Editor's Note: This tip, the first in a series of expert tips on creating and maintaining a corporate app store for employees, describes ways to determine whether your company really needs an in-house app store.
Answering the question of whether a corporate app store
- Does your company have realistic goals for a corporate app store?
- How will you make sure your app store meets those goals?
- Have you considered options other than launching a corporate app store -- such as setting strict policies on application use or requiring apps on employee phones to be monitored to see what users are running?
In addition, you need to consider in-house policies, especially those related to the bring your own device (BYOD) trend, and the policies of the device providers themselves.
Setting app-store objectives and goals
If your objectives for your corporate app store include qualifiers such as "like" or "want," that may be an indication that you don't have a hard benefit case in place. App-store deployment and maintenance isn't easy, and without concrete objectives, it probably won't return your investment in terms of cost and effort.
The best reasons for creating a corporate app store typically involve security and compliance requirements. Two major IT security problems involve users who bring malware into companies via insecure application channels or who accidentally share confidential information with others. In fact, some enterprises I've surveyed report that more than half their security or compliance breaches result from employees downloading contaminated applications or using apps that that bypass company security. If you can limit user access to such apps, you may be able significantly lower security risks.
Another worthy goal justifying a corporate app store: deployment of company-developed applications. By making these apps available the same way that other applications are offered, companies often find that employees are more likely to use them. In addition, the practices to load and maintain them are the same as those used for mainstream applications.
Addressing policy concerns
Once you've established goals, it's time to consider policy issues.
The best reasons for creating a corporate app store typically involve security and compliance requirements.
First, it's important to understand that corporate app store policies can collide with BYOD policies. That's because it's extremely difficult to force employees to access in-house app stores on their own mobile devices or to accept the limited number of selections that such app stores usually provide. In fact, it's possible that such restraints won't survive employee legal challenges over, for instance, invasion of privacy or violation of state labor laws governing workers' rights. (However, my research indicates that such challenges are rarely successful.)
Permissive attitudes toward BYOD create challenges for corporate app stores by widening the range of devices that the store will have to support. Most companies provide a single type of device to workers, a practice that makes app-store creation relatively easy. But in situations where users can supply their own devices, they may well have installed potentially risky apps already -- and built their personal habits and usage around them.
That situation reflects another place where policy is important. If compliance with company policy on apps and app-store use is a stated condition of employment, it's more likely to be enforceable than if the mandate is added later or is never made formally clear.
Actually setting up your app store
In-house app development can be a good justification for a corporate app store. However, it may be better to provide in-house apps via a supplementary internal portal than by creating an entire store just to convey apps to users. Some companies' experiences suggest that the best way to deploy internal apps may be having the IT organization install them -- and, if possible, ensuring that those apps can automatically update themselves.
Another caveat: Too many companies start thinking about a corporate app store with the lighthearted notion of developing a "skin" layer on top of a commercial app store, a process that is almost surely not going to be legal. Every device provider and most large carriers have policies regarding reuse of their app stores, and they often require that companies obtain licenses to base their own in-house stores on a provider's commercial app store. Because those organizations spell out the terms and conditions associated with such reuse, they'll frame the technical requirements associated with development.
Review each such policy carefully to ensure that your initial use -- and future changes -- don't violate any such provisions. Be especially attentive to restrictions that might be imposed on presenting one vendor's apps on the same page as, or linking them to, another's.
One alternative to obtaining carrier- or device-vendor support for your corporate app store is going directly to app developers. That approach can eliminate many restrictions and a lot of red tape, and in a few cases, you may even be able to get reseller benefits -- having a small piece of the app price refunded to you. The downside: Negotiating with each app developer will be time-consuming and will add to overall project costs.
You can obtain device-provider and operator policies on app-store sharing from the parties involved, but don't expect device manufacturers or operators to help you enforce employees' use of your corporate app store. Phone and tablet companies make money on apps, and in many cases, so do operators of mobile networks. In addition, Wi-Fi use often bypasses any operator-related features designed to limit access to public app stores, making the whole process ineffective.
Considering security, compliance -- and time
If security and compliance are the main goals for your corporate app store, you may wish to equip BYOD users' devices with monitoring agents that can determine which apps have been installed and alert the IT team when users add anything problematic. (Unfortunately, though, by the time IT gets the warning, it may already be too late: The app may have already compromised security or violated regulations.)
In fact, ongoing monitoring should be part of any corporate app store plan. Without it, there's really no way to enforce your app store policies.
In addition, be aware that you may face security risks that are at least as great as those associated with the promiscuous use of applications (lack of antivirus protection, for example). If it's not possible -- or legal -- to monitor devices' status and their application inventory, that alone may make the goals for your in-house app store so difficult to attain that the whole effort becomes a waste of time.
Ultimately, time is the last thing you should remember. An in-house app store requires a significant investment of time to maintain the store and to keep up to date with the license requirements of the vendors involved. Be sure that the benefits you'll gain will justify this investment, and be aware that, like everything else in enterprise technology, it's not going to get cheaper as time passes.
This was first published in October 2013