Fueled by the widespread adoption of increasingly powerful mobile devices, we are in the midst of one of the most exciting technology eras ever. Half of American adults now own smartphones and over 20% are already using tablets. This pace of adoption is unprecedented as the first Apple iPhone was only introduced five years ago with the Apple iPad arriving in just the past two years.

The rapid emergence of this mass market has shattered the cost constraints for going mobile for every organization, including government agencies. For a technology geek like myself, what’s most exciting is the opportunity this creates to untether knowledge workers from the desktop so that they can be equally effective in the field.

Without question, these are interesting times for architects, developers and program managers. Smartphones and tablets offer a number of unique features to capitalize on and they are highly extensible as well. However, they also present new challenges as many facets of the traditional user experience are transformed by these mobile devices. Agencies will need to combine their existing best practices with new approaches and strategies if they hope to fully exploit the technology’s vast potential.

Based on our work with a number of federal agencies, we have identified 10 steps to creating what we are calling insanely great mobile apps. And by mobile apps, we don’t mean tip calculators or other gadgets. Rather, we are focused on apps that measurably advance the mission to deliver maximum enterprise value. Most often, this means apps that leverage smart mobile devices to access enterprise information systems remotely in new and powerful ways.

These 10 steps are designed to help mobile developers and agencies deliver the compelling, intuitive, engaging and satisfying user experience that distinguishes every successful app.

1. Deliver quickly and precisely the right information to and from the mobile device.

This is arguably the best place to get started as it makes everything else possible. To meet user expectations, the app must be responsive and fast, which requires new thinking in terms of performance and speed.

Specifically, we need to optimize the integration with back-office systems. In traditional application development, there is a tendency to over-provision data, importing all of the information that we might require versus exactly what we need. With a mobile app, this approach just creates bottlenecks that denigrates performance.

Instead, we must be selective, focusing on the specific data that we need. This requires more upfront thinking about the type of information essential to completing each task. We also need to optimize the flow of this data, including how it is stored and used on the device itself. And the reverse – how we synchronize the device’s data back to these enterprise systems – is equally important to ensuring a responsive and fast user experience.

2. Rigorously protect information from unauthorized use.

The right to use data within an application is predicated on our commitment to protect it. Therefore, we must be rigorous in every aspect of information security as this is the most important element of mobile application development.

Assuming that you already have good policies and infrastructure in place, such as mobile device management (MDM), what can and should be done at the app level to protect information from unauthorized use? Should we protect it in transit? On the device? From malware? Obviously, the answer is yes. From a developer perspective, some of the most critical strategies are as follows:

  • Authentication – Beyond the device log-in, application-specific log-ins can be created, which can be reinforced through the use of additional authentication, such as integrated CAC or PIV card readers and biometrics.
  • Digital Signature– Most mobile platforms support a digital signature with Apple iOS actually requiring it. A digital signature should always be used as it authenticates to the device the source of the app and attests to its integrity.
  • Sandboxing– This architecture ensures that apps cannot communicate with other apps outside of their container. More importantly, it also prevents these apps from calling upon your app, which is an important protection against malware.
  • Data Encryption – In order to protect against lost, stolen or jail broken devices, data stored locally should be encrypted. Data in transit should be encrypted as well. In many cases, the device may require it, such as through use of the Data Protect Complete function on Apple iOS, as this is really a best practice. Beyond the native encryption all devices provide, third-party modules can be used for added protection and to standardize encryption across multiple platforms.
  • Persistent Data – In the case of particularly sensitive data, apps can be designed to maintain no data on the device itself.

While it can be tempting to consider shortcuts, the reality is that they won’t stand-up to scrutiny. This means that they will just prevent you from deploying your apps in a timely manner.

3. Present the information in a manner that optimizes the business process.

While it’s not difficult to create a mobile wrapper for an existing application, this is often a short-sighted approach. As the interface and working environment are both dramatically different, this just creates a mobile app with numerous form fields that are cumbersome to navigate. At the same time, you are not leveraging the many unique capabilities of the device.

Instead, you want to create mobile apps that work intuitively and effortlessly in the field. Typing should be minimized as the user should be able to flow from task to task using a series of taps and swipes with individual screens replacing specific fields. At all times, they should be able to quickly and easily interact with the app to navigate the process.

4. Allow the user to remain productive even when the network is unavailable.

While the goal of most mission-focused apps is to extend enterprise systems and data to users working in the field, we must assume and plan for the fact that network connectivity is not always available. Remote locations, buildings and tunnels, and secure facilities are just some of the obstacles we must account for.

Therefore, the app should be designed to function in a disconnected state. Typically, this means that the app is provisioned locally with the minimally-required amount of data to operate. We also need to address data synchronization and securing data stored on the device. As the implications here are far-reaching, these are decisions that should be addressed early in the planning process.

5. Minimize impact on underlying enterprise IT systems and infrastructure.

Due to their size, there is often an assumption that mobile devices have minimal impact on the networks and back-office systems that they rely upon. The reality is that mobile devices often scale requirements in entirely new ways. For example, a data warehouse designed to answer a few big questions may now be required to respond quickly to a much larger number of more targeted inquiries.

