momius - Fotolia


Delivering private and public cloud applications securely

'It's all about the apps' is today's mantra, and managing private and public cloud app delivery must be a top concern in order to safeguard enterprise security in the mobile age.

Given the dominance of mobility in organizational IT strategies today, it's not surprising that "it's all about the apps" has become a mantra. While one might argue that it's really all about the information those apps manage and transform, the importance of the functionality, security and integrity of those apps cannot be overestimated. So it's vital that organizations have a strategy for managing what is often an increasingly large number of mission-critical apps across an ever-more distributed and growing user base.

Though they run locally on mobile devices, applications are distributed via public or private -- or sometimes both -- cloud providers. Delivery options for public cloud applications include vendor app stores and related sites, and the process involved is intuitive, reliable and proven. But proprietary or otherwise private apps distributed within an organization also require special consideration regarding how they are managed, supported and secured.

A Private and Public Cloud App-Management Checklist

Here are the key items to keep in mind for your app-management checklist:

  • Enterprise app stores. These are the repositories for apps distributed directly by the organization. They provide a single point of distribution, control and management; a catalog of available apps and a log of their use; and authentication of apps to minimize the possibility of success in attempts at theft or tampering. Effective app stores can be customized to fit the needs of specific users or groups of users, often in conjunction with directory services and identity management tools. Many app stores also provide the management of vendor licensing requirements for redistributed apps, such as Apple's volume purchase program.
  • Mobile application management (MAM). This element of modern enterprise mobility management (EMM) software assures that only authorized apps can run on a given mobile device. MAM is typically implemented via a whitelist or blacklist mechanism and must also provide broad support for BYOD. The latter is important because devices owned by the end user cannot be as tightly managed as their company-owned counterparts, and the opportunities for errant private or public cloud apps attempting to compromise sensitive organizational data and facilities must always be considered.
  • Security and integrity. The most common technique applied to private or public cloud applications on mobile devices today is the use of software containers -- increasingly a facility implemented directly in the mobile operating system -- to enable operational management to be limited to the containers themselves. With this approach, distribution of apps and especially sensitive data onto arbitrary mobile devices is much less risky -- again, assuming that an appropriate MAM platform is in place. Note that there is always a degree of risk associated with the availability of any third-party app; there is no way to determine exactly what that app might be doing at any given moment in time. MAM, combined with containers, can offer a compelling bulwark against malicious use.
  • Management and administration. Management visibility through MAM and EMM dashboards is essential to shed light on who is using a given app and identifying any possible unauthorized activity. The level of effort here, however, is really no different from any other IT management activity, and it will continue to be eased by the increasing application of analytics techniques. It's also important to consider the support effort and costs associated with proprietary app distribution, including training materials, help desk and related activities.
  • Cross-platform considerations. All app distribution strategies must consider the multiplatform nature of today's IT landscape. At a minimum, support for iOS, Android, Windows, Mac OS and perhaps one or two flavors of Linux is required. Note that restricting the universe of available (supported) device and mobile-OS pairs always lowers costs and risks, so updates and upgrades may be required by policy in order for a given user to have access to a given app.

We're at the point where organizations of any size are able to leverage a broad range of approaches to meet their private and public cloud app-distribution needs. As always, though, it's best to start with objectives, strategies, policies and procedures, and then back all these up with end-user education and training.

Properly implemented, distribution of both private and public cloud applications can be transparent, working its magic without bothering either IT staff or the end users benefiting from access to those increasingly essential programs.

Next Steps

How to select the best app delivery controller for your company

View our photo story on virtual application delivery tools

Managing multicloud environments is a major IT challenge

This was last published in December 2016

Dig Deeper on Cloud Networking