Mobile app development is a serious process for enterprises, especially in terms of software security. We know that the principal purpose of a business mobile app is to increase the income of an enterprise. However, a non-secure app could end up costing millions or billions through the loss of sensitive information, data breach and different violations of copyright and intellectual property.
When using mobile devices, we always need to bear in mind that the device might get damaged, stolen, or simply lost. And with the device, we will lose all the data, which could be highly confidential at times. These considerations make mobile devices quite different from PCs and laptops. As Dan Cornell, CTO of Denim Group, explains by referring to Web-based systems, “Here’s my code, here’s my system, it is on the server side and the bad guys are on the other side of a firewall.” With smartphones and tablets, things are more complicated.
Details are Key
When it comes to securing mobile apps, attention to details is key. Each enterprise app covers a vast environment: the mobile device itself, enterprise web services, cloud, and third-party services. That is why the most serious consideration is secure interactions between these components.
Moreover, data leakage is a common problem of enterprise mobile apps, and this can happen in different ways: through data transmission, storage or usage activities. If the app is used by those who are coming in through a public cellular network, you have to make sure you want to give them access to your corporate systems. That’s the first level of challenge to the security to be able to pass the authentication. Also, if you’re sending sensitive information to the mobile app, you better be sure that the data is encrypted in both transit and while on the device.
Furthermore, the blurring of the lines between personal and business use for devices poses a fresh challenge for developers in securing mobile apps. Indeed, sometimes the use of enterprise devices means downloading not only company-approved apps. In this case, the isolation techniques and features, such as containerization and policies built into the app that prevent actions like copying/pasting or forwarding outside the domain, can help.
Dan Cornell says, “What we’ve seen is mobile systems, especially from a security standpoint, have given development teams an opportunity to remake a lot of mistakes that teams have been making for a long time. We originally saw this with Web applications. There were administrative functions that you had to log into that often weren’t protected (such as an admin directory that no one bothered to require a password to access).” Over time, developers got wise about this problem, but more and more security problems are appearing. That is why developers have to deal with them promptly and effectively.