The answer depends on where you desire to control apps and to what depth of policy controls are required. Next generation firewalls (NGFW) long ago recognized apps in allow or deny policy controls for user identity, content type, and app identity. URL categories in secure web gateways (SWG) were too broad to delineate specific apps and use cases, plus an associated app risk profile. Also, web sites became app like instances with personal logins and features that mirror custom apps to post data, share, like, and personalize. Overtime, SWGs responded with specific app web filtering URL controls given available visibility.
On the IT front, core applications such as customer relationship management (CRM), email, and data storage migrated to the cloud. As a prime example, Microsoft Office 365 is a well recognized leading app suite managed by IT with administration rights. Cloud access security broker (CASB) solutions then developed using vendor-provided cloud APIs for near real-time policy controls and data-at-rest security functions. This led to a dozen or more IT managed clo