V3 Enterprise Mobility Summit: Applications have been a staple part of businesses of all sizes since computers became mainstream. However, in recent years the nature of applications entering businesses, be they an SMB or enterprise, has radically changed.
On the one hand the change has been positive, with cloud-based applications and new devices like smartphones and tablets revolutionising the way we do business and letting us be more mobile than ever.
However, with the influx of consumer devices and non-business applications into most workers' daily lives, IT managers can no longer fully control what devices, let alone software services, are connecting to the corporate network or handling business data, and this puts them at risk.
Companies are aware of this dilemma, but unwilling to give up the productivity and mobility benefits granted by apps, and find themselves between a rock and hard place when planning an IT strategy.
The problems of consumerisation
The consumerisation of IT is a tricky problem affecting most businesses, whether they know it or not.
However, increased user expectations regarding applications is one of the biggest problems, according to University of Surrey Computer Science professor Alan Woodward (pictured).
"User expectations are raised as they use sophisticated mass market products in their daily lives and expect a business application to be similarly well designed, especially the user interface. However, a bespoke application might be some way short of that," he said during an interview with V3.
Woodward added that the consumerisation of IT is doubly dangerous as many of the applications entering the enterprise are not designed with security in mind.
"Security was for too long thought of as something that could be 'bolted on' after an application was complete. That approach simply does not work. Building applications that are secure by design has been shown repeatedly to be the best way to avoid nasty security surprises," he said.
"The trick is to educate developers to adopt this approach by default. When one is developing any application one naturally tends to think about how the application will be used 'properly', not how it might be misused."
Woodward highlighted database applications as a key example of the security problems in most app development practices.
"For example, when building a web-based form that is linked to a database you look at how to help the user enter the correct type of data. You tend not to think that some hacker might start entering SQL commands as a way of directly accessing your database," he said.
"You have to assume your application will be misused and build in safeguards accordingly. In the case of SQL injection there are simple ways of coding the form that are no more complex than the insecure way - it just needs the developer to be aware."
Bridging the IT versus business divide
Interestingly, the secret to successful application deployment is as much cultural as technological, according to Woodward.
"One of the biggest problems is not a technical one but rather the lack of a bridge between the business and technology. You need people who understand the business need and the capabilities of the technology," he said.
"Sadly too many businesses want to change the IT so that it fits the business exactly as they run it now, whereas if they were willing to introduce some relatively minor changes in the way they did business they might well be able to use existing products."
Woodward explained that increased understanding about technology lifecycles and deployment timelines, combined with empathy from the IT department towards employees' needs and expectations, will help in a variety of ways.
Better app development and deployment policies
For starters Woodward said it would allow companies to stop investing vast sums in bespoke applications that may ultimately be ignored by employees and result in shadow IT environments.
"Unless you are producing an application that is to be used across a very large organisation, and bespoke development somehow gives you a competitive edge, you might well find that a small amount of business change is a small price to pay for joining a much bigger group of those using commercially available products," he said.
"The best solution is to try to use commercial off-the-shelf products and integrate them so that you get the benefits of the major developments within the core products and the integration is what renders it fit for purpose for your particular business.
"This has enormous benefits. The corollary is that buying bespoke means that, as the commercially available products move on, your application may not."
Woodward highlighted customer relationship management (CRM) platforms, such as SAP's Fiori or Salesforce's Salesforce1, as examples of how the hybrid solutions could work.
"Interestingly, one of the most successful forms of business application in recent times has been areas such as CRM or enterprise resource planning where vendors have provided a core platform that is customised through configuration rather than needing large amounts of bespoke code," he said.
"These hold the potential to have the best of both worlds, but it does require careful project management to ensure that the customisation doesn't end up producing something that has all the downsides of a bespoke solution."
Realistic long-term plans
As a secondary benefit, Woodward argued that the improved dialogue between IT and business divisions would let firms deploy more realistic, long-term technology strategies.
"Most projects of any scale can have their problems traced right back to the requirements definition phase," he explained.
"It may be ambiguity in the definition, incompatibility with a business process or something as simple as not understanding that interdiction to service of an application usually involves a degree of business change that has to be managed.
"If you build an application, throw it over the wall and expect users to seamlessly integrate it into their daily routine you are bound to fail and the business benefit that was (hopefully) the reason for undertaking the project will never be realised."
Woodward added that it will also allow non-technologically aware executives to commit to realistic tools that meet the company's needs now and in the future.
"One other significant problem that affects applications being built for a business is the business changing its mind," he said.
"This can have many forms: too many people involved, a project that takes so long the business need changes or business sponsors are not properly empowered to make decisions.
"Success will come only if you have a senior responsible business owner who can commit on behalf of the business and who accepts that changes beyond a certain point in the lifecycle will cause serious disruption."
Woodward's tips on enterprise application deployment are part of V3's ongoing Enterprise Mobility Summit. Make sure to register for the summit to get more tips and insights on enterprise mobility.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets