Indispensable Security Solutions for Your Mobile App

Indispensable Security Solutions for Your Mobile App
September 30, 2016 Krisztian Toth

Security issues are the ones that seem to slow down the adoption of mobility in the enterprise: in a recent survey, 94% of the respondents (IT decision makers) were worried about a security breach and 92% choose restricting access to corporate resources as a solution.

However, mobile business applications should not be treated any different than other software. They don’t require specific precautions, just a solid IT security policy. Whenever problems with mobile apps emerge, it comes down to the lack of properly applied security principles at the enterprise.
When, on the other hand, these security solutions are implemented and adapted to the mobile environment, enterprise mobility is able to reach its full potential and be the productivity booster it was meant to be. Research shows that employees who are not bound to their desks are 34% more productive.

Assessing the risks

The security issues that worry the enterprises most are:
  • Devices being stolen and becoming prone to malicious physical access,
  • Devices being attacked remotely,
  • Mobile malware coming through user activity,
  • Connecting to unprotected Wi-Fi networks,
  • Internal misuse of devices or downloading not appropriate data.
Their concern is not ill-founded: a current study about mobile data breaches shows that two-thirds of the organizations have already had such an experience, caused by poor employee decisions. What’s more, it would cost them hard cash to investigate and eliminate malware: the spending in case of a necessary investigation could result in a surprisingly high-cost learning experience.
For a company to be secured against mobile data breach, the first step is the risk assessment. This can be done, for example, by seeking answers to the following questions:
  • Is the data to be protected in the cloud, in the backend or on the device?
  • How sensitive is the data? How big is the damage if it gets breached?
  • Is there a BYOD policy and do employees comply with it? Does it includes special rules for (possibly harmful) consumer apps?

The solutions

In order to successfully prevent any malicious activity related to enterprise mobility, organizations have to control the security of both the devices and the data. There are several ways to manage these security issues:

Prevention

On the physical level, a common way to prevent data breaches has been to equip the employees with corporate mobile devices. This approach, however, conflicts more and more with the increasing customization trends and the employees sticking to their own gadgets.
With a BYOD-policy in place, regular (or, rather, real-time) monitoring of data transfers to and from mobile devices can keep data safe, whether they are downloaded or copied from the on-premise database or the cloud.
A more future-proof way is to start prevention by changing the mindsets, instead of the handsets, first. Employees need to know it is just as much their responsibility to keep security in mind as it is of the organization.

Protection

Other than creating a BYOD policy, the IT-department has its own ways of securing access to corporate assets. With the extensive use of mobile devices, the focus is on finding a solution that is independent of the location of the data.
File synchronization, for example, is a common method for giving access to users to data while also being able to monitor the related activities. For specific business apps, wrapping them could be the solution – a feature offered by most mobile management tools.
Maybe even more common to think about establishing secure logins: not only passwords or PINs but multi-factor authentication. It is a practice as many as 38% of organizations use and this number will more likely rise to 51% in two years.
Despite all the above-mentioned methods, threats are inevitable and therefore should be addressed with specific tools, such as Mobile Threat Defense (MTD) software. It is a relatively new category, adding value by identifying mobile threats in the enterprise and offering protection against them.
After all, mobility programs including device management, application management, and data management solutions that comply with common mobile security standards and recommendations usually become the most widespread.