How to overcome mobility challenges in your digital transformation

Photo by eleven x on Unsplash

The road to becoming a mobile-first organization isn’t without its business, security and technology challenges. Companies that win at enterprise mobility overcome these challenges through the proper application of technology, policies and processes.

The following are some mobility challenges you may face and how to approach them:

Personal and corporate data on employee devices

Bring-your-own-device (BYOD) policies continue to be a challenge, even for organizations that have been at it for a few years.

Getting past BYOD pain points requires a cross-functional team with active participants from the business and IT sides of the house. If you currently offer or want to offer a BYOD stipend, implementing a split-billing solution helps ensure your organization stays on budget and your users get the stipends they deserve, according to VDC Research. Split-billing solutions data can also be set to flow into your mobile security solution to provide data points for common user activities.

The intermingling of personal and corporate data makes data governance a major BYOD pain point. You’ll need to enforce your company’s data ownership policies through user education and mobile content management policies set in your enterprise mobility management (EMM) solution.

Cybersecurity stakes rise

Getting past the cybersecurity pain point requires an arsenal of approaches. You’ll need multi-level security thinking with mobility-focused user security training, security policies and a holistic approach to EMM by integrating threat intelligence, identity access management (IAM), analytics and even endpoint security into the platform to create a holistic mobile security solution for your organization.

Next, step up your anti-malware strategy to keep your corporate devices free from unauthorized software and include the strategy as part of your user security training.

ROI to show business value

Though you should focus on the technology and security challenges of going mobile, you can’t lose sight of your return on investment (ROI) for the move.

Ensuring your mobile initiative boosts ROI requires mapping more of your mobility goals to new revenue or service delivery opportunities. Think more about field sales enablement and helping field employees better serve your customers. Though improving employee satisfaction and productivity is a traditional goal of a mobility initiative, maturing it means aligning with the bottom line of the business.

Work with stakeholders and your financial team to determine how your organization can capture the ROI of going mobile , then give managers the tools and processes to chart it for reporting purposes. According to Business 2 Community, capturing mobile app ROI includes the following steps:

  • Calculating improved user productivity (for example, improving response to customers)
  • Capturing what role, if any, the mobile apps play in the acquisition of customers (such as sales enablement and CRM tools)
  • Analyzing app usage against improving internal collaboration and communications

It comes down to capturing how going mobile improves the bottom line of your company.

Virtual assistants become a security concern

Virtual assistant apps coming to employee phones bring new security concerns. It’s time for your security team to analyze the potential vulnerabilities if virtual assistants are on BYOD devices or part of your mobility roadmap. Your security team should set the appropriate policies and rules to protect your data from potential breaches that could come from these technologies.

Mobile workforce and compliance

If Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) or another compliance program governs your business, expect new mobility challenges. It’s not impossible to have a compliant mobile workforce. You’ll need to work with your auditor and third-party security experts to ensure your EMM and endpoint security meet compliance standards.

Limited developer resources

Another challenge that should not be dismissed is mobile app development. For many, all the skilled and experienced developers are all working on billable projects. Overhead projects such as corporate mobile apps fall into the bottom of their priority lists. Though your enterprise app store will certainly provide approved mobile apps, use cases abound where organizations might have to develop custom apps in-house that will be made available through an enterprise app store. However, tight development resources make that a challenge.

Meeting the mobile app development challenge requires taking a simple approach to app development. Look into the benefits of mobile back-end-as-a-service and low-code tools so you can open mobile app development to more junior developers, knowledge workers or power users to extend your list of available developers for mobile app projects.

Though your organization will encounter some challenges, these hurdles will be manageable and your mobile transformation will certainly be worthwhile.

This post originally appeared on Mobile Business Insights on September 28, 2017. The site is no longer in publication.

