应用要求App requirements

每个组织都使用多种技术能力以使其工作人员以优化的方式执行任务,在大多数情况下,主要工具是一个应用。Every organization uses a variety of technical capabilities to enable their workforce to perform their tasks in an optimized manner, and most of the time, the primary tool is an app. 可以使用多平台方法(不同的技术用于实现特定的目标),或者通过创建能够执行某个任务或使某些过程自动化的自定义应用,将这些功能合并。These capabilities could be combined in a multiplatform approach in which different technologies are used to achieve a certain goal or by creating a custom app that will be able to perform a task or automate certain processes. 设计 BYOD 策略时请务必考虑应用。Apps are important to consider when designing the BYOD strategy. 用户将使用不同的外观设置来使用这些应用;因此,你必须考虑这些应用应支持的各种功能。Users will use different form factors to consume these apps; therefore, you need to consider the variety of capabilities that these apps should support. 下图显示了用户和设备如何通过应用使用数据,以及“应用”子域的每个组件的注意事项。Figure below shows how users and devices use apps to consume data and the considerations for each component of the Apps subdomain.

应用要求

下一节包含为了制定解决方案设计的要求而必须回答的有关应用要求的问题。The next section contains questions about app requirements that you will need to answer in order to formulate the requirements for your solution design.

要提出的问题Questions to ask

应用要求可分为六个方面:app requirements are categorized in six areas:

  • 体验Experience
  • 平台Platform
  • 部署Deployment
  • 存储Storage
  • 网络Network
  • 安全Security

体验Experience

  • 你是否打算保留相同的用户体验,而不考虑将运行应用的设备?Do you plan to preserve the same user experience, regardless of the devices on which apps will run?
  • 这些应用是否需要从用户设备访问 Internet?Do the apps require Internet access from users’ devices?
  • 这些应用是否需要通过键盘进行输入?Do the apps require input via keyboard?
  • 这些应用是否收集任何用户信息,例如地理位置?Do the apps collect any user information, such as geographic location?
    • 如果是,这些应用在安装时是否提示用户有关隐私问题和数据收集?If so, do the apps inform users about privacy issues and data collection while being installed?
  • 这些应用是否需要与云服务集成?Do the apps require integration with cloud services?
  • 你打算为 BYOD 用户提供哪些类型的应用(例如基于 Web 的应用和新型应用)?Which types of apps do you plan to make available for BYOD users (such as web-based apps and modern apps)?
  • 开发的应用是否要在特定的操作系统上运行,或者它们是否能够在任何操作系统上运行?Were the apps developed to run on a specific operating system, or are they capable of running on any operating system?
  • 你是否打算允许用户从他们自己的设备通过“远程桌面”来使用应用?Do you plan to enable users to use apps via Remote Desktop from their own devices?
  • 这些应用是否需要不间断地访问公司资源,或者它们可以在脱机模式下运行?Do the apps require full-time access to corporate resources, or can they run in offline mode?
  • 这些应用是否与社交网络有任何集成?Do the apps have any integration with social networks?

平台Platform

  • 运行这些应用需要哪种类型的后端平台?What type of back-end platform is necessary for these apps to run?
  • 对于将需要升级你打算允许远程用户使用的应用后端平台的 BYOD 采用,你是否预知任何活动增加?Do you foresee any increase in activity with the BYOD adoption that will require upgrading the back-end platform for the apps that you plan to allow remote users to use?
  • 将支持这些应用的后端平台是否位于与其他服务器相同的基础结构中?Is the back-end platform that will support the apps located in the same infrastructure as the other servers?
  • 将支持这些应用的平台完全位于本地,或是否还存在位于云中的服务器?Is the platform that will support these apps fully on-premises, or are there also servers located in the cloud?

部署Deployment

  • 你是否了解将为 BYOD 用户提供哪些应用?Do you know which apps will be available to BYOD users?
  • 你打算如何将这些应用部署到用户设备?How do you plan to deploy these apps to users’ devices?
  • 这些应用的部署选项有哪些?What are the deployment options for these apps?
  • 安装要求是因目标设备而异,还是相同的?Does the installation requirement vary according to the target device, or is it the same?
  • 应用是否需要任何移动设备管理 (MDM) 才能正常工作?Do the apps require any mobile device management (MDM) in order to work properly?
  • 你是否会使用 Windows 应用商店或任何其他应用商店来部署这些应用?Will you use the Windows Store or any other app store to deploy these apps?
  • 在部署过程中,这些应用是否安装了任何数字证书?Do the apps install any digital certificates during the deployment?
    • 如果是,将使用哪种证书颁发机构(专用或公用)?If so, which certificate authority will be used (private or public)?
  • 用户是否需要物理连接到企业网络来执行安装,或是否可以通过 Internet 安装应用?Do users need to be physically connected to the corporate network to perform the installation, or is it possible to install the app via the Internet?

