Alpha Software Blog

Don't Count on Mobile Developers to Build Security in to Applications

Apperian securing_true_endpoint The consequences for enterprises of data breaches and network break-ins are extremely serious, so companies will tell you that security is always at the top of their tech requirements, including for mobile apps. But two Forrester analysts warn that enterprises are treating mobile developers as security experts, and putting companies at risk. Mobile app security requires more than a nicely designed login screen. Forrester analysts Michael Facemire and Tyler Shields warn in a column for the SD Times: "Don’t place the sole responsibility for securing mobile apps on individual developers." The reason? Mobile developers are focused on the end-user experience, not security. Because of that, the analysts say, "mobile developers won’t be passionate about" security. For enterprises, where security in mobile apps is such a high priority, making sure data is stored and transmitted securely requires a different process. A Four-Step Approach to Information Security What to do instead? Facemire and Shields say that companies should "drive security through a coordinated effort between the business and development teams," in a four-step approach. First, enterprises should classify all of their apps according to what parts need to be secured. Those classifications and requirements should be constantly updated. Next, mobile developers should mark in their applications where security is needed, such as for encrypting local data, securing data connections, and so on. When that is done, tools should be found or developed to apply the security practices to each mobile app. Finally, "map deployed apps to existing security policies. As a given policy changes, apps can be flagged for updates that will bring them back into compliance." One thing the Forrester analysts didn't cover is the power of mobile-development platforms to bake security directly into the app, via a security framework. With that, mobile developers can build apps that are secure because the development tool builds security in. That's something that Alpha Anywhere does. Its built-in security framework makes it simple to add sophisticated security into any mobile app running on the on the Alpha Anywhere Application Server. It includes data encryption with SSL (Secure Socket Layer) support and HMAC (Hash-based Message Authentication Code) support for web services. There's also a fully integrated login/logout component. And Alpha Anywhere is tightly integrated with the Apperian mobile application management platform and enterprise app store. Apperian makes it easy to secure and deploy enterprise mobile apps to any device. No coding, no SDKs, and no hardware profiles are required. Click here for more information about Alpha Anywhere's built-in security features.
Prev Post Image
Building 'Real-time' Applications Using Web-Sockets
Next Post Image
Mobile Form ViewBoxes: Build a Star Rating Control

About Author

Dion McCormick
Dion McCormick

Dion McCormick, Lead Solutions Engineer at Alpha Software, is a recognized expert on agile application development. He helps enterprise development teams around the world transition from slow legacy approaches to high-performance mobile, web, and desktop development using the Alpha Anywhere platform.

The Alpha platform is the only unified mobile and web app development and deployment environment with distinct “no-code” and “low-code” components. Using the Alpha TransForm no-code product, business users and developers can take full advantage of all the capabilities of the smartphone to turn any form into a mobile app in minutes, and power users can add advanced app functionality with Alpha TransForm's built-in programming language. IT developers can use the Alpha Anywhere low-code environment to develop complex web or mobile business apps from scratch, integrate data with existing systems of record and workflows (including data collected via Alpha TransForm), and add additional security or authentication requirements to protect corporate data.