Nowadays, data security is a key concern for any organisation. With high profile cyber attacks appearing more often in the news, companies need to ensure that they have the correct procedures in place to keep company data safe.
Unfortunately, while companies are taking the leap into enterprise mobility and by proxy, mobile app development, many companies are still falling short on their commitment to mobile app security. According to a report from IBM and Ponemon Institute, surveying 400 companies (40% of which were Fortune 500 companies), $35 million (£23 million) is spent on average on mobile app development per year, with just 5.5% allocated to security.
Due to the widespread adoption of mobile devices and the advances in mobile technology, IT security needs to widen their security approach to include mobile devices. A number of investments and considerations need to be made in IT to ensure that sensitive information is not being put at risk in the process.
When a company relies on data being retained within a given infrastructure, the data must be stored and accessed in a secure manner. In an enterprise application, sensitive information is often accessed or sent through mobile devices whilst employees are outside the workplace. As a leading enterprise app developer, we always encrypt any data and only recommend sending it via SSL for maximum security. This helps to minimise the risk of data being intercepted or being misused.
Password Requirements and BYOD
With the rise of personal devices being used in the workplace, there is clearly a higher risk of sensitive company information being accessed and potentially stored on said devices. The fear here for many companies is the increased risk of breaches of confidential data.
Data security on mobile devices and BYOD policies therefore needs to be implemented to minimise these risks. As a first step, it’s vital that pin codes or biometric security systems are a mandatory requirement. Beyond the corporate data employees could have on their phones, it’s likely that they will also have personal contacts, passwords, personal address details, photos or other confidential information that could be used against the employee, should the device fall into the wrong hands.
When personal devices are used in the workplace, the responsibility for the data held on the device falls on the individual. One of the ways in which companies can ensure further peace of mind is to enforce passwords on any company made apps that have access to sensitive information. With many devices now featuring fingerprint authentication, IT is able to better secure corporate data without compromising the user experience.
As a further step, companies should be looking at mobile app management (MAM) when implementing a BYOD policy. MAM allows the company to have total control over the app and its data, without affecting the user’s interactions with their device. However with MAM, this only allows for the control of your company apps and not third party apps.
Where appropriate, Mubaloo advocates building bespoke apps specifically for the business. Having a mobile tool that fits perfectly into business operations allows it to work much more efficiently and cater to the specific operations of the business. From a security point of view, having a company app means that a MAM approach can be taken, allowing the company to have full control of the app.
For further considerations on ensuring mobile app security, read our white paper ‘Security Guidelines for Mobile Apps’.