Secure Application Development – It’s as important as it sounds!
Within the last decade, mobile apps for large enterprises have gone from optional to ubiquitous. Today, the mobile landscape demands enterprises keep up with the ever-evolving software trends for each and every corner of the respective businesses. But, most in-house developers, excited by an opportunity to creatively solve problems via mobile, tend to jump directly into design and development from a features standpoint as opposed to focusing on security from the get go.
For large enterprises, building and ensuring safety is an imminently complex problem. Secure application development comes into play. Do your encryption and mobile device management protocols actually ensure safety? Is it even possible to build secure and scalable solutions for mobile platforms and devices? And if it is, how can you implement those solutions without compromising employee satisfaction or productivity?
Over the hundreds of mobile solutions we’ve developed, we’ve identified a few techniques we’re most likely to recommend to our clients and partners:
Up-to-date, robust malware protection
This is a given. If your employees use work-provided smartphones or tablets to access data outside of the office, up-to-date anti-malware software is non-negotiable.
Authentication and password controls
To ensure employees aren’t mistakenly granted access to sensitive information or systems, you’ll need something more robust than simple passwords to protect accounts. Multi-part authentication can be a simple solution – think biometric recognition software on the high end or auto-wipe mechanisms on the lower end, allowing you to automatically or remotely wipe stored data after a set number of failed login attempts.
Plan ahead with a recommended, pre-set bluetooth configuration
Bluetooth should in most cases be undiscoverable unless headphones are actively being used, and disabled completely if not in use. Spare a moment to consider optimal configurations/settings for employees to default to – this gives peace of mind without asking them to disrupt their workflow too much.
Mitigate threats from third-party software
You’ll need a concrete policy when it comes to the use of third party software. Too many security breaches occur when downloaded or rogue software auto-installs, bringing with it hidden backdoors to channel away your company’s sensitive data. Many forward-thinking enterprises choose to have employees log in remotely to a virtual work environment. That way, the secure VPN connection ensures only the screen output reaches the device and then disappears once that session ends.
It’s no secret you can cut down on malicious snooping by encrypting all mobile device communications, but why stop there? By using a VPN for any interaction between a mobile device and any of the popular cloud services, you funnel users into a more secure channel where they can be authenticated and better managed.
Securing mobile gateways
The productivity of your mobile workers might benefit from mechanisms that keep them focused on the task at hand – and this adds much needed protection at the same time. Carefully consider what apps and systems employees really need to access remotely. It may be in your best interest to funnel traffic through designated firewalls and tailored gateways that filter out possibly malicious content and guard against data loss.
Utilize a second pair of eyes
Sometimes, chinks in the armor are only revealed by malicious parties once they’ve been exploited. Or, it’s possible those weaknesses can be spotted by those who truly know what to look for. Commit to routinely bringing in a security consulting firm to conduct comprehensive testing and provide assessments. Instead of discovering oversights the hard (and massively costly) way, a yearly audit can expose any blind spots and allow you to correct them at the fraction of a cost of a breach.
Look for a mobile development partner who understands that the best solutions are those that are flexible, targeted, and can evolve with your enterprise’s changing needs. Unmanaged integration of your employees’ increased mobility could prove to be a significant source of stress at best, and an existential threat at worst.