The Dangers of “Shadow IT” in Mobile App Development

Mobile applications are fast becoming an indispensable tool for enterprise. Gartner estimates that within the next five years 70% of all enterprise-level software interactions will be through mobile applications. However, 70% is also the estimated percentage of internal apps which will be created or adopted without IT consultation by 2020. Employees looking for mobile solutions turn to off-the-shelf third party apps rather than waiting on overloaded IT departments to help. Some even take advantage of the variety of online toolkits to create custom apps for their own use. At first glance it seems like this kind of initiative is good, and in some ways it is. There’s a real need for forward thinking when it comes to managing the 1.46 billion employees who work remotely at least part of the time. Also, the average IT team has a mission-critical priorities list a mile long. They don’t have enough resources to satisfy the growing demand for mobile functionality and still meet their regular obligations. The ability for mobile app development without total reliance on the IT department is a serious force-multiplier for today’s enterprise. However, apps created by unsupervised “shadow IT” can cause more problems than they solve. The wide availability of development toolkits has created an artificially low barrier to entry for casual developers. Anyone with a basic understanding of Java can put together an app with a few useful features, but they lack the larger body of knowledge necessary to make their app safe and functional in the long run. When outsourcing projects to a mobile app development company, businesses need to make sure that the developers are in line with the company's IT team. These are some things to consider when selecting a development partner.

The greatest threat to enterprise

The most serious threat to enterprise from unmanaged mobile applications lies in security risks. A patchwork of custom and third-party apps across a company creates an environment in which it’s difficult to tell what information has been shared where. Most third party apps have similar privacy policies, but there are enough differences to make navigating them tricky in the event of a dispute. There is rarely a central tracker for all apps used by the company that includes details as to what proprietary information is or should be accessible through the app. Moreover, decisions on how much information is safe to share where are generally made by whichever user sets up the app.

The risk of hiring an inexperienced coder

Mobile applications that are custom-created by non-IT personnel present additional risks. Unless the employee writing the app is also a high-level coder, they will probably use code-free, “drag and drop” style tools like Bubble or App Press. These can be really useful tools- if you also know how to secure them. Unfortunately, the average user won’t have that knowledge. They rely on the program’s preset security measures which make their apps soft targets for hackers. Employees who are familiar with web development might try to code their own mobile app. Mobile app development has a whole different set of challenges than building a website, though. In order to operate quickly, mobile apps must store a disproportionately large amount of short-term information. These caches are vulnerable to outside actors. Beginning developers assume password authentication is enough to protect the cache, but mobile users find constantly entering passwords to be a hassle. A better approach for mobile involves setting the cache to wipe itself regularly. Hire a custom mobile app development company that has good references and has worked for enterprises. By hiring a team instead of a person, businesses have more confidence in projects going through procedure and QA.

The risk of not getting IT involved

The other major security weakness of mobile apps is the disconnect between what the app developer makes remotely accessible and what IT expects to be remotely accessible. When building an employee-facing application developers allow more access to company data than one would for a customer app. They may expose systems which weren’t previously accessible remotely, systems that aren’t monitored closely by IT because of their supposedly protected status. This is arguably the biggest security risk posed by using underdeveloped applications. IT involvement in the mobile application certification phase is critical to avoid data breaches. Businesses must make sure that the mobile app development firm communicates with the company's IT department.

Overpaying for apps that do not serve a common goal

Security concerns aren’t the only problems caused by a disorganized mobile application development strategy. Financial loss through unnecessary subscriptions is a major consideration, too. For example, two departments might have similar needs but be meeting them with different third-party apps. When they compare notes they realize neither can use the other’s app due to the specific nature of their operations. They can’t find an app on the market that satisfies both sets of requirements, so the company continues to pay for two separate applications. More problems arise when ambitious developers try to combine too many functions. Mobile apps should be lean and easy to navigate. They work best when used to streamline one workflow or improve coordination between workflows. Trying to cram several unrelated functions into one app creates a slow, complicated interface. Users will abandon an app that isn’t easy to use in favor of less confusing methods. That relegates all the resources spent on developing the app to waste. Make sure the mobile app development company has a QA or UI professional to go through testing.

The effects of not planning for maintenance

Sometimes a mobile app seems perfect on launch, then slowly begins throwing faults and losing data. This comes from a failure to plan for app maintenance. When businesses talk to their mobile app development partner, they should ask what the maintenance cost is for the app. Mobile technology is constantly changing with updates every few months. Inexperienced developers can overlook the need for a maintenance schedule, or perhaps don’t have time among their other responsibilities to keep up with evolving technologies. Demand for enterprise-focused mobile applications is growing five times faster than the market can fulfill. Turning to “shadow IT” is a common workaround for this shortage but the reality is that, while relying on it sometimes works on a small scale, the costs grow rapidly out of control. Entire departments can be derailed by the effort involved in developing, testing, maintaining, and updating mobile applications. This steals resources from the company’s primary focus. Despite the difficulties in creating custom mobile applications for enterprise, the number of companies doing so is rising. Two years ago only 45% of companies had developed more than ten custom apps, and over the next two 65% plan to pass that level of mobile optimization. This growth is enabled by outsourcing mobile app development. Hiring experienced firms is easier, less resource-intensive, and allows a company to focus on their core business strategy without also having to get into the business of mobile app development.

To learn more about how we can streamline your company’s mobile application development strategy...

More from our team

A Faster Way Forward Starts Here