Why security must be at the top of your mobile agenda

Steve Evans

Friday 10 October 2014

Mobility is vital to modern enterprises, but so is the sensitive data that flows between devices. That’s why businesses must ensure their apps are totally secure as part of their mobile strategy.

You don’t need to be an industry expert to see the impact mobility is having on the enterprise. Smartphones and tablets are selling in the millions and many of those are making their way into the office. Businesses have been quick to see the benefit of letting workers use mobile devices. Not tying workers down to a 9am to 5pm desk job means they are happier – and happy workers means better productivity. This rush to embrace mobility has led to a surge in the number of enterprise-orientated apps used by companies keen to give mobile workers all the tools they need to do their jobs. But this is bringing significant risks with it. Industry analysts Gartner claim that “more than 75 per cent of mobile applications will fail basic security tests”. This means that vital enterprise data is being put at risk by employees downloading and using applications that can interact with business data but lack any real security.

Vulnerable to attack

“Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance,” said Dionisio Zumerle, principal research analyst at Gartner. The issue, as Gartner puts it, is that many businesses are often more concerned with the function and look of their mobile applications and security is pushed lower down the agenda. And that is where the issue lies. In the rush to develop and use mobile applications, basic security measures are being ignored. A business would not dare release a new desktop app, or launch a new website, service or product without thoroughly testing its security. The same should apply to mobile applications.

Security protocols

For those mobile apps downloaded by users, a business can and should ensure that security protocols are followed such as, for example, checking that the list of permissions it requests is appropriate and that it will not access sensitive data. Essentially, businesses should consider mobile applications as an extension of the enterprise infrastructure and any security perimeters set for on-premise should apply to the mobile infrastructure. That’s how to ensure mobility is fully embraced without compromising security.