5 Questions IT Agencies Should Ask About Application Management

1. How Do I Deploy Updated Applications to All Agency Employees?

There are two keys to success here: visibility and automation. Both come as part of mobile device management (MDM), also called enterprise mobility management (EMM) or unified endpoint management (UEM) tools.

Visibility — knowing which version of which application and operating system is installed on which device — keeps agency IT teams updated. Automation — pushing preprogrammed, mandatory application and operating system updates to large numbers of devices — is what helps those teams avoid problems. Officials can understand what is going on and where issues are coming from when they can see and control client systems.

EXPLORE: Why modernizing IT is a top priority for state and local governments.

2. How Do I Handle Application and Operating System Version Conflicts?

Control patching through MDM/EMM/UEM tools. IT’s standard advice to end users is to apply all security patches to the OS as soon as possible. But agency IT teams know that patching too early or too late leads to application compatibility problems.

MDM/EMM/UEM tools can delay OS patches until applications have been tested, then force installation once everything is verified as compatible.

3. What Do I Do About Old Applications That Won’t Run On New Operating Systems?

Sometimes, application updates are simply impossible. Legacy applications on the server side lead to client-side restrictions: OS, browser and Java version issues are common. The best answer is virtualization: Use a virtual desktop from vendors such as Citrix, VMware or Microsoft, isolated from the rest of the network. This minimizes security risks and keeps legacy applications running without blocking critical updates.

4. What About New Applications That Won’t Run On Old Hardware and Operating Systems?

Agency IT teams must set limits on what operating systems can be connected to their networks and applications. This is true even in a zero-trust environment: An old, buggy operating system presents an enormous security risk, and virtualization doesn’t mitigate that risk. In a government environment, forcing updates and budgeting for new desktop hardware can be difficult, but that cost is small compared with potential security risks.

DIVE DEEPER Modern workspace management's flexibility and agility.

5. What Do I Do About Employees Who Want BYOD but Won’t Let Us Manage Their Devices?

Agency IT must manage devices at some level, not just for application compatibility but also for security and access control to agency data. BYOD is a two-way street: Users must trade some level of control in exchange for the ability to have their own devices touching government applications and data. If that’s not acceptable, then BYOD is not right for that user. Android Enterprise’s Work Profile, which creates a special work partition and guarantees users full privacy regarding everything else on their devices, might be an acceptable compromise for some users, but even that requires an MDM agent on the devices. In the long run, BYOD only works as a cooperative agreement between IT and the end user, each trusting the other.