More and more employees are being given access to the enterprise network. They are being encouraged to use their personal devices—SmartPhones, iPhones, iPads and devices of the ilk—to connect with the network, applications and/or data and work out of wherever they are. Mobility is seen as a business driver. It is seen as a factor that keeps the enterprise competitive in the marketplace.
However, in the scramble to remain ahead of the race, the enterprise must not sacrifice security. It is important to identify and understand the security gaps that come with mobility. The vulnerability points must be recognized and plugged accordingly.
At the outset, enterprises must have a relook at the way in which mobile applications are being developed in their organization. Invariably, enterprises turn to third party mobile application developers for their needs. This is because mobile application development skills are scarce and the market for it is large. The developers have little or no experience in managing enterprise security and very little appreciation for it. As a consequence, even enterprises with well established software life cycle development (SLDC) practices find themselves at the mercy of these mobile application developers. A single functionality may be separately developed for different platforms and different devices due to lack of a centralized, unified, holistic perspective on mobile application development. This results in the deployment of insecure applications.
What is to be done? Mobile application development should be centrally coordinated from within the enterprise or by a single third party agency– such as Asigra powered, Securstore Cloud backup service. While mobile application development is not very different from the development of traditional client server applications, mobile applications incorporate powerful tracking features, and many mobile applications are being pushed out to customers of the enterprise. There is a larger public access with increased security demands that must be addressed. The application must ensure that no data is stored on the mobile device in an unencrypted format or transmitted online without encryption. Complex permission and communication schemes will have to be designed and implemented in the product for security.
Mobile application best practices will reduce the number of security related incidents that will have to be faced by the enterprise. It is ok to be slow in mobile adoption, if lagging performance is due to effective implementation of security policies. Security conscious enterprises will experience fewer security breaches, a positive return on their investments and fewer audit problems in the long run.