Enterprise AppStore is a Gartner top 10 trend for 2012. Creating consumer style App Stores is great for empowered users and the consumerisation of IT, but it presents unique challenges for IT, requiring balancing a consumer orientated service with enterprise policies and security.
With the exploding consumerisation of IT and bring-your-own-device (BYOD) trends, end users want the same ease of use at the office as they do in their daily lives when they interact with technology. They are used to downloading apps instantly, the ease of e-commerce, online bill pay, for instance, and the seamlessness of being more productive right away.
Could implementing the same services in the enterprise that users have come to know and love in their personal lives create a more productive employee? Attract tech savvy talent? Or give a sense of user empowerment and freedom? Absolutely. But enterprises must have the correct processes and controls in place to accommodate this new found freedom. And it starts with the App Store.
Enterprise App Store Essentials: Identifying Need
When changing the focus from a consumer oriented App Store to an enterprise App Store, organisations must address unique challenges around policies and security. Making applications available in an enterprise self-service model requires careful consideration and planning around visibility, approval, and licensing requirements - the three fundamentals for deploying enterprise AppStores.
Visibility requirements often arise around the needs of the business unit, role-based permissions, or even export compliance rules. Developing an appropriate structure within the App Store to control what apps a user can request ensures that users gets what they are looking for while the enterprise maintains administrative control.
The goal of the consumer-orientated AppStore is to expose users to as many products as possible. Individuals are encouraged to buy as much as they can, and upgrade to “premium” versions over “standard”. In contrast, Enterprise AppStores require controls. For instance, giving employees the choice between standard, professional, and premium versions without consideration to their business needs and feature requirement is a recipe for unnecessarily high licence costs. Users are naturally inclined to choose more bells and whistles over less, regardless of whether they’re actually required - “I want premium I need premium” is often cited.
Users cannot reasonably be responsible for understanding and researching the differences between feature sets of different software editions and applying those differences to their actual needs. This filtering process must be handled at the administrative level.
Enterprises can only then make available a filtered catalogue of apps that meets actual business requirements - no more, no less.
There will always be unique requests that cannot be anticipated, however. Should the need arise for deviating from a standard offering, the organisations should have means and processes in place for identifying the non-conforming business case.
This can be done intelligently via an App Store capable of generating questions relating to the differences between software editions, and recommending the editions that best suit the needs.
Once the system determines that an application is available, it must then evaluate approval conditions. While this is often done manually by the business owner (manager, cost centre owner, etc.) certain applications may need further review by security teams and application owners to ensure that there is a business case and that use rights are valid.
When cost is a consideration in determining approval, careful review of the application’s intended use must match its functional specifications. Moreover, there are frequently other technical considerations.
Too often, approvals are “rubber stamped” simply because a user requested an application and there is budget for it. While a manager may approve the request from a financial position, he or she may not have the necessary technical expertise or the understanding of software licensing and entitlements to make an informed approval decision.
One solution is to ensure that the enterprise App Store has functionality allowing an app owner to review user requests, in addition to the manager. Enabling the individual(s) with expertise in a specific app to be involved in the process allows IT to match the right app based on a user’s need. An app owner can review the need, accept the request as valid, or offer an alternative app that is more suited to the user’s business requirements.
Once the manager has approved the request from a cost perspective and the app owner from a business need standpoint, the final step is to ensure that the licensing being issued is in compliance with the enterprise’s software licence agreement and entitlements.
Software Licensing, Entitlements & Optimisation
The number of licences an enterprise has rights to, and the specific manner in which those licences are entitled to be used - i.e. its licence position - plays a key role in managing an enterprise App Store. If an enterprise issues licences it doesn’t have, or those licences are issued in violation of specific entitlements in the licence agreement - the enterprise can expose itself to six, seven or even eight-figure software audit “true-up” penalties from the software vendor.
This risk is not well understood by users, because apps are not paid for by the employee, but rather by the organisation. This disconnect often results in over spend if proper licence restrictions and use rights are not evaluated during the time of request and if the App Store does not apply appropriate rules.
The enterprise App Store should provide safeguards preventing access to and download of applications that are unavailable due to licensing and entitlement restrictions. With built-in App Store capability to alter the approval process based on ever-changing usage of applications, licensing requirements and entitlement rights; enterprises can adapt quickly to licence availability limitations and prevent non-compliant use that would subject them to software licence audit risk.
An enterprise’s asset management “maturity level” determines how effectively an enterprise App Store can make real time licensing and entitlement decisions. If ownership and usage rights are managed and tracked manually (i.e. via spread sheets or emails) then the enterprise will have difficulty taking into account the organisation’s true licence position and therefore, knowing which applications to make available.
In contrast, organisations that have deployed sophisticated software licence optimisation systems are much better armed with the tools necessary to make real time decisions around licensing such as: Is there a surplus of available licences for download? Can a licence be used by this particular user in compliance with licensing terms? Ensuring that the enterprise App Store is integrated with the software licence optimisation solution allows faster business decisions and more sophisticated cost controls. And it provides the end user functionality demanded by today, without increasing audit exposure risks due to non-compliant use.
The implemented system will allow end users to navigate an internal app portal and be presented with a filtered list of categories and applications that have been predefined for them. The application download request will then be evaluated for approval and automatically routed to the appropriate approvers.
During this approval process, the current licence position is automatically evaluated for availability and the result is communicated back to the approvers. This creates full transparency for the approver of any cost implications for their decision. Once approved the process automatically moves the to the fulfilment stage, whereby the App Store interfaces with an enterprise software delivery system, such as Microsoft Configuration Manager, to deploy the app in a structured and consistent model.
With these fundamental systems in place, the enterprise App Store deliver the feel of consumer App Stores that end users are comfortable with - and the organisation will simultaneously ensure central accountability and control.
Posted by John Juris, Director, Product Management Flexera Software