By 2016, 40% of mobile application development projects will leverage cloud back-end services, causing development leaders to lose control of the pace and path of cloud adoption within their enterprises, predicts Gartner. 
Cloud mobile back-end services provide a specialised form of platform as a service (PaaS) to support mobile application development.
These cloud services – referred to by some in the market as “mobile back-end as a service” – provide the back-end capabilities commonly required by mobile applications, such as user management, data storage, push notifications and social network integration. In addition, some cloud mobile back-end services allow developers to deploy server-side code.
“Cloud mobile back-end services stand to become a key component of the application development ecosystem,” says Gordon Van Huizen, research director at Gartner.
“As a result, a given organisation may begin using them without first developing the requisite understanding of the issues and risks associated with employing cloud services for application infrastructure. What’s needed, then, is something of a crash course in the fundamental concerns of deploying application functionality in the cloud.”
A primary goal of mobile back-end services is to make the use of cloud capabilities, such as data storage, as natural to the mobile application developer as possible.
The programmer develops mobile applications using familiar storage programming mechanisms, and the cloud service acts as a black box that stores and retrieves the data as necessary. But as the use of cloud services by mobile applications grows, the challenge of governing the security and use of sensitive corporate data also grows.
Left ungoverned, this results in the hidden movement of potentially sensitive data to the cloud, and the possibility of inadequate security. Governing such interactions between mobile applications, enterprise systems and the cloud may require additional security and governance capabilities beyond those found in a particular mobile application development platform (MADP).
“Governance technology can only be effective, though, if it is used,” says Van Huizen. “Clear policies must be established and communicated to developers prior to the use of cloud mobile back-end services by applications that may access corporate or customer data.”
A significant amount of enterprise application development takes place outside the scope of IT in the form of business unit application development, end-user application development and development outsourced by business units to third parties. Historically, most mobile application development not performed by IT has been outsourced.
This is beginning to change with the emergence of visual app builders and other forms of rapid mobile application development tools. With the increased demand for mobile applications, non-IT developers will increasingly look for ways to provide mobile applications that satisfy their business requirements, and they will begin building their own mobile applications.
“This presents a risk much greater than in the past,” Van Huizen says. “The advent of more sophisticated rapid mobile application development environments, the availability of cloud services and increased access to enterprise systems will expand the potential for non-IT developers to build applications that commingle sensitive corporate data with cloud-based services and storage.
“It is, therefore, necessary to extend awareness of the issues to the broader organisation, as well as the organisation’s policies for cloud services, so that mobile applications built outside IT are subject to the same oversight and governance as those built within IT.”