Technology Trends/Enterprise Application Stores


Status Published
Initial release October 30, 2019
Latest version February 3, 2020
Official publication Enterprise Application Stores.pdf
Traffic cone.png This page is a work in progress. We welcome your feedback. Please use the discussion page for suggestions and comments. When the page is approved and finalized, we will send it for translation.

An Enterprise Application Store (App Store) refers to an online purchasing store where customers can purchase and download various software applications.[1] App stores are cloud-based where users access, purchase, and download applications (apps) via free client software or through a Web browser. App Stores are usually intended for apps on mobile devices but applies to desktop devices as well.[2]

Hide Detailed View


Business Brief

The term App Store originated with the company Apple, which was applied to their mobile application store called the Apple App Store and to Apple iTunes App Store. In 2011, Apple filed an injunction against Amazon for using the term App Store, claiming that when Amazon referring to its online store of apps for Android devices as an App Store, it infringed on Apple's “branded term” App Store. The court result found that the term App Store was more descriptive than being intimately associated with Apple's ‘branded’ term App Store. This rendered the term “App Store” a generic name/descriptor for any online store that sells and markets apps to users.[3][4] The legal dispute between Apple and Amazon ended in 2013.[5]

An Enterprise Application Store (EAS) is an organization’s web-portal or mobile application through which end-users can access, download, and install corporate-approved software applications to work-related devices.

The difference between an EAS and a public App Store is that an enterprise can set up its own corporate or enterprise App Store within their organization. This EAS is internally facing towards its employees, or externally facing towards its customers to provision approved apps for use. An EAS functions similarly to other public App Stores such as Apple's App Store and the Google Play Store.[6]

The objective of an EAS is for the organization to exert control and management of end-user application use on work devices without sacrificing consumer-style interfaces.[7]

The terms App Store and EAS are often confused with an Application Programming Interface Store, known as an API Store.

An API Store is an online portal that provides access to a catalog of Application Programming Interfaces (APIs). It enables software developers (as API consumers) to find APIs and develop applications that use them in a manner that is controlled, standardized, monitored and secured.[8]

Technology Brief

Developing an EAS can be a difficult challenge for the developer and that’s why some companies offer EAS as a service. The vendor is taking care of deploying the software in the cloud and maintaining it. On the other hand, an EAS could also be deployed on-premise where the client has to install, configure and maintain the software in his own environment.

A standard App Store is comprised of several components. On the server side a database that holds the applications repository is required. Each application in the database is represented by a link to an application package, or an HTML application. The database is also populated with metadata about the applications.

Another component is a developer portal or website. This is where application developers can sign up, log in, and receive support for the applications they have submitted. The portal can be a stand-alone website, or built into the application store directly. A marketplace component or customer website is also needed. This is the outward facing component that pulls the list of applications from the database. This component requires filtering, sorting, and the ability for customers to search for applications.

There is also a need for a management dashboard. This is where an administrator can moderate and review applications that have been submitted. It’s an area where controls and permissions can be established. There may be some additional components required if the users will have to pay to access certain applications.[9]

Industry Usage

The global mobile app market was $108.44 billion in 2017 and is expected to reach $311.25 billion by 2023, registering a CAGR (compound annual growth rate) of 19.2% from 2017 to 2023.[10] The Apple App Store segment held the largest market share in 2017, contributing nearly half of the total market, as Apple users tend to purchase several applications. This segment will maintain its dominance by 2023. However, the Google Play Store market segment is expected to manifest the fastest CAGR of 23.0% during the period of 2017-2023, as Android has been gaining a large global consumer base.[11]

The major companies in the mobile app market include IBM Corporation, Apple, Inc., BlackBerry Ltd., LeewayHertz, Burgan National Information Systems Co., Google, Inc., Microsoft Corporation, Fueled, Adept Business Solutions, and Verbat Technologies.[12] However, an organization can build its own App Store in-house.

In 2010, IBM designed an EAS for internal use called Whirlwind. IBM decided to develop this App Store because of the increase in the use of mobile technology for business. IBM found that around 50% of their workforce at the time (2009) did not even work within an IBM facility. Employees working remotely faced challenges, as they had to use a desktop logged into IBM’s servers in order to perform tasks such as arranging flights, and coordinating meetings. Whirlwind allowed IBM employees to download company-approved applications.[13]

IBM populated Whirlwind with several applications they thought would improve efficiency in these areas such as Bluepages (which later evolved into Faces) is an internal employee directory app. Since the company is multinational and had over 400,000 members of staff at the time, this allowed employees to find other employees with particular expertise when the need arises.

