Best Practices

To better scale and keep an eye on a large portfolio of applications, a policy of assigning an application owner for most applications is increasingly common. However, the responsibilities of application owners can vary dramatically between organizations. Increasingly, I've been hearing that application owners are being asked to keep an eye on application updates and/or check in on the applications assigned to them to identify the need for new updates regularly. It sounds like a good idea to have more eyes on things and potentially get ahead of the need for an upgrade before a vulnerability scan alerts you there is a security update in need of remediation. In other organizations, the app owner is more of a consulted subject matter expert on specialized products or have more of a license/access responsibility, but it makes a lot of sense to have them proactively keep an eye on application updates. 

Are application owners in your organization expected to check in on applications and recommend when upgrades are appropriate?

If so, what challenges have you observed in executing this successfully?