Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

It’s All About the Apps

image of Citrix logo

9-Jun-2014 - Contributed by Chandra Sekar and Kevin Strohmeyer, Citrix


For a generation or more, IT has thought about end-user computing in terms of a Microsoft Windows desktop. Ask people what really matters to them now, and you’ll hear them talk about the applications they rely on to get their work done. As the types of apps in the enterprise continue to diversify — Windows, web, mobile, and SaaS —along with the devices people use for work, the desktop no longer singularly defines user experience. For IT the challenge now is to deliver the apps people need, where they need them, while maintaining security and control — regardless of app type, device, or location.

The latest Citrix research paints a clear picture of the changing enterprise landscape. Our survey last year of 733 customers across the globe found:
•    64 percent of the apps in their enterprises today are Windows-based;
•    20 percent are web or HTML5;
•    10 percent as SaaS;
•     6 percent are currently mobile.

When asked to anticipate what they’ll be doing just a year from now, customers describe a changing mix:
•    The share of Windows apps is predicted to be at 54 percent;
•    Web/HMTL5 apps rise to 23 percent
•    SaaS apps rise to 14 percent
•    Mobile rises to 9 percent.

Windows will continue to be the dominant platform—but to focus too narrowly on the traditional desktop paradigm risks overlooking a fundamental change in the way people are using apps.

For digital natives, a desktop is one kind of workspace; increasingly, the new way of working is characterized by a mobile workspace that securely delivers apps, desktops, files and services to the user on any device from which they choose to work, and over any network. In a multi-device mobile world, you need to be able to securely deliver apps of all kinds—Windows, web, SaaS and mobile—across a variety of devices, and support a heterogeneous computing environment while ensuring effective security, minimizing complexity and controlling costs.

As IT strategy focuses on delivering apps to any device, three key challenges emerge.

Mobilizing your existing portfolio
No part of IT is more important than the application portfolio. Whatever form they might come in, organizations likely rely on hundreds or thousands of apps to empower people to reach full productivity, generate business value and move organizations forward. As new delivery models and emerging use cases transform mobile work styles, companies need ways to continue to leverage their app portfolio investments while meeting a complex matrix of new requirements.
•    How will they deliver existing Windows apps to mobile devices?
•    Should they develop their own mobile apps—or can they afford to wait until native mobile or SaaS versions of commercial Windows apps become available?

Windows application hosting plays a crucial role here. While desktop virtualization models like VDI have received more attention lately, application hosting continues to provide a simple way to mobilize Windows applications for non-desktop workspaces, like smartphones and tablets. Instead of incurring the vast amount of time and cost writing new mobile versions of your enterprise applications, solutions like Citrix XenApp deliver applications and data optimized for a more native mobile experience without back-end recoding. Because virtualized apps continue to be delivered from the same centrally managed instance that supports VDI, enterprises can minimize overhead and make new updates available in every usage scenario simultaneously.

Delivering enterprise-ready mobile apps with consumer-like features
Mobility is one of the main drivers of shadow IT, as users bring consumer-grade apps into the enterprise to compensate for the lack of IT-issued, enterprise-ready mobile apps. Native mobile email clients and web browsers, file sharing services, like Dropbox, and mobile calendaring apps all serve important user needs, but they also invite security breaches and complicate life for IT. Often, they also lack key enterprise features necessary for full productivity. 

Whether through in-house development or a third-party vendor, IT needs to provide sanctioned, enterprise-ready alternatives to consumer-grade mobile apps. To succeed, these apps have to pass the toughest test of all: user acceptance. One way to do this is to provide business-oriented features beyond the scope of a consumer app or service, such as the ability to add an attachment to a meeting invitation or join a meeting right from the calendar request. Equally important, though, the app has to offer the consumer-like experiences people are familiar with, and not require them to adapt to a different look-and-feel from the iOS or Android apps they’ve been using.

Securing apps in the right way for each scenario
The fixed nature of a traditional computing environment lent itself to a one-size-fits-all security approach. Because all apps were used in the same place, over the same network, on the same type of device, security policies didn’t need to be all that granular to ensure effective protection.

Now mobility and the diverse use cases it enables have called for a more nuanced approach, to allow people to use apps and data in as many scenarios as can be securely permitted, while avoiding risk in scenarios that call for a higher level of protection. 

A fundamental operating principle of mobile security is that not all apps are created equal, and not every scenario calls for the same level of security. IT strategy needs to focus on managing and securing what matters, when it matters, and where it matters.

Consider two common use cases. In one, a doctor in a hospital uses a personally owned tablet to access an electronic medical record (EMR) app on a mobile device. These apps tend to be quite complicated in terms of the amount and structure of information they access in backend repositories, and they also face strict security requirements to comply with patient privacy regulations. Clearly this calls for a high level of protection. One can either deliver the app virtually, avoiding local data storage, or use a mobile app management (MAM) solution if it is a mobile app.

In either scenario, policies restricting the app usage to the hospital secure network might be necessary.

IT may also want to require two-factor sign-on, prevent local data storage, or apply all of these measures. For a more flexible approach, policies can define different usage zones and allow different levels of functionality and data access for each depending on the respective location and network connection.

Now consider an expense management app — the kind found in any public app store. IT can make it enterprise-ready by wrapping the app to secure it, or might also decide that even this basic protection isn’t really necessary for the organization. After all, no credit card numbers, personally identifiable information, or other sensitive data is being transmitted, only a list of expenses and vendors, as displayed on a discarded receipt.

The point is that IT doesn’t have to look at every single app as a potential security hole. If it’s a highly sensitive or mission-critical app, by all means secure it. And when it’s in an area where security isn’t a key need, go ahead and let people use whatever app they like, however they choose, so IT can focus attention and resources more strategically.

Don’t overlook SaaS apps. Whether used on a mobile device or desktop, these can open security gaps in certain cases, such as when a terminated employee uses credentials to access a still-active account from outside the network to wreak havoc with data.

Citrix handles this in the context of a single sign-on capability, which proxies user credentials rather than having people use their own credentials directly. As a result the user never knows their own credentials on the system. This benefits both end users and IT. Users don’t need to remember multiple credentials to frequently accessed applications, and the process to securely remove users from the system becomes easier. By revoking the SSO credential, IT can render all the user’s SaaS accounts inaccessible at once.

As this more granular, app-specific and scenario-dependent approach to security is developed, it’s important to ensure that these same policies can be easily applied across all types of apps to ensure consistency and simplify administration.

A more diverse and complex enterprise environment is now emerging. This is good news for organizations and their employees with the right tools. Empowering employees to work in more ways and in more places allows them to be more productive through a broader range of use cases.

For IT, the evolution will call for new tools and new ways of thinking. By taking an app-centric approach to strategy, IT can adapt and deliver unprecedented value for their businesses.

Chandra Sekar (@Twit2Chandra) is senior director of product marketing for the Mobile Platforms group responsible for the go-to-market strategy for Citrix XenMobile.

Kevin Strohmeyer (@kstroh) is director of product marketing for the Desktops and Apps group responsible for driving the go-to-market strategy for Citrix XenDesktop and Citrix XenApp.