On New Year’s Eve 2013, hackers breached the Snapchat database and leaked 4.6 million usernames and phone numbers on the Web. Snapchat, a photo messaging application designed for smartphones and other mobile devices, has since taken steps to address this mobile security failure. What happened with this, a social media application, serves as a cautionary tale for the enterprise. Securing mobile applications can be challenging — and breaches can be disastrous.
Gartner predicts two-thirds of mobile apps will fail basic security tests between now and 2015, and a report by Ovum Research predicts that a growing number of cloud-based business and security services will rely upon mobile devices, making them targets for hackers.
No doubt about it, we can expect more security-related headaches in the future.
Putting mobility to work
When we think of mobile apps, we often think of consumer applications purchased for fun or convenience — like Snapchat. But as mobile devices become more important in the work setting, work-related apps are important tools and critical in terms corporate security. That’s why developing or deploying enterprise mobile apps must be part of an overarching enterprise security plan, one that extends from the cloud or data center.
A new white paper, Ensuring Mobile Application Security by Shailesh Wankhade, explores the barrage of security threats as they apply to mobile applications, as well as discussing best practices for the enterprise.
The white paper explains how security threats are everywhere — from poor application coding and weak data encryption to unsecure web gateways or a lost device. Wankhade writes: “While a consumer is only concerned with the security of the mobile device, operating system (OS) and applications, enterprises have much more complex issues to manage — such as physical security, data storage, authentication and safe browsing practices.” And the mobile threats lurk everywhere. Key threats for enterprises include loss or theft of device, malware, spam, phishing and “man-in-the-middle” attacks.
By setting up standard secure practices during application development, companies can ensure security across every aspect of mobility operations if they consider the following concerns:
- Data: How does the application fetch and display data?
- Network: How does the application access networks?
- Device: How vulnerable is the device to loss or theft?
- Application: How securely and effectively is the application coded?
Wankhade provides a detailed best-practices roadmap for designing, developing, testing, deploying and maintaining a mobile app. Organizations can apply security practices to devices, data, networks and applications through:
- PIN/password protection and mobile device management (MDM) solutions
- Secure networking practices and Web gateways
- Firewall/intrusion prevention systems
- Identity management
- Data virtualization
- Application containerization and sandboxing
Security as it applies to mobility will continue to vex IT groups and enterprise users. With lots of resources available, like these 10 tips for retailers from SecureWorks, or this slideshow of top mobile security practices, getting a solid plan in place is a doable goal for everyone. All told, secure practices that are applied across the mobile operating chain will create a safe mobile environment for everyone.