My name is Will Kelly. I’m a technical writer and content strategist based in the Washington, DC area. I’ve written for corporations and technology publications about such topics as cloud computing, DevOps, and enterprise mobility. Follow me on Twitter: @willkelly

How to select the right hybrid integration platform for your mobile app strategy

Photo by NESA by Makers on Unsplash

Your mobile app strategy should play a part in selecting the right integration platform to support your digital transformation. It’s about aligning your platform requirements — and in turn digital transformation — with your current and future mobile workforce. Here’s how to evaluate your current and forthcoming needs and the steps to take for a more seamless platform integration.

Evaluating a platform

According to TechTarget, you should keep elasticity at the top of your integration requirements. This allows you to shrink or expand your development platform to fit your organization’s requirements. Whether it’s starting small and building out as part of a digital transformation or accommodating seasonal surges, elasticity means paying only for the capacity you use.

Evaluating an integration platform to support your mobile app strategy needs to be a team activity — you don’t want the IT department to handle it alone. Here are some examples of how to bring in teams to support an evaluation:

  • Business users such as analysts and other knowledge workers can evaluate no-code or low-code solutions in the platform. Better yet, get them live on an evaluation to put together some mobile apps that link back to their team’s data.
  • Developers can evaluate the API and other development tools available as part of the platform.
  • Cybersecurity experts from your security team can evaluate the security features of the platform.
  • System administrators can evaluate the monitoring and management tools of the platform.

Mobility at its core is fluid, so supporting a mobile app strategy means having an agile platform. If your organization is moving from more traditional platforms, having elasticity and a holistic evaluation from a cross-functional team is necessary to give you the best feedback.

Introducing integration platforms into back-end processes

Going mobile-first or introducing bring your own device (BYOD) into your enterprise represents a fundamental shift in how your business users and knowledge workers perform their daily jobs. Part of that shift is migrating some or all of your legacy applications to the cloud in a secure manner so that your back-end processes won’t skip a beat.

Some of these back-end processes might be well-documented with employee training backing them up. However, you might also find back-end processes that are part of a department’s oral history where the steps are passed down from employee to employee. Then again, you might uncover back-end processes that employees keep to themselves for reasons of job security or because their managers and coworkers never bothered asking about them.

Once you get a grasp as to what back-end processes you are enabling for mobile, choose a small departmental-level process — especially one that gets you an enthused participant in your integration. The last part is important because you want to foster a champion for your integration as part of a next-generation business process.

Work with the department stakeholders to redesign their back-end process for mobile. For example, if you select a form-driven process, your redesign will need to capture the steps of the process and how to redesign it for cloud and mobile.

While you redesign your first legacy app, you should also examine the back-end technologies that power it. The integration platform will offer new front-end development tools and user experience (UX) that will enable your developers to build next-generation mobile apps that tie into your back-end data.

Fitting an integration platform into your mobile strategy

The best way to fit in a new platform is when you are first authoring your organization’s mobile strategy. However, because you often don’t or won’t have that luxury, you’ll instead be updating your strategy.

Integration can be key to your time to market and ability to innovate, according to SIIA. Time to market isn’t just for external mobile apps anymore. Those same principles still apply to releasing internal apps to your own business users. When you are introducing an integration platform to mobilize one of your back-end processes, you have a powerful tool to wrangle business users’ attention — if you can rapidly iterate on mobile apps to meet their requirements, integrate feedback from internal pilot projects and bring along your internal users.

Mobile app strategy and platform synergy

Your mobile strategy isn’t meant to be an extension of your new or existing online strategy. That translates into building mobile apps with your platform of choice to provide a more intimate experience for users than just another website, according to Business 2 Community.

Today’s integration solutions — in particular, rapid mobile app development (RMAD) and low- or no-code solutions — enable developers and sometimes even empower users to create mobile apps with low-code tools. This means it’s even more important for your strategy to map out guidelines for mobile app development so these new citizen developers make full use of the platform.

Selecting the integration platform that fits best with your mobile strategy means a selection process and perhaps pilots and proofs of concepts. It ends with updating your mobile strategy to ensure your new platform is best positioned to serve your enterprise.

This post originally appeared on Mobile Business Insights on June 5, 2018. The site is no longer in publication.

