Businesses can harness the potential of mobile by allowing the use of corporate data in both custom-built and commercially available apps. Mobile workflows can be faster and more intuitive than those on desktop computers, but enterprises need to be cautious before allowing the widespread use of sensitive business information on mobile devices.
Trading usability against security puts enterprises in an unenviable position. Below are some tips and tricks on how best to tackle the seven mobile app security deadly sins in order to transform the user experience without compromising on security.
>See also: The great myth about mobile security
1. Reliance on MDM
Don’t blindly accept mobile device management (MDM) as the only way of protecting a mobile phone. Protecting the device is important, but more so is protecting the data held on it. MDM doesn’t fit all scenarios, a containerisation approach that utilises app-level device-independent encryption to secure corporate data is more effective. This will provide the same advanced protection regardless of device ownership and management status. In short, containerisation is key.
2. Inconsistent security across OS platforms
Inconsistency is one of the main factors contributing to the IT management headache. The mobile device landscape is becoming increasingly diverse and the lack of a common security paradigm causes unnecessary IT management overhead.
A device agnostic secure mobility platform solves these headaches. The simplicity of day-to-day management allows IT departments to focus on strategy, instead of troubleshooting. This also has a positive impact on costs. The impact is that employees can continue using multiple devices without affecting productivity.
3. The one-device level passcode
One-device level passcodes expose companies to the risk of a data breach. More complex passcodes are a simple solution, but they have to be enforced under MDM control, which impacts user experience.
Apps and their data must be protected with passwords and cryptography that is independent of any underlying device-encryption. This offers peace of mind for IT managers and employees when a device passcode is hacked, as the app data will still be encrypted.
4. Limited business workflows
Users should have access to the business workflows that they need, with no limitations. A mobile app security solution should allow apps to securely share metadata, documents and services with each other, providing a streamlined, efficient workflow. In turn, users can accomplish a multitude of tasks without having to manually navigate between one or more apps, providing an efficient solution.
>See also: Security fears throttling mobile commerce in the UK
By offering a launcher or business desktop, users should have easy one-click access to all their apps on their phone – everything from email, calendar, contacts and docs to other productivity apps like Salesforce1, Box, Polaris and Docusign and more.
5. Uncontrolled data
Data breaches are a primary concern for businesses. Data breaches happen because data is moved outside of the control of IT approved policy configurations. The right mobile app security solution should allow a business to determine the flow of data in and out of the enterprise domain. Containerising this data and applying shared workflows helps keep data within the confines of the business. As the data is segregated it also makes it possible to remote wipe any corporate data in the case of crisis, lost or stolen device or employee termination.
6. A negative user experience
As more and more content and apps are being mobilised, more emphasis is being put on the experience, as this is becoming our primary computing source, ahead of traditional laptops/desktops. The apps need to be easy and compelling to use for the experience to be successful – and the user experience is paramount to achieving this. Security controls that hamper experience, especially on a personal device, will encourage users to find another, often less secure, way.
If data is shifted to the cloud, or even just to outside of the more heavily protected corporate environment, risks multiply. This is where device encryption is essential and locking documents into a container is necessary to protect both personal and corporate data alike.
7. Not winning the support of the extended enterprise
In the extended enterprise, MDM is not a realistic option for corporate data security. MDM leverages a user’s group membership in the corporate directory system to automate policy and access controls. Adding non-employees, such as board members, independent contractors and others, to the corporate directory is not something that IT will easily permit.
>See also: Security not being taken seriously in the era of the mobile worker
It is essential that a mobile app security solution is flexible enough to secure the use of sensitive business information in all aspects of the enterprise, whilst the enterprise still maintains control.
The culmination of these ‘deadly’ sins points to one clear solution – enterprises should not have to compromise on usability in the name of security. Enterprises looking to secure their mobile apps should use these seven advice points to transform the user experience whilst ensuring an efficient data protection strategy.
Sourced from Phil Barnett, Good Technology