存储Storage

  • 在目标设备中安装每个应用所需的空间大小是多少?How much space in a target device is necessary in order to install each app?
  • 应用是否会加密位于设备存储中的数据?Do the apps encrypt the data located in a device’s storage?
  • 是否可以在目标设备的外部存储中安装应用?Is it possible to install the apps in external storage on a target device?
  • 你是否在后端应用服务器上预知 BYOD 采用的任何存储活动的增加?Do you foresee any increase in storage activity on the back-end app server with the BYOD adoption?
    • 如果是,你是否打算扩展应用服务器的存储容量?If so, do you have plans to extend the app server’s storage capacity?
  • 由应用使用的数据是位于本地存储中、云存储中,还是本地存储和云存储中?Is the data consumed by apps located in storage on-premises, in the cloud, or in both locations?
  • 在数据中心存储中还是在云中加密由应用使用的数据?Is the data consumed by apps encrypted in datacenter storage or in the cloud?

网络Network

  • 你打算为 BYOD 用户部署的应用的网络要求有哪些?What are the network requirements for the apps that you plan to deploy for BYOD users?
  • 在应用通过网络将数据从用户设备传输到后端上的应用服务器之前,是否对数据进行加密?Do the apps encrypt the data before transmitting it through the network from the users’ devices to the app server on the back end?
    • 如果是,这些应用使用哪种加密方法?If so, which encryption method do the apps use?
  • 你是否预知任何 BYOD 采用的网络活动的增加?Do you foresee any increase in network activity with the BYOD adoption?
  • 这些应用是否需要完全的网络连接才能工作?Do the apps require full network connectivity in order to work?
  • 这些应用是否可在低延迟的网络中运行?Do the apps work in a low-latency network?
  • 是否可以通过网络远程卸载这些应用,或者必须通过设备控制台卸载它们?Can the apps be remotely uninstalled via the network, or do they need to be uninstalled via the devices’ consoles?

安全Security

  • 开发的应用是否使用了任何安全开发方法?Were the apps developed using any security development method?
  • 这些应用是否提供身份验证功能?Do the apps provide authentication capabilities?
    • 如果是,这些应用使用哪种身份验证方法?If so, which authentication method do the apps use?
  • 该身份验证方法是否利用云服务?Does the authentication method leverage cloud services?
  • 这些应用是否提供授权功能?Do the apps provide authorization capabilities?
    • 如果是,这些应用提供哪些级别的授权?If so, what levels of authorization do the apps provide?
  • 这些应用是否利用现有的基础结构来处理授权?Do the apps leverage the existing infrastructure to handle authorization?
  • 这些应用是否提供日志记录功能?Do the apps provide logging capabilities?
    • 如果是,它们记录哪些数据?If so, what data do they log? 是否可以控制日志记录级别?Is it possible to control the logging level?
  • 这些应用是否提供输入验证?Do the apps provide input validation?
  • 公司政策是否具有针对输入验证和处理的特定标准?Do the company’s policies have specific standards for input validation and handling?
    • 如果是,这些应用是否符合这些要求?If so, will the apps be compliant with such requirements?
  • 是否存在一个用于处理来自系统外部的数据的常见的输入验证或清理子系统?Is there a common input validation or sanitization subsystem that processes data from outside the system?
  • 这些应用是否会使用任何外部库,例如 JavaScript 库?Will those apps consume any external library such as JavaScript Library?
    • 如果是,你是否已为这些外部调用执行安全风险评估?If so, did you perform a security risk assessment for these external calls?
  • 是否已使用 STRIDE(欺骗、篡改、否认、信息泄露、拒绝服务和特权提升)方法验证应用?Were the apps validated using the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) method?
  • 这些应用是否会处理个人身份数据?Will the apps handle personally identifiable data?
  • 你是否已对这些应用执行任何隐私分析?Did you perform any privacy analysis for these apps?
  • 这些应用是否会使用动态磁贴?Will the apps use live tiles?
    • 如果是,这些动态磁贴是否可能在无意中造成信息泄露?If so, could these live tiles inadvertently cause information disclosure?