At Alpha, our mission is to empower people with the most complete and rapid development and deployment environment for building robust, scaleable and responsive business applications for web and mobile devices.
One of the key strengths of Alpha Anywhere is its built in security framework that allows people to build secure applications.
Because "Securtiy" is more important than ever, we are hosting this webinar with one of the leaders in the field to help people better understand what needs to be taken into account when building Mobile applications.
A recent study conducted by the research firm Ovum revealed that 70% of employees who own a smartphone or tablet use it to access corporate data. This staggering figure points to the surge in the popularity of BYOD policies among enterprises. While the advantages of BYOD are clear (it is strongly linked to increased employee productivity), it is clearly also important that security needs to be thought through when building and deploying applications that will run on these devices.
Mobile device management, mobile security and privacy threats are a challenge that IT departments at enterprises with a BYOD policy need to meet.
Security and privacy threats
Third-Party AppsThe growth of BYOD has also coincided with growth in the bring-your-own-application (BYOA) movement. As employees continue to become more tech-savvy, they’ve begun downloading and using 3rd party business applications that offer file sync/share, IM/VoIP, and networking features.
Though employees have good intentions, the use of third-party business apps puts both the user and the enterprise at risk. The existence of malware and spyware in such is always a possibility. In fact, Trend Micro estimates that there are over 700,000 malware and/or adware-laden apps available to Google Android users alone. These apps do everything from steal data to initiate malicious downloads. Such threats not only put the device owner at risk, but could also compromise confidential corporate data. To compound the issue, many third-party apps are unintentionally malicious as a result of poor coding practices. Poorly written software can inadvertently gain access to or expose data and/or metadata stored on a device.
Network ThreatsThreats to mobile applications can also exist on a network level, especially when employees use third-party apps. Though most enterprise networks are secure, there is no guarantee that the networks employees connect to outside of the office are. Unsecured Wi-Fi networks put app users at risk for man-in-the-middle attacks and Wi-Fi sniffing.
Physical ThreatsAccording to a recent study conducted by Pew, one-third of cell phone owners have either lost their device, or had it stolen. Physical threats like these are an ever-present concern for both device owners and IT departments.
How IT departments can mitigate security and privacy concerns
Establish BYOD policiesIt is vital for organizations to establish mobile device management and BYOD policies before supporting BYOD. These policies should clearly define which employees are eligible to participate, what types of devices are supported, and what business functions are supported. A standard set of procedures is also required in cases where devices are lost, stolen, or otherwise compromised.
Develop Internal Mobile ApplicationsA number of mobile security and privacy threats develop from employees using third-party apps. One obvious way organizations can mitigate this threat is to develop their own applications. Developing apps internally eliminates malware and spyware concerns and can also be customized to promote higher efficiency and productivity.
App WrappingWith the smartphone and tablet markets now flooded by a variety of manufacturers, developing native applications for each device complete with security features is likely to be very costly and time consuming.
One solution is to develop applications using a responsive "build once" application development environment and then wrap the applications with a "mobile application management (MAM)" product, which adds an administrative layer to enterprise applications. MAM administrators can then set device-independent security policies before applications are deployed as fully contained applications in their enterprise app store.
The Webinar will be led by Jeff Kalwerisky
Vice President and Director of Information Security and Technical Training at CPE Interactive
Jeff has specialized in information security, information risk management and IT auditing for over 30 years. As Vice President and Director of Information Security Training, he is responsible for the
development and management of CPEInteractive’s information risk, IT security governance and frameworks, and secure software development curriculum and business.
He has held executive positions in information security and risk management with Accenture and Booz Allen Hamilton consulting firms. In both of these capacities, he has consulted with Fortune 100 companies and national governments, assisting in their development and deployment of enterprise security governance policies and frameworks, and technology solutions that strengthen information security and data privacy/protection.
He served as infrastructure security architect on behalf of the British Government’s National Health Service, the world’s largest electronic medical records deployment project, where he developed security governance to oversee 1,500 software architects and developers.
As manager of global security for VeriSign, he was responsible for ensuring that affiliate companies in 30 countries adhered to VeriSign’s military-grade security standards appropriate to a global certification authority, which he helped to design, deploy, and teach.
Jeff was a a consulting Practice Leader with PricewaterhouseCoopers
He has published security and audit guides, and delivered training courses throughout the USA and internationally on a wide range of technical topics, including Windows security, secure e-commerce, information security and data privacy, cryptography and biometric security, and IT auditing.
Jeff is originally from South Africa, where he received a Bachelor of Science in Physics and Math, and a Master’s of Science in Computer Science from University of Witwatersrand, Johannesburg, and Masters in Finance and Auditing from the University of South Africa, Pretoria. He is a Chartered Accountant (SA) and Certified Information Systems Auditor.