For a generation or more, IT has thought about end-user computing in terms of a Microsoft Windows desktop, says Arthur Dell, director technology and service, Citrix.

Ask people what really matters to them now, and you’ll hear them talk about the applications they rely on to get their work done. As the types of apps in the enterprise continue to diversify – Windows, web, mobile, and SaaS – along with the devices people use for work, the desktop no longer singularly defines user experience.

For IT, the challenge now is to deliver the apps people need, where they need them, while maintaining security and control – regardless of app type, device or location.

The latest Citrix research paints a clear picture of the changing enterprise landscape. Our survey last year of 733 customers across the globe found:
* 64% of the apps in their enterprises today are Windows-based;
* 20% are web or HTML5;
* 10% as SaaS;
* 6% are currently mobile.
When asked to anticipate what they’ll be doing just a year from now, customers describe a changing mix:
* The share of Windows apps is predicted to be at 54%;
* Web/HMTL5 apps rise to 23%
* SaaS apps rise to 14%
* Mobile rises to 9%.
Windows will continue to be the dominant platform – but to focus too narrowly on the traditional desktop paradigm risks overlooking a fundamental change in the way people are using apps.

For digital natives, a desktop is one kind of workspace; increasingly, the new way of working is characterised by a mobile workspace that securely delivers apps, desktops, files and services to the user on any device from which they choose to work, and over any network. In a multi-device mobile world, you need to be able to securely deliver apps of all kinds – Windows, web, SaaS and mobile – across a variety of devices, and support a heterogeneous computing environment while ensuring effective security, minimising complexity and controlling costs.

As IT strategy focuses on delivering apps to any device, three key challenges emerge.

Mobilising your existing portfolio
No part of IT is more important than the application portfolio. Whatever form they might come in, organisations likely rely on hundreds or thousands of apps to empower people to reach full productivity, generate business value and move organisations forward.

As new delivery models and emerging use cases transform mobile work styles, companies need ways to continue to leverage their app portfolio investments while meeting a complex matrix of new requirements. How will they deliver existing Windows apps to mobile devices? Should they develop their own mobile apps – or can they afford to wait until native mobile or SaaS versions of commercial Windows apps become available?

Windows application hosting plays a crucial role here. While desktop virtualisation models like VDI have received more attention lately, application hosting continues to provide a simple way to mobilise Windows applications for non-desktop workspaces, like smartphones and tablets. Instead of incurring the vast amount of time and cost writing new mobile versions of your enterprise applications, solutions like Citrix XenApp deliver applications and data optimised for a more native mobile experience without back-end recoding. Because virtualised apps continue to be delivered from the same centrally managed instance that supports VDI, enterprises can minimise overhead and make new updates available in every usage scenario simultaneously.

Delivering enterprise-ready mobile apps with consumer-like features
Mobility is one of the main drivers of shadow IT, as users bring consumer-grade apps into the enterprise to compensate for the lack of IT-issued, enterprise-ready mobile apps. Native mobile email clients and web browsers, file sharing services, like Dropbox, and mobile calendaring apps all serve important user needs, but they also invite security breaches and complicate life for IT. Often, they also lack key enterprise features necessary for full productivity.

Whether through in-house development or a third-party vendor, IT needs to provide sanctioned, enterprise-ready alternatives to consumer-grade mobile apps. To succeed, these apps have to pass the toughest test of all: user acceptance. One way to do this is to provide business-oriented features beyond the scope of a consumer app or service, such as the ability to add an attachment to a meeting invitation or join a meeting right from the calendar request. Equally important, though, the app has to offer the consumer-like experiences people are familiar with, and not require them to adapt to a different look-and-feel from the iOS or Android apps they’ve been using.

Securing apps in the right way for each scenario
The fixed nature of a traditional computing environment lent itself to a one-size-fits-all approach to security. Because all apps were used in the same place, over the same network, on the same type of device, security policies didn’t need to be all that granular to ensure effective protection. Now, mobility and the diverse use cases it enables have called for a more nuanced approach to allow people to use apps and data in as many scenarios as can be securely permitted, while avoiding risk in scenarios that call for a higher level of protection.

A fundamental operating principle of mobile security is that not all apps are created equal, and their security shouldn’t be handled the same way, either. Similarly, not every scenario calls for the same level of security. IT strategy should focus on managing and securing what matters, when and where it matters.

Consider two common use cases. In one, a doctor in a hospital uses a personally owned tablet to access an electronic medical record (EMR) app on a mobile device. These apps tend to be quite complicated in terms of the amount and structure of information they access in backend repositories, and they also face strict security requirements to comply with patient privacy regulations.

Clearly, this calls for a high level of protection. One can either deliver the app virtually avoiding local data storage, or use a mobile app management (MAM) solution in case it is a mobile app. In either scenario, policies restricting the app’s usage to the hospital’s secure network might be necessary. IT may also want to require two-factor sign-on, prevent local data storage, or apply all of these measures. For a more flexible approach, policies could define different usage zones and allow different levels of functionality and data access for each depending on the respective location and network connection.

Now consider an expense management app – the kind found in any public app store. IT could make it enterprise-ready by wrapping the app to secure it, but might also decide that even this basic protection isn’t really necessary for the organisation. After all, no credit card numbers, personally identifiable information or other sensitive data is being transmitted, just a list of expenses and vendors – as displayed on a discarded receipt. The point is that IT doesn’t have to look at every single app as a potential security hole.

If it’s a highly sensitive or mission-critical app, by all means secure it – but if it’s in an area where security isn’t a key need, go ahead and let people use whatever app they like, however they choose, so IT can focus your attention and resources more strategically.

In the case of SaaS apps, these should not be overlooked. Whether used on a mobile device or desktop, these can open security gaps in certain cases, such as when a terminated employee uses their credentials to access a still-active account from outside the network and wreaks havoc with the data.

Citrix handles this in the context of a single sign-on capability, which proxies user credentials rather than having people use their own credentials directly. As a result, the user never knows their own credentials on the system. This is a benefit for both end users and IT. Users don’t need to remember multiple credentials to frequently accessed applications and the process to securely remove users from the system becomes easier. By revoking the SSO credential, IT can render all the user’s SaaS accounts inaccessible at once.

As this more granular, app-specific and scenario-dependent approach to security is developed, it’s important to ensure that these same policies can be easily applied across all types of apps to ensure consistency and simplify administration.

A more diverse and complex enterprise environment is now emerging, and with the right tools, this comes as good news for organisations and their employees. By empowering employees to work in more ways and in more places, they can be more productive through a broader range of use cases. For IT, the evolution will call for new tools and new ways of thinking, but by taking an app-centric approach to their strategy, they can adapt seamlessly and deliver unprecedented value for their business.