Developers must design their apps to minimize their impact on enterprise systems and networks or provision the enterprise accordingly. Mobile apps that are unnecessarily chatty are a common concern as they put additional strains on existing infrastructure. It is incumbent on the developer to ensure that they don’t bring existing systems to their knees when deploying new apps.

6. Exploit the capabilities of the device.

A common disappointment is rotating your mobile device only to discover that your new app fails to follow suit. Where this really becomes frustrating is when you realize how it fails to leverage many of the device’s other native capabilities as well. This inability to meet baseline expectations is certain to make me question how much thought went into the rest of the app and will often drive me to seek a replacement.

While part of the value of mobile devices is their size and portability, their many unique capabilities are equally critical differentiators. These integrated features, such as cameras, GPS and accelerometers, provide a wealth of opportunities to create more compelling, effective and satisfying apps. At the same time, these devices are highly extensible and can also be enhanced with the inclusion of a number of readily available third-party add-on components. Even Apple uses a credit card sled to process transactions throughout their stores.

7. Accommodate the ever-changing variety of available devices.

If I am developing my app to run on multiple platforms, there is a downside to all of this innovation. Every time that I elect to capitalize on a new feature – say Apple’s retina display or the stylus for Microsoft Surface – I need to figure out if and how I can support this feature on alternative devices. And this issue won’t resolve itself as we have seen moderate to significant announcements from Microsoft, Apple and Google regarding their respective mobile platforms in just the past several months alone. Choosing between standardization and best-of-breed entails tradeoffs that developers need to carefully assess.

For example, I can develop an app for the iPhone using the Objective-C programing language, a Mobile Enterprise Application Platform (MEAP) or HTML5. Objective-C boasts the tightest integration with the iPhone’s native features while HTML5 is immediately portable across multiple devices. MEAP solutions can be used to transform a common application design into device-specific code; they generally do a good job of leveraging native features but not always as seamlessly as custom written code.

The right choice will depend on a number of factors, such as a desire to deliver best-in-class performance versus a need to support multiple platforms. In most cases, only a small percentage of the solution resides on the device itself as much of the heavy lifting is done by back-office systems. This means that creating device-specific applications may not be as challenging as one would assume since much of the cost is in the overall design and developing needed system interfaces instead of actual device-based programming.

8. Deliver new and focused capabilities frequently and consistently.

Mobile apps are changing user expectations for more regular updates and enhancements. Some of this is driven by their more tightly integrated ecosystems and hardware platforms, which makes it far easier to implement new software releases. At the same time, the intimacy of the user’s relationship with the device places a premium on responding to their feedback with regular improvements.

Agile software development has proven particularly well-suited for these requirements. Working against a common backlog of desired features, this more iterative approach enables more frequent delivery of new functionality. Based on user feedback, the app can be continually improved until it delivers optimal performance.

In terms of adoption, this is a very effective way to introduce new features. Specifically, it doesn’t overwhelm users with a slew of new features at one time, with the frequency of releases inspiring greater confidence in the app’s long-term future.

9. Establish governance standards that empower developers.

To ensure reliable performance, secure operations and a consistent user experience, standards are needed for how apps are developed, deployed and used. They may relate to how the app is configured, the look & feel or how specific tasks are executed.

The challenge is that many developers treat governance as a four-letter word and I don’t blame them. More often based on perception than reality, these mandates tend to constrain rather than empower developers. Unfortunately, agencies find it easier to outlaw a specific approach instead of learning how to compensate for it within their risk management strategy.

In contrast, we believe that agencies should establish guidelines to encourage developers to capitalize on all of the functionality available to them. The reality is mobility isn’t going away – and will soon represent half of all Internet traffic. This means that agencies can and should invest upfront in the repeatable best practices and frameworks needed to create the optimal user experience. And by identifying the implications of deploying specific technologies in advance, you can take proactive steps to mitigate these risks. Ultimately, your best security is provided by employing a consistent and defined approach.

10. Delight the user.

In terms of the long-term success of your app, this last point might be the most important. By delivering a series of positive surprises, you can proactively influence the user’s overall perception of the app. And delighted users become advocates and champions that identify additional enhancements and justify needed resources and investments.

Delighting users is about exceeding their expectations, delivering innovative new capabilities that anticipate their requirements and were often previously inconceivable. While this may sound like a tall order, these innovations don’t necessarily need to be huge. Often, just applying the best practices already found in commercial and social apps will delight enterprise users. The goal is to make common and often mundane tasks exciting so that the user feel empowered to execute their mission more effectively.

None of these steps are truly unique to mobile devices. In many cases, they build upon existing best practices and reflect common sense. However, they become more important to execute due to the user’s more intimate relationship and tighter integration with their mobile device. As a result, the developer’s ability to meet their user’s mission goals has never been greater.

Tim Hoechst is the chief technology officer of Agilex Technologies, Inc., a leading provider of enterprise mobility services and solutions to the federal government. He was named a 2011 Government Contractor CTO Innovator of the Year award winner for his leadership in federal IT issues.