Application Deployment to Enterprise Mobile Devices
After an enterprise mobile device is provisioned with the appropriate security policies and configurations, you need to deploy the appropriate applications to the device. In some cases, you are doing so in order to ensure that the device is fully secured. For example, you might want to deploy an anti-malware application. In other cases, it is more about ease of deployment — there might be several enterprise applications that users require.
It is not a good security practice to leverage consumer application stores to deliver applications to your users’ mobile devices, so you need to opt for one of the following delivery options.
Over-the-air application provisioning
Over-the-air application provisioning is exactly as it sounds: Many mobile device management (MDM) platforms offer the ability to deliver applications over the air. With this method, you select the applications to provision and the devices to which those applications should be provisioned and deliver them wirelessly to those devices.
MDM solutions provide an easy and packaged method for provisioning applications, but there are easier, less expensive options. One method is web-based provisioning, where your organization hosts the appropriate applications on a web server. The employee clicks the appropriate URL to retrieve the installation package from the web server. The URL can also be provided to employees via SMS or e-mail.
Applications catalog provisioning
Some solutions on the market offer you the ability to create a catalog of corporate-approved or -created applications from which an employee can choose. These applications can be delivered to the device in one of several ways, including direct download from an application store, over the air delivery, or direct installation of the application to the device through an SD Card or USB connection to a PC.
In some cases, this online application catalog is nothing more than a pointer to the URL for applications that are hosted on the application store of the relevant app store vendor. The advantage of taking this approach is that it cuts down on guesswork and virtually ensures that the employee selects the appropriate application, and not a malicious app masquerading as a legitimate application.
This approach also makes it easier for employees to get everything that they need to be productive on a mobile device; they can find all of their recommended applications in one location.
Some operating system vendors also allow for the creation of enterprise application stores, which are entirely separate from the consumer version of their application stores. For example, in 2010, Apple made it possible for enterprises to create their own application stores for iOS devices through the iOS Enterprise Program (part of Apple’s iOS Developer Program).
With these enterprise application stores, not only is application distribution limited to only selected applications, but you can also create and distribute your own applications outside of the stringent restrictions sometimes put on applications before they can be posted to consumer application stores. Enterprise application stores also allow you to keep your applications from others, limiting distribution to employees only.