It’s clear that enabling mobility and empowering road warriors is a critical strategic initiative in today’s enterprise environment, and having the right apps deployed is a big part of it. What’s less clear is whether the best strategy for enterprises is custom app development or purchasing apps “off the shelf” from an app store.
For those businesses who want more creative license over the apps they provide to their users or require access to proprietary data to present in the app, custom development makes sense. And there are a couple of ways they can go about it.
Organizations can enlist the help of a development platform that will do all the complicated coding for them while giving them the ability to customize the user experience and content. Or they can task their IT teams with developing custom apps from scratch, though this approach is typically only viable within organizations that have hired app development staff and are large enough to develop a large number of apps each year.
Customize to stay ahead of competition
More enterprises are making the decision to build custom mobile apps. According to Gartner’s annual study of mobile app development platforms, 73 percent of organizations were engaged in mobile app development in 2016, up from 60 percent in 2015. The study also found that the average number of mobile apps being developed in-house per company is eight.
Many enterprises think if they don’t build their own apps, and instead pluck something from an app store, they won’t be able to take advantage of their own inherent intellectual property or competitive gains.
Close to 90% of those companies saying they were doing some kind of mobile app development, were doing custom mobile apps in order to create some type of differentiating solutions.Jason Wong, a research director at Gartner
Mobile app development platforms
Gaining ground in the enterprise world are mobile app development platforms (or MADPs), which reduce the need for intensive manual coding. These MADPs, or low-code tools, are a good option for SMBs because they don’t require high-level programming expertise or technical resources.
Another benefit of using these low-code tools is that all departments can use them and, thus, there is a certain commonality that is inherent across the codebase which reduces overall maintenance costs or support requirements. A common example is Human Resources departments building apps to for things like tracking employee vacation time and the onboarding of new joiners. Another is Finance for tracking employee expenses.
But making app development available across the business can introduce security risks and management issues for IT.
The trouble with custom app development
A reason why custom app development might be failing is because IT teams are starting to recognize that the applications being built by various departments may not be particularly secure or manageable or even controllable.
We often assume that our large customers have beautiful enterprise app strategies in place, but that’s not often the case. Instead, IT teams are coming to us and saying, “we’ve built a bunch of apps and now this isn’t sustainable because other parts of the business are building apps without consulting us”.Ian Broom, CEO, Fliplet.
There is a management issue with the introduction of app building platforms. IT departments are not taking responsibility for the apps that other parts of the business are developing on their own.
From the CTO to ops, to HR, everyone has an app that does something for someone in the organization but there is no strategy behind this. How you go about putting that ecosystem together with all the integrations, security ongoing management and version control behind it?
With threats being application-based, it means security becomes the responsibility of everybody, but it also means there are now new opportunities emerging for hackers looking to target an enterprise.
XCodeGhost is an example of how insecure app development can have widespread implications. XCodeGhost was essentially an app development platform that was compromised and everyone who used it got the same bugs introduced into their individual apps. It took a single problem and replicated it across every developer’s environment.
Developing apps from scratch – a drain on resources
Even large enterprises with healthy budgets and resources indicate that while there is value in developing mobile apps from scratch, IT resources would often be better diverted to other organizational challenges.
It’s important to also take into account the time and resource it takes to manage support for app updates and maintaining an app store.
If you’re building an application that talks to an SAP or Oracle application for example, and IT doesn’t know, it’s not only a security issue but it might break some licensing issues too. So there are plenty of different reasons why the enterprise needs to recognize that there are some pitfalls.John Britton, Visionary Security Evangelist, Amazon Web Services.
So unless you have the resources and expertise, custom app development can be risky, tedious and it can eat up a lot of time in the production and management of the apps throughout their lifecycle.
A recipe for successful and secure custom app development
Are you considering custom app development? Whether you choose an app development platform or build it from scratch here are some things that should be considered in the planning process to make sure it’s a successful project and ensure your apps are safe from threats.
- Concept – at its core, what will the app do and what problems will it solve?
- Audience – decide who will be using it and find out what is important to them
- Inspiration – look at similar apps and borrow things that work and learn from things that don’t work
- Technical feasibility – discuss with your development team the feasibility of your app’s planned functionality
- Integrations – plan which systems it needs to connect with in order to deliver value (e.g., customer database, Salesforce.com, web portal, SharePoint, etc.)
- Access – does it need to connect to Active Directory or a Single Sign-On (SSO) provider to authenticate users?
- Data sensitivity – does it require the use of a VPN? Should it use certificate pinning to deliver a secure transport layer? What are your requirements for a secure development lifecycle?
- Usability expectations – will the app mirror a mobile website or will it be independent of other online information repositories?
- Compliance – what PII is contained? Is it GDPR relevant? Do you have any regulatory concerns with releasing the app?
- Revoking the app – what happens when an employee leaves the company and the app is still installed on their device? Does he still have access to proprietary information? Do you have the ability to restrict access or remove/wipe the app?
- Version control – decide how often to update the app and what team will be responsible for maintaining versions
- Platform support – what platforms does it need to be developed on?
Do you have a successful custom app development story?