MaaS360

Vetting Your Apps: The App Approval Workflow

By Dan Cheuvront posted Mon January 28, 2019 09:45 AM

  

Mobile applications have become a part of our everyday lives. We use them to get where we’re going, stay in constant communication with others and get the information we need to be productive. Apps are no longer a novelty for today’s workforce; they’re a necessity. And with that necessity comes risk. Just like any enterprise technology, it’s crucial to take security measures to prevent data loss, threats and breaches.

But in the context of the enterprise, where apps are used to drive business outcomes, increase efficiency and improve worker productivity, how do they impact enterprise security? What can IT and security leaders do to ensure that the apps being pushed out to hundreds or even thousands of corporate devices meet security standards?

Security should always be a top priority in the enterprise, especially in today’s malware landscape. Chief information officers (CIOs) and chief information security officers (CISOs) are already taking proactive approaches to stay safe from attackers and combat exposures. With the help of a unified endpoint management (UEM) solution, mobile app security only takes a few steps, and it’s easier than you think.

Do Your Due Diligence Before App Deployment

Security teams must implement processes to prepare applications for enterprise use. To guarantee that apps follow the proper security protocols, IT must ask the following questions:

  • Were the apps developed with security in mind?
    With the abundance of available apps on the market, IT leaders should ensure the apps they need have been developed with no security flaws that could pose a risk to their critical enterprise security and data.
  • Have the apps been properly vetted? What steps and tools have been implemented to ensure the apps IT pushes to end users are, in fact, safe? This examination process helps IT leaders confirm apps are secure and can be approved for deployment.
  • Are existing tools and technologies being used to scan for malicious code and irregularities? Out of all the available tools for IT teams, it’s best to find and use a solution that offers a built-in approach, rather than trying to make multiple tools communicate in a productive manner.

These questions are important to the enterprise at large because they will help guarantee the overall security of mobile applications before they’re distributed to end users.

REGISTER FOR THE FEB. 7 WEBINAR TO LEARN MORE

A New Framework for App Review and Approval

To get the most out of your apps while ensuring their predeployment security, your IT teams must follow the app approval workflow. It’s now easier to deploy enterprise apps so that every stakeholder — including security officers, IT administrators and development teams — has an opportunity to engage at the right stage of the process and weigh in to verify that the apps are secure and ready for deployment.

The approval workflow follows a logical sequence to make sure every precaution and test is completed to get the app approved for distribution. Third-party vendors have security and malware checks in place to review private enterprise apps. Working in conjunction with a UEM solution, it is now easier to upload, check and deploy enterprise apps to your fleet of devices.

Once the workflow is completed, IT and security leaders can rest assured that they’ve taken all the necessary steps to secure their apps before users even download them.

Follow These Steps for Total Enterprise Security

The app approval framework is now available to all IBM MaaS360 with Watson administrators to help them securely deploy their enterprise apps while using existing technology.

An example of the app approval workflow follows as such:

  1. App upload: The UEM admin uploads the enterprise app to the portal, but does not yet deploy it. Instead, the admin goes to the app approval menu.
  2. Vendor integration: UEM integration must be completed on the security vendor’s site before any approval workflow can begin.
  3. App review: The admin chooses a security vendor for the application approval and submits the app for review.
  4. Results: An email containing the results of the scan is sent to an app approver, such as a security officer who is a UEM admin, for review. The app approver provides a quality check of the results and shares them with internal stakeholders. If the app doesn’t pass enterprise security criteria, it must be patched or coded and resubmitted for review.
  5. App deployment: Once the app is fully approved, it can be deployed to the entire fleet of devices within the UEM portal.

App Approval Workflow Diagram

By having an all-encompassing solution that focuses on desktop, mobile and web apps, IT and security leaders can save time and resources and get their apps reviewed, approved and deployed in no time. This process can also prevent the headache of a potential security breach, which can be a costly endeavor to fix.

0 comments
16 views

Permalink