How To Tackle The 7 Mobile App Security Deadly Sins

MDM

A secure and productive mobility strategy is a game changer for businesses, but unfortunately too often user productivity is overlooked in the pursuit for security. Businesses can harness the potential of mobile by allowing the use of corporate data in both custom-built and commercially available apps. Mobile workflows can be faster and more intuitive than those on desktop computers, but enterprises need to be cautious before allowing the widespread use of sensitive business information on mobile devices.

Trading usability against security puts enterprises in an unenviable position. Below are some tips and tricks on how best to tackle the seven mobile app security deadly sins in order to transform the user experience without compromising on security.

1. Reliance On MDM

Don’t blindly accept Mobile Device Management (MDM) as the only way of protecting a mobile phone. Protecting the device is important, but more so is protecting the data held on it. MDM doesn’t fit all scenarios, a containerisation approach that utilises app-level device-independent encryption to secure corporate data is more effective. This will provide the same advanced protection regardless of device ownership and management status. In short, containerisation is key!

2. Inconsistent Security Across OS Platforms

Inconsistency is one of the main factors contributing to the IT management headache. The mobile device landscape is becoming increasingly diverse and the lack of a common security paradigm causes IT management overhead. A device agnostic secure mobility platform solves these headaches. The simplicity of day-to-day management allows IT departments to focus on strategy instead of troubleshooting. This also has a positive impact on costs. The impact is that employees can continue using multiple devices without affecting productivity.

3. The One-Device Level Passcode

One-device level passcodes expose companies to the risk of a data breach. More complex passcodes are a simple solution, but they have to be enforced under MDM control, which impacts user experience. Apps and their data must be protected with passwords and cryptography that is independent of any underlying device-encryption. This offers peace of mind for IT managers and employees when a device passcode is hacked, as the app data will still be encrypted.

4. Limited Business Workflows

Users should have access to the business workflows that they need, with no limitations. A mobile app security solution should allow apps to securely share metadata, documents and services with each other, providing a streamlined, efficient workflow. In turn, users can accomplish a multitude of tasks without having to manually navigate between one or more apps, providing an efficient solution. By offering a launcher – or business desktop, users should have easy one-click access to all their apps on their phone – everything from email, calendar, contacts and docs plus direct access to other productivity apps like Salesforce, Box, Polaris and Docusign and more.

5. Uncontrolled Data

Data breaches are a primary concern. Data breaches happen because data is moved outside of the control of IT approved policy configurations. The right mobile app security solution should allow a business to determine the flow of data in and out of the enterprise domain. Containerising this data and applying shared workflows helps keep data within the confines of the business. As the data is segregated it also makes it possible to remote wipe any corporate data in the case of crisis, lost or stolen device or employee termination.

6. A Negative User Experience

As more and more content and apps are being mobilised, more emphasis is being put on the experience, as this is becoming our primary computing source, ahead of traditional laptops/desktops. The apps need to be easy and compelling to use for the experience to be successful – and the user experience is paramount to achieving this. Security controls that hamper experience, especially on a personal device, will encourage users to find another, often less secure, way. If data is shifted to the cloud, or even just to outside of the more heavily protected corporate environment, risks multiply. This is where device encryption is essential and locking documents into a container is necessary to protect both personal and corporate data alike.

7. Support Of The Extended Enterprise

MDM is not a realistic option for corporate data security. MDM leverages a user’s group membership in the corporate directory system to automate policy and access controls. Adding non-employees, such as board members, independent contractors and others, to the corporate directory is not something that IT will easily permit. It is essential that a mobile app security solution is flexible enough to secure the use of sensitive business information in all aspects of the enterprise, whilst the enterprise still maintains control.

The culmination of these ‘deadly’ sins points to one clear solution – enterprises should not have to compromise on usability in the name of security. Enterprises looking to secure their mobile apps should use these seven advice points to transform the user experience whilst ensuring an efficient data protection strategy.

Phil Barnett

Phil Barnett is the UK sales director at Good Technology, the leader in secure mobility. He joined the company in January 2013, previously he held positions with EMC, Sun MicroSystems and BT. His focus is on helping clients transform the way they work by enabling employees to get the full potential from the world of apps available on their smart phones and tablets, whilst fully protecting the company data and IP.