One approach to dealing with this complex problem is to deploy corporate mobile apps in the cloud (browser/HTML5 based), and not worry about installing native versions of apps to the variety of devices. Proponents of this approach point to a number of advantages, including:
- If all apps are in the cloud, BYOD is easy, since no device needs to be managed and any device type can be supported.
- Putting everything in the cloud means not having to develop multiple apps (instead running everything in a browser), thus reducing cost and complexity.
- Data-loss prevention is much easier in the cloud than for on-board apps, as (in theory) no sensitive data resides on the device.
First, device management must be a function of policy management and control, and not simply device management implemented as an extension of asset management. Basics such as the ability to remotely wipe a lost device, sync a PIM, password/authentication setup, and data protection/encryption—which are often implemented via Exchange/ActiveSync—should be considered the minimum requirements. But policy enforcement also determines which users can access which apps, what data they can interact with, and which users can interact with specific corporate systems. Simply requiring everything to run in a browser on an authenticated user’s device does not guarantee such compliance. Further, a significant convenience factor is lost if users have to connect and download each piece of data and/or interaction they require for daily tasks. Next, the notion that all corporate apps can run purely in the cloud precludes the ability for localized processing and data storage. There are a large number of scenarios where cloud-based apps are not the right approach, where localized data access/processing prove more effective. The obvious one is when the user has no connectivity (e.g., in an airplane or in the basement of a tall building, out of range of towers). If purely cloud-based systems don’t work (at least part of the time) or perform poorly, the users will not be satisfied with the results, and may even find ways around the apps. Further, local apps can provide data sorting and analysis without incurring the costs of data transfer over a potentially costly network (3G/4G), and can prove quite a bit faster to access by the user seeking a quick lookup of some needed information. Finally, data-loss prevention isn’t only a function of where the data is stored: it’s also a function of what the user can do with the data once obtained. Without some mechanism to prevent it from happening, cloud-accessed data can easily be “cut and pasted” from a browser screen to an email or cloud-based personal storage. The best way to prevent data loss is to enforce specific policies and restrictions on the corporate data that work in conjunction with the app (whether cloud-based or native) and that prevent circumvention of corporate policies. We have only touched briefly upon these important issues. There is much more that can be said about these and related considerations (e.g., native device look and feel, optimized for device characteristics, utilization of on-board sensors, localized APIs). Certainly mobile apps in the cloud have an important place to play in enterprise apps and BYOD. But it would be naïve for a company to think that simply putting all its mobile apps in the cloud could solve the issues associated with BYOD. Companies must carefully assess a variety of requirements on an individual app basis before making a specific deployment-style recommendation. Jack Gold is the founder and principal analyst at J. Gold Associates, an information-technology analyst firm based in Northborough, MA. He is an internationally recognized expert in many aspects of business and consumer computing, including emergent technologies. Image: bannosuke/Shutterstock.com 