My name is Will Kelly. I’m a technical writer and content strategist based in the Washington, DC area. I’ve written for corporations and technology publications about such topics as cloud computing, DevOps, and enterprise mobility. Follow me on Twitter: @willkelly

How to ensure mobile app security through teamwork, processes and training

Photo by Benjamin Dada on Unsplash

Improving mobile app security is key to keeping your company’s data secure inside and outside the office. Making such improvements requires the work of multiple teams including app developers, IT security and business users.

Here are some tips to improve and optimize your mobile app security:

Send your developers to app security training

Lifewire notes one fundamental investment you should make to improve your organization’s app security is sending your developers to security training that covers secure app development practices. Your development team can then create security strategies and processes as part of your app development lifecycle.

If you rely on citizen developers with low-code tools to develop your mobile apps, you’ll need to deliver security training to them as well. Work with your IT security team to set up mentoring and training around app security. You should also check with your low-code tools vendor to review its security documentation and see whether it offers any security training.

Bake security into your development process

Today, mobile app security starts on the first day of development. Back in the day, QA testers and the security team didn’t worry about testing app security until the final stretch before release. New realities of agile development, DevOps and employees’ desire to have a more consumer-friendly app store experience have changed the way teams develop, test and deploy mobile apps.

According to CSO, it also requires the right skills and tools to develop and secure a mobile minimum viable app, which has the potential to lower the attack surface against your corporate-developed apps.

The following are other ways to bake in mobile app security from the very beginning of a project:

  • Make app security considerations nonfunctional requirements
  • Conduct a threat modeling analysis
  • Write user stories full of enterprise and OS specifics

Use mobile application management and an enterprise app store

Mobile application management (MAM) needs to be in place to secure all the mobile apps across your corporate devices. MAM should also serve corporate-approved apps for bring-your-own-device (BYOD) initiatives.

There should be a curated enterprise app store at the end of your DevOps toolchain to serve up the latest versions of your corporate mobile apps. Today, MAM solutions and enterprise app stores will let you set priority-based rules for app updates across your user community so you can respond to routine updates and, more importantly, critical patches. You also want to set policies to let you erase selected apps from a corporate mobile device.

Protect app data in transit and at rest

There’s a risk whenever your mobile app exposes data in transit across the internet, your network or at rest. Typically, enterprises secure data in transit using encrypted connections such as HTTPS, SSL or FTPS for protection. Data at rest resides in encrypted storage on the mobile device. You should set data encryption on devices through your enterprise mobility management solution.

Lock down your mobile endpoints

Implementing cloud-based mobile endpoint security may not be considered a mobile app security measure, but it does detect malicious behavior in applications. The behavior might come from man-in-the-middle attacks, side-loaded applications or other risky behaviors.

Use SSO for app authentication

Chances are, your corporate mobile apps open up access to all sorts of confidential and proprietary information. As such, you need a single sign-on (SSO) authentication solution to secure employee access to your apps.

Harden your mobile operating systems

Your security team should be conducting periodic reviews of your mobile operating systems as part of your mobile security strategy. The review should include the vendor’s operating system, application programming interface and security documentation.

Medium to large businesses, government agencies and higher-education institutions should consider creating their own checklists for hardening mobile operating systems.

PC Authority reports hardening Android security includes the following tasks:

  • Restricting the side-loading of apps
  • Using encryption
  • Setting granular app permissions
  • Using a virtual private network
  • Installing security software

Your security and app development teams should review any documentation your mobile device vendor has that covers best practices for hardening operating systems.

Developing true app security at your enterprise is possible, but it takes collaboration with many groups across the organization.

This post originally appeared on Mobile Business Insights on October 3, 2017. The site is no longer in publication.

My name is Will Kelly. I’m a technical writer and content strategist based in the Washington, DC area. I’ve written for corporations and technology publications about such topics as cloud computing, DevOps, and enterprise mobility. Follow me on Twitter: @willkelly

7 ways the CIO and citizen developer can become BFFs

Image by Cole Hutson via Unsplash

It’s no secret that IT staffs are overstretched today leaving gaps in services for internal customers. This fact of life has given rise to the citizen developer. Gartner and other industry watchers define a citizen developer as a business user who creates business applications for others using low-code development platforms. They may or may not have IT’s blessing for the apps.