Whirlwind also engages with the employees, as applications can be rated and commented on. This gives them real feedback and the ability to diversify their application offerings to fit the various needs of their employees[14]. Several other large organizations have released private application stores within their organizations for internal use. These include QUALCOMM, General Electric, and Apple.[15]

Canadian Government Use

Currently in the Government of Canada (GC), as part of the Open Data initiative, has a Mobile Centre on the Canada.ca website. The Mobile Centre publishes mobile and web-based apps and pages created within the GC, the public, and Canadian Open Data Experience (CODE) winners and participants to access GC information and services.[16] This includes more third-party mobile applications created using Government of Canada data.[17] Applications submitted by the public have incorporated data licensed by the Government of Canada under the Open Government Licence.[18]

In 2015, the Department of Foreign Affairs, Trade & Development (now Global Affairs Canada) instituted an internal EAS in response to some of the following issues. They noted, within their organization, that users were unaware of software available to them; users did not know the cost of the software; application requests could take over a month to fulfill; IT could not measure application usage or license availability and as a result, licences were often lost or untracked. A private App Store could improve the end-user experiences and automate the application request process. The App Store automatically routes software application requests to the appropriate manager.[19] This reduces the time of trying to find the right manager to sign off on requests. In doing so, a record of why the user is requesting the application, and the licensing cost to the department is sent to the approving manager, allowing for faster and better decision making. The store also allowed the department to track their software asset inventory. When it came to inventory licenses under their old method, the process could take around 3-6 months, for example incurring a cost to the department of around $60,000 per year to track 11 applications. The software used by the application store allowed managers to enumerate the 11 most-used applications. Adding a new application only takes 15 minutes. Overall, 4000 software titles had been reclaimed, saving $1.24 million in licencing costs within one year.[20]

In 2013, the Department of National Defence (DND) developed, as part of the Canadian Armed Forces (CAF) Mobile Architecture, the CAF Mobile App Store. The CAF Mobile App Store is a demonstration project in mobile learning and performance support that could be used to enrich and accelerate CAF Learning.[21] The CAF App Store allows Training Establishments and Schools to host and distribute applications to members of the CAF ONGARDE community social media platform without using an external service provider. Additionally, the CAF App Store can link to the commercial market place and provide access to recommended applications that have already been developed. For the CAF; the App Store provides a secure, scalable, and integrated platform to comply with Government of Canada (GC) security policies while being flexible enough to allow members to purchase recommended apps from 3rd party sites.[22]

Implications for Government Agencies

Shared Services Canada (SSC)

Value Proposition

Launching an EAS within GC departments or across departments under the umbrella of the GC could be a very beneficial endeavour. It will allow the GC to save on costs of providing employees with approved apps. They would now be able to use their personal devices at the workplace. This also improves security as security updates can be pushed to devices patching the application systems of corporate approved applications.

Employees do not need to acquire management approval to use a specific application since all applications in the EAS are already approved. The organization also controls who and how applications can be accessed in the store.

An internal EAS could allow SSC to monitor which applications are being used by employees. In addition, because users would have an account through the store, permissions can further be restricted based on security clearance and other factors. Employees could also provide feedback on the applications offered by the store. The EAS therefore becomes a central access point for all applications and feedback. Having an EAS can provide several benefits to an organization. It becomes much easier for employees to find the right applications to suit their specific work needs.

An EAS also affords the ability to push security updates to individual or packages of apps when necessary. They are also in a better position to manage licensing agreements/subscriptions as well as security controls all in one place.[23] This reduces cost since the corporation can gauge exactly how many of its employees are using these applications and how they are using them. By deploying corporate software through an App Store, an IT department can manage desktop, mobile, cloud and Web app software licenses (EULAs) and maintain a level of control over security.[24]

When publishing an application to a public App Store like Apple’s App Store or Google’s Play Store, it can be difficult to obtain approval for proprietary enterprise applications. This is due to the fact that the applications published on these stores need to follow the terms and policies of the store [7]. For example, in the case of Apple, any IOS application published on the App store undergoes an extensive review process beforehand. First, the process involves Apple Beta testing where Apple developers download the application through iTunes Connect or an ad hoc provisioning profile. This process can take several weeks or even months. Once this is done, the application undergoes Apple App Review, which takes another week.[25]

With the advancement of bring-your-own-device (BYOD), applications downloaded by employees on their personal devices using corporate networks presents threats to IT security as well as disrupts application and procurement strategies. Developing an EAS can help resolve some of these issues or at least mitigate their risk.

