Custom enterprise mobile applications are a critical next step that most organizations are eager to take if mobile security can safeguard information at the same level as fixed IT infrastructure. Mobile Device Management (MDM) and Mobile Application Management (MAM) are important for your organization because the security of your apps across all the various carriers/devices can be one of the greatest challenges with Mobile Application Lifecycle Management (MALM).
Here is a comprehensive list of things you’ll want your IT team to keep in mind when developing an MDM action plan:
- Integration with Existing Enterprise Security and Identity Management systems:
Mobile security is best implemented when integrated with your existing security systems in order to provide for authentication and authorization for mobile apps which is consistent with the rest of your company’s understanding of each individual employee’s role, responsibilities and rights.
- Authentication:Simply identifying a user, usually by having the user enter a valid user name and valid password before access is granted. Obviously each user should have a unique set of criteria for gaining access.
- Authorization:Once a user authenticates into an app the user must gain authorization for doing certain tasks or seeing certain data. The authorization process determines whether the user has the authority to take specific actions, see specific data and/or authorize actions. Authorization should be embedded into your apps for enforcing policies, determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication.
- Single Sign–on: A more user-centric approach with a single, shared passcode. This won’t affect the productivity of users while still ensuring strong authentication.
- Data Loss Prevention (DLP) Policy & Process – Separates corporate and personal data on mobile devices in ways to prevent data leakage and also to address any privacy issues employees may have.
- Selective Wipe: Remotely wipe any and all information without affecting personal downloads on a user’s device.
- Restrict Copy-and-Paste: Disable copying and pasting information but instead, pasting your company policy. An alert can also be sent to the administrator when this occurs.
- Open-In Controls: Company information cannot be opened or moved unless in the app.
- In App VPN: Any information transmitted to your corporate servers is secure where there is a VPN connection.
- App Blocking: Block apps that don’t comply with your company’s security monitoring features. This is also helpful if an issue with a certain app arises; the ability to block all users from an app ensures security.
Mobile Application Security
In addition to these 10 tips regarding developing your apps, Security should be on the forefront of your mind. Loss of mobile devices is one of the most common causes of data getting in the wrong hands – which often contain a startling amount of private information. A survey found that 87 percent of IT pros worry about careless employees and only 34 percent take no security measures at all.
Here are a few additional data points that showcase you may not be the only one behind on security when it comes to mobile application development:
“Among the organizations which were surveyed, each spent an average of $34 million annually on mobile app development. However, only 5.5% of this budget is currently being allocated to ensuring that mobile apps are secure against cyber attacks prior to being made available to users.”
“75 percent don’t use proper encryption when storing data on a mobile device, 97 percent have access to private data without appropriate security measures, and 75 percent of mobile security breaches will be the result of exploiting poorly developed apps.”
“47 percent of organizations have experienced a security breach as a result of a compromised mobile device, and Symantec estimates the average cost of a mobile incident at a staggering $429,000.”
Now that you realize you are not alone – here is a quick list of Security Best Practices for Mobile Application Development
Approach with Passive Application Security Best Practices
- Secure Browser Access: Admin enables secure access to intranet & approved sites OR can restrict access (business cases always an exception)
- Device Compliance: Real-time visibility of all devices
- History: Reporting on security and compliance over time
- Accessibility: Application whitelisting, blacklisting, and restrictions
- Notifications: Automatic enforcement actions for device non-compliance (alerting, device blocking, selective or full device wiping)
- Monitoring: Automatic monitoring of jailbroken, rooted, and non-compliant devices
Management & Monitoring of Devices
Remember, based on your own company, these features can be chosen or ignored based on which features are needed for your business. At CloudSmartz, we feel that in order to overcome the various challenges that come with custom mobile app development, it is beneficial to be aware of Mobile Device Management (MDM) and Mobile Application Management (MAM).
We offer application development of legacy applications as well as creating new innovative applications – all with security top of mind. Plus, a 24×7 management and monitoring of applications and device endpoints.