If you haven’t heard, there is a shortage of mobile app developers. Not surprising really, given the monster growth in mobile apps being developed and deployed. Reasonable market estimates for the number of mobile apps downloaded in 2013 run as high as 100 billion. It’s hard to find enough talent to write that many apps. Talent management firm Talent Neuron estimates that job posting for mobile developers has doubled over the last two years globally, but the number of registered developers has increased only 13 percent. One of the reactions to the imbalance between resource supply and demand has been to attempt to simplify and standardize aspects of app development. Mobile app development platforms, such as RohMobile, PhoneGap, and Appcelerator, can significantly speed up the development of both native apps and HTML apps.
Another interesting market that has sprung up is mobile backend as a service (MBaaS). By aggregating third-party API’s, MBaaS assists mobile app developers in connecting their apps to cloud services. MBaaS allows mobile app developers to focus on building the key components of the app rather than on building backend integrations from scratch. Given the resource restraints that enterprises are facing with their mobile app development teams, it is not surprising that more of them are beginning to take a look at these services.
While initial focus was on backend data delivery services (primarily for consumer apps), the market is now expanding into the enterprise through the delivery of more robust data security, user management, reporting, and other enterprise features. The MBaaS market currently includes dozens of vendors; however, only a few have focused on enterprise requirements. These include Appcelerator, Appery.io, Kinvey, Parse/Facebook, StackMob, and KidoZen. These services are maturing as vendors realize the opportunity within the enterprise segment. For an overview of services in this market, please see the recent analyst brief MBaaS Can Accelerate Mobile App Rollout.
Within the findings, Secure Sockets Layer (SSL) encryption is recommended. Unfortunately, SSL implementation in mobile apps depends on developer implementation. It also lacks any visible way to notify a user when SSL is in use on a mobile app. Errors can occur during SSL implementation that may leave the app exposed to compromise on Android. These errors can occur within the configuration of a device’s trusting certificates, during the use of mixed mode communication, with improper management of hostnames, or even in the number of certificate authorities permitted. In general, developers are not security experts. Isn’t part of the value of a secure mobile infrastructure the ability to remove this dependence on third-party implementation of security controls?
Mobile device management is recommended; however, this does not address a user’s ability to install personal apps, nor should it. The premise of a secure workspace and personal space is that users maintain control of their own personal spaces. However, it is within these open personal workspaces that the risk to the system resides; thus, it is necessary to completely segregate the personal and enterprise space at all points of the application workflow.