Challenges

The biggest challenge regarding enterprise application stores is data security. While on some level it is a solution to data corruption from outside third-party sources, enabling employees to download enterprise applications through their personal devices provides a point of entry for hackers.

There is also no guarantee that employees will not be using unapproved applications to accomplish certain tasks. As the size of the store and number of users using it increases, questions will arise based on management and control. Another concern is where the store will be hosted. Many organizations do not have the resources to host the application store on-premises. Hosting the store through a cloud provider is an option but this increases the cost of the store. This also may involve subscribing to a mobile management suite such as those offered by Microsoft and Amazon. In these scenarios, the application store comes bundled in a suite of other mobile application management tools.

There is also the challenge, from the point of view of the App Store administrators, of keeping up to date with the latest software patches.[26] Since they control what patches and updates will be delivered to end users, they need to discover and, in a timely manner, make these updates available.

Update rollouts may be additionally delayed by the need to “scan” the patches for any security flaws to make sure they are legitimate and necessary. For example, on GCSX/Software Center the open source program called Gimp (as of writing on August 23rd, 2019) is several versions behind the official release (2.8.22 vs 2.10.12)[27]. While updates are delayed, this can also pose another security threat if flaws are found in previous iterations and patches that deal with those flaws aren’t deployed fast enough. While patches are waiting to be pushed to end users, nefarious actors will have more time to act on security flaws.

Considerations

The ease of access to music, applications, movies and more through a highly intuitive interface has changed entire distribution channels. Since every employee is also a consumer and often purchase apps privately, that efficient and ease-of-use expectation is inherited into the workplace.

When the enterprise is unable to deliver appropriate apps for use in the business, frustration increases, productivity declines, employees use non-work devices, and costs rise. IT approved apps in an EAS can be searched, accessed and provisioned in just a few minutes, as compared to hours with traditional service desk options.

A good App Store will:[28]

  • Seamlessly support a range of operating systems (OS) and OS versions;
  • Provide management capabilities for mobile, cloud AND desktop applications and platforms;
  • Reduce or eliminate privacy concerns since no personal portions of the device are affected;
  • Empower user productivity and reduce costs through a consumer-style interface that reduces or eliminates support tickets; and
  • Provide a forum to rate and give feedback on the apps being used which allows the most useful apps to organically make their way to the top of the usage list.

If SSC were to launch an internal and or external EAS there are a few strategic steps that can be taken into consideration to improve its impact:[29]

  • An organization can limit the suite of apps offered through the EAS. In doing so, available applications should be kept to those crucial to the functioning of its staff doing their jobs;
  • Approval workflows for application download/use should be well-structured according to specific policies. User conditions may include licence availability, security clearance, or organizational unit;
  • The portal should be self-service to ensure it is a consumer experience;
  • When applications which have been developed internally are made available through the store, tying this availability with application readiness will grant users immediate delivery of applications to their requested devices;
  • Storing user data, such as licences, can accelerate the process for the user and backend processes like licence reservation;
  • Licence reclamation can be an extremely beneficial process since it optimizes applications usage and spend; and
  • Connecting enterprise systems with application store features can generate a higher level of efficiency and automation.

Considering that the GC is moving towards working with open source tools and Open Data, SSC’s internal EAS, which is based on GCSX and Microsoft Software Center, could unintentionally become a challenge towards quickly adopting open source software. An obscure approval process and a not so obvious option to request software not available on GCSX/Software Center, may discourage users from proactively seeking open source software to work with.

Lastly, the EAS should be a unified platform that lets users easily see and know exactly what is available. Currently at SSC, there are two steps to the enterprise store; first users must go on GCSX to request software from a drop down list, and then that software becomes available for download on a user’s device from their device’s Software Centre. This two-step system might confuse workers and delay their acquisition of new software.

Additionally, the technical aspects to build the EAS, there are also several strategic steps an organization can take to ensure their application store is successful. When deciding which application to feature in the store it is crucial to consider the audience – including all stakeholders involved with the store.

