnostic as promised, IE6 would be irrelevant.”

Hybrid apps are another alternative: Apps such as Flipboard, a magazine reader use HTML5 and Javascript like Web apps, but are wrapped in OS-specific code and downloadable for specific platforms.

Some companies even develop applications in house to customize security and management controls.

“Either you play like everybody else in the sandbox, or you build your own sandbox,” Ehrhard said.

But in the Web versus native debate, IT and end users don’t always agree -- and that’s especially tricky in the mobile era.

Dig Deeper on Mobile management

Unified Communications