A citizen developer has a lot to offer a budget-strapped CIO, but citizen developers going wild can raise internal threats to enterprise security and data governance. Here are some ways both can work together to both benefit the business:

1. Bring shadow IT out of the shadows

To me, there’s a direct correlation between citizen developers and shadow IT in some enterprises. The story usually starts out with a business unit feeling they are underserved by IT, a mid-level manger or employee produces a credit card, they find their own technology solution, and then file an expense report The CIO and IT department may not even know the solution is live until there’s an issue. When CIOs and citizen developers acknowledge each other’s existence, they can become allies for using technology to solve business problems that may not command attention and resources from the IT department.

2. Incentivize citizen developers for good

A CIO has the executive pull to incentivize citizen developers for good. Incentives could take the form of the company picking up the expenses for licensing or subscription for low-code development platforms freeing the citizen developer from having to file an expense report. The CIO could also work with department managers to have the extra work that a citizen developer does by creating apps to rank positively on performance reviews and qualify them for bonuses.

3. Create a user community

While it’s not up to the CIO to manage citizen developers, both CIO and citizen developer would benefit from creating an internal user community around citizen-developed apps. It doesn’t have to be anything formal mind you but a friendly in-person or online chat where citizen developers, users, and the CIO can trade ideas and give constructive feedback to each other about:

· App development

· User Interface (UI)

· User Experience (UX)

4. Work together to change culture and mindsets

Back when I wrote about low-code development for the first time, I saw the promise of the technology to resolve department and team-level business and technology pain points that were big to the business but not enough to get IT department resources.

Then I saw it as a potential threat to some developer egos, governance, and security, if citizen developers were left to run wild in some corporate cultures.

It’s up to the CIO and the citizen developers to work together to help change culture and mindsets around business units developing their own apps. This change is only going to happen if the CIO and citizen developers work together to build a culture where citizen-developed apps solve business issues and fill gaps that IT can’t serve due to budget and staffing issues. IT and the citizen developers should both know their lanes and at which points to collaborate with one another.

5. Plan for app management together

Some proponents of low-code development platforms point to their ease of management. On paper, that’s true, but the reality of the citizen developer is that they also have a day job. They could be an accountant, administrative staff, or a knowledge worker who created their business app to meet a need they encountered that IT couldn’t fulfill.

A CIO can also be a mentor when it comes to app management. Even though a citizen-developed app comes from outside of the IT department, users still deserve the app to be maintained, so it becomes a necessity to put together a simple management plan that includes:

· Release plan for new app features

· Polish the app onboarding process

· Backup for the citizen developer if they leave the company

6. Make security and data governance a team sport

Citizen developers and the CIO need to find a middle ground about app security and data governance. An enterprise app store is a great first step for citizen developer security.

The presence of the CIO in the user community can get citizen developers access to security and governance mentoring and expertise. The CIO and citizen developers can also collaborate on a response plan to security issues in citizen-developed apps.

7. Capture App knowledge collaboratively

Workers get promoted. People leave the company. Reorganizations reshape departments. The CIO and citizen developer can help each other by collaborating on capturing knowledge around citizen-developed apps that are in use around the enterprise. The CIO can open up resources like the service desk knowledge base for publishing help information about citizen-developed apps.

CIO + Citizen developer as BFFs

A low-code app future can help CIOs and business users alike. CIOs can use their development resources on more strategic (and dare I say billable) projects. Citizen developers can have a greater influence over apps their department uses to solve business problems. In the end, both parties need each other to be successful in the eyes of the end users.

Hi! My name is Will Kelly. I’m a technical writer and analyst based in the Washington, DC area. I’ve worked with clients like NetApp, Dell, and Neustar to develop technical, training, and thought leadership content. My articles have been published by TechBeacon, Projects@Work, CNET TechRepublic, Network World,,, and others. Follow me on Twitter:@willkelly.