Different stakeholders will have different priorities. Forrester recommends building a deep understanding of the employees in terms of who they are and what they need to use the technology for. It is also important to build a store that serves the entire spectrum of computing devices. This ensures the best ease-of-use experience by the consumer.

It is also important to define who can access the store and how subscription management will work. User roles should be segmented within the store. This is done with a strong access management strategy, where permissions are assigned according to employee roles. An organization must also ensure a complete catalogue of applications to suit their employee’s needs. This also includes regular uploading of new applications.[30] An application store requires constant monitoring making sure applications are available as well as secure. If the employees do not feel the store is secure, internal adoption can be slow.


References


  1. Technopedia. (n.d.).App Store. Retrieved from Technopedia
  2. Technopedia. (n.d.).App Store. Retrieved from Technopedia
  3. Heisler, Y. (2013, July 9).Apple and Amazon end lawsuit over the term "App Store". Retrieved from NetworkWorld
  4. Technopedia. (n.d.).App Store. Retrieved from Technopedia
  5. Heisler, Y. (2013, July 9).Apple and Amazon end lawsuit over the term "App Store". Retrieved from NetworkWorld
  6. Rouse, M., & Steele, C. (2012, June).enterprise app store (enterprise application store). Retrieved from TechTarget Network.
  7. Partnerpedia. (2013, May 28).Mobile application management: The enterprise app store vs. MDM. Retrieved from EnterpriseCIO.
  8. Innovation, Sciences and Economic Development (ISED). (2018, June 5).API Store. Retrieved from GCPedia.
  9. OpenChannel. (n.d.).How To Build Your Own App Store. Retrieved from OpenChannel.
  10. Allied Market Research. (2019, February 7).Mobile Application Market to Garner $311.25 Billion, Globally, By 2023 at 19.2% CAGR, Says Allied Market Research. Retrieved from PR NewsWire.
  11. Allied Market Research. (2019, February 7).Mobile Application Market to Garner $311.25 Billion, Globally, By 2023 at 19.2% CAGR, Says Allied Market Research. Retrieved from PR NewsWire.
  12. Allied Market Research. (2019, February 7).Mobile Application Market to Garner $311.25 Billion, Globally, By 2023 at 19.2% CAGR, Says Allied Market Research. Retrieved from PR NewsWire.
  13. Moyer, K., Malinverno, P., & Knox, M. (2014, June 6).Reference Model for Open Banking APIs, Apps and App Stores. Retrieved from Gartner.com.
  14. Snow, A., & Wong, N. (n.d.).IBM's App Store: A WhirlWind of Challenges.
  15. Stead, G. (n.d.).Enterprise App Stores explained – everything you need to know! Retrieved from WorkLearnMobile
  16. Canada. (2019, July 9).Mobile centre. Retrieved from Canada.
  17. Canada. (2019, August 13).Apps Gallery. Retrieved from Government of Canada.
  18. Canada. (2019, August 13).Apps Gallery. Retrieved from Government of Canada.
  19. Sheldon, R. (2011, November 7).App stores in the enterprise: Controlling consumerization … to a point. Retrieved from TechTarget Network.
  20. Flexera. (2015, July 22).Success Story: An Enterprise App Store Transforms the Business of Government. Retrieved from Flexera.
  21. GCPedia. (2015, May 4).CAF Mobile App Store. Retrieved from GCPedia.
  22. GCPedia. (2015, May 4).CAF Mobile App Store. Retrieved from GCPedia.
  23. Malapit, A. (2015, December 21).What is an Enterprise App Store? Retrieved from HandShake.
  24. Rouse, M., & Steele, C. (2012, June).enterprise app store (enterprise application store). Retrieved from TechTarget Network.
  25. Provazza, A. (2015, May 8).Enterprise app stores give IT control over access, monitoring. Retrieved from TechTarget Network.
  26. Singh, R. P. (2014, April 6).Top 20 Guides for Setting Up an Internal App Store. Retrieved from eLearning Industry.
  27. GIMP. (2019, June 12).Downloads. Retrieved from GIMP.
  28. Partnerpedia. (2013, May 28).Mobile application management: The enterprise app store vs. MDM. Retrieved from EnterpriseCIO.
  29. Flexera. (2013, February 13).Secrets to a Successful Enterprise App Store. Retrieved from Flexera.
  30. Manciocchi, J. (2013, September 22).eBook: 10 Steps for Building a Successful Enterprise App Store. Retrieved from Slideshare.