Think your apps are secure after MDM and MAM? Think again.
Today’s question comes from a conversation I recently had with a CIO of an enterprise that had embraced employee smartphones as productivity improvement tools, but things weren’t going so well.
The CIO’s chief concern was security. He said that his employees were using the Drop-Box app that allowed the team to access and share their data on the Cloud. One of his employees got an attachment on her device with some sensitive information.
Now, the CIO had put Mobile Device Management (MDM) and Mobile Application Management (MAM) practices into place. But his company allows the use of apps for Dropbox and Skype due to their productivity benefits. So he was still at risk.
So the question is “As a mobile development company how do we make mobile applications that we create secure?”
I ask it this way because I believe answer requires technology innovation. As mobile application developers, we need to be passionate about security. At Motifworks, we use “authentication” and “encryption” best practices for making an app secure. We need to make sure we are encrypting data at all levels, whether the data is coming from the server or stored locally. A study done last year found that top applications are storing username and/or passwords in cleartext. If you are storing information like Username, passwords, account details etc, you need to make sure that the data stored on the device is encrypted. For applications like Banking and other app that deals with sensitive data – we avoid or try to minimize the information stored on the device. Sure, it does come at cost of user experience but in such cases we give security a higher priority.
For authentication, we use methods like host proof authentication. In addition, we try have to strong passwords for authentication or even much stronger authentication mechanism like Voice authentication. And I am sure in future we can use use the smart phone as a type of Swiss Army knife for security using authentication mechanism like finger print or retina scan etc.
People are moving fast. Startups want to be agile. Customers want their products ready ASAP, and some are focusing more on the features and functionality of the app, and not looking at security and privacy during the development.
Yet these are the very things enterprises should be looking at. Security and privacy need to be a part of the development process, not an afterthought.
Enterprises still need to worry about MDM and MAM, even when apps are properly developed. But instead of worrying about keeping up with all the apps, today’s CIO should focus on keeping employees and users free to be productive, and be safe.
Check back soon for more thoughts on protecting mobile applications.
Motifworks (www.oldwebsite.motifworks.com) is a partner in emerging technology and innovation for business problem-solvers. Companies as large as Microsoft and Sears and as small as one-person start-ups rely on motifworks for lower cost, better delivery and more innovative thinking. For a partner in emerging technology and innovation, contact motifworks at firstname.lastname@example.org.