Recently I spoke to Greg Raiz about about Raiz Labs and their mobile application management (MAM) product, AppBlade. AppBlade is built for distributing in-house applications through an enterprise app store and securing them with features available through their SDK. AppBlade was created in 2010, launched last year, and now has almost 300 customers.
AppBlade supports Android and iOS, with some limited support for BlackBerry. There are essentially two parts: a web app for the enterprise app store part and an SDK for integrating security features.
There's no native app version of the AppBlade enterprise app store, which means that security and management features come from controlling who has access to apps in the first place and also from building features into the apps themselves. The store can use AD, LDAP, or OAuth to authenticate users and verify permissions for downloading applications, and users download and install app packages directly from the store. The applications can be any that are available as .IPA or .APK packages (the iOS and Android formats), but the point is really to distribute apps with built-in security and management features that utilize AppBlade’s SDK. (This means that there's no pointing to public app store apps, but can't users handle that on their own, anyway?)
The SDK has features for securing and managing individual applications, including SSO authentication, remote “kill switches” (since without MDM involved, there’s no way for an admin to actually uninstall an app, but it is possible to make the app render itself useless), and encryption—all features you’d expect out of any managed app. The more interesting features are crash reporting, usage reports, version controls, version rollback, and the ability to simultaneously distribute and support multiple versions of an app.
AppBlade is MDM agnostic—it can work both on managed and unmanaged devices. This means that it’s not possible to forcibly push or revoke applications, but in theory all the control needed should be built directly into the app itself. AppBlade does have the ability to distribute MDM configuration profiles, but it’s first and foremost an MAM solution.
So If there’s no MDM involved, then it ultimately falls down to your developers and the work they’re doing to make sure that apps (and corporate data contained within) are secure. There are the easy hurdles, like encrypting app data at rest and requiring authentication, that can also be taken care of by MDM. But there are also other dangers that a developer would have to guard against (and likely still face anyway even if a device was managed).
AppBlade is a product for companies that have fairly advanced mobility strategies—to get to a point where a company is rolling its own applications, that company has probably dealt with some other mobility issues first. Basically, not everybody’s going to run to AppBlade as the first step when they’re trying to figure out to handle BYOD, or even what to do about consumerization in the first place. Once the value of mobile devices and having corporate data and apps on them is realized, however, then a solution like AppBlade is needed (along with some developers to build those in-house apps, too).