Advice for Enterprises: Don’t Count on Mobile Developers to Build Security in to Applications
The consequences for enterprises of data breaches and network break-ins are extremely serious, so companies will tell you that security is always at the top of their tech requirements, including for mobile apps. But two Forrester analysts warn that enterprises are treating mobile developers as security experts, and putting companies at risk. Mobile app security requires more than a nicely designed login screen.
Forrester analysts Michael Facemire and Tyler Shields warn in a column for the SD Times: “Don’t place the sole responsibility for securing mobile apps on individual developers.” The reason? Mobile developers are focused on the end-user experience, not security. Because of that, the analysts say, “mobile developers won’t be passionate about” security. For enterprises, where security in mobile apps is such a high priority, making sure data is stored and transmitted securely requires a different process.
A Four-Step Approach to Information Security
What to do instead? Facemire and Shields say that companies should “drive security through a coordinated effort between the business and development teams,” in a four-step approach. First, enterprises should classify all of their apps according to what parts need to be secured. Those classifications and requirements should be constantly updated.
Next, mobile developers should mark in their applications where security is needed, such as for encrypting local data, securing data connections, and so on. When that is done, tools should be found or developed to apply the security practices to each mobile app. Finally, “map deployed apps to existing security policies. As a given policy changes, apps can be flagged for updates that will bring them back into compliance.”
One thing the Forrester analysts didn’t cover is the power of mobile-development platforms to bake security directly into the app, via a security framework. With that, mobile developers can build apps that are secure because the development tool builds security in.
That’s something that Alpha Anywhere does. Its built-in security framework makes it simple to add sophisticated security into any mobile app running on the on the Alpha Anywhere Application Server. It includes data encryption with SSL (Secure Socket Layer) support and HMAC (Hash-based Message Authentication Code) support for web services. There’s also a fully integrated login/logout component. And Alpha Anywhere is tightly integrated with the Apperian mobile application management platform and enterprise app store. Apperian makes it easy to secure and deploy enterprise mobile apps to any device. No coding, no SDKs, and no hardware profiles are required.