Security and Privacy Threats to Mobile Apps - How to Mitigate them

Blog



Security and Privacy Threats to Mobile Apps - How to Mitigate them

Mobile app security, mobile device management
At Alpha, our mission is to empower people with the most complete and rapid development and deployment environment for building robust, scaleable and responsive business applications for web and mobile devices.

One of the key strengths of Alpha Anywhere is its built in security framework that allows people to build secure applications.

Because "Securtiy" is more important than ever, we are hosting this webinar with one of the leaders in the field to help people better understand what needs to be taken into account when building Mobile applications.

A recent study conducted by the research firm Ovum revealed that 70% of employees who own a smartphone or tablet use it to access corporate data. This staggering figure  points to the surge in the popularity of BYOD policies among enterprises. While the advantages of BYOD are clear (it is strongly linked to increased employee productivity), it is clearly also important that security needs to be thought through when building and deploying applications that will run on these devices.

Mobile device management, mobile security and privacy threats are a  challenge that  IT departments at enterprises with a BYOD policy need to meet.

Security and privacy threats

Third-Party Apps

The growth of BYOD has also coincided with growth in the bring-your-own-application (BYOA) movement. As employees continue to become more tech-savvy, they’ve begun downloading and using 3rd party business applications that offer file sync/share, IM/VoIP, and networking features.

Though employees have good intentions, the use of third-party business apps puts both the user and the enterprise at risk. The existence of malware and spyware in such is always a possibility. In fact, Trend Micro estimates that there are over 700,000 malware and/or adware-laden apps available to Google Android users alone. These apps do everything from steal data to initiate malicious downloads. Such threats not only put the device owner at risk, but could also compromise confidential corporate data. To compound the issue, many third-party apps are unintentionally malicious as a result of poor coding practices. Poorly written software can inadvertently gain access to or expose data and/or metadata stored on a device.

Network Threats

Threats to mobile applications can also exist on a network level, especially when employees use third-party apps. Though most enterprise networks are secure, there is no guarantee that the networks employees connect to outside of the office are. Unsecured Wi-Fi networks put app users at risk for man-in-the-middle attacks and Wi-Fi sniffing.

Physical Threats

According to a recent study conducted by Pew, one-third of cell phone owners have either lost their device, or had it stolen. Physical threats like these are an ever-present concern for both device owners and IT departments.

How IT departments can mitigate security and privacy concerns

Establish BYOD policies

It is vital for organizations to establish mobile device management and BYOD policies before supporting BYOD. These policies should clearly define which employees are eligible to participate, what types of devices are supported, and what business functions are supported.  A standard set of procedures is also required in cases where devices are lost, stolen, or otherwise compromised.

Develop Internal Mobile Applications

A number of mobile security and privacy threats develop from employees using third-party apps. One obvious way organizations can mitigate this threat is to develop their own applications. Developing apps internally eliminates malware and spyware concerns and can also be customized to promote higher efficiency and productivity.

App Wrapping

With the smartphone and tablet markets  now flooded by a variety of manufacturers, developing native applications for each device complete with security features is likely to  be very costly and time consuming.

One solution is to develop applications using a responsive "build once" application development environment  and then wrap the applications with a "mobile application management (MAM)" product, which adds an administrative layer to enterprise applications. MAM administrators can then set device-independent security policies before applications are deployed as  fully contained applications in  their enterprise app store.

mobile device management and security

The Webinar will be led by Jeff Kalwerisky

Vice President and Director of Information Security and Technical Training at CPE Interactive

Jeff Kalwerisky small 2008

Jeff has specialized in information security, information risk management and IT auditing for over 30 years. As Vice President and Director of Information Security Training, he is responsible for the
development and management of CPEInteractive’s information risk, IT security governance and frameworks, and secure software development curriculum and business.

He has held executive positions in information security and risk management with Accenture and Booz Allen Hamilton consulting firms. In both of these capacities, he has consulted with Fortune 100 companies and national governments, assisting in their development and deployment of enterprise security governance policies and frameworks, and technology solutions that strengthen information security and data privacy/protection.

He served as infrastructure security architect on behalf of the British Government’s National Health Service, the world’s largest electronic medical records deployment project, where he developed security governance to oversee 1,500 software architects and developers.

As manager of global security for VeriSign, he was responsible for ensuring that affiliate companies in 30 countries adhered to VeriSign’s military-grade security standards appropriate to a global certification authority, which he helped to design, deploy, and teach.

Jeff was a  a consulting Practice Leader with PricewaterhouseCoopers

He has published security and audit guides, and delivered training courses throughout the USA and internationally on a wide range of technical topics, including Windows security, secure e-commerce, information security and data privacy, cryptography and biometric security, and IT auditing.

Jeff is originally from South Africa, where he received a Bachelor of Science in Physics and Math, and a Master’s of Science in Computer Science from University of Witwatersrand, Johannesburg, and Masters in Finance and Auditing from the University of South Africa, Pretoria. He is a Chartered Accountant (SA) and Certified Information Systems Auditor.

Why MS Access Developers and Companies with MS Access Windows Applications are turning to Alpha Anywhere to migrate to Web and Mobile Solutions.
Alpha Anywhere incorporates CSS Icon Fonts from Font Awesome to help make your Alpha Apps Awesome

About Author

Richard Rabins
Richard Rabins

Co-founder of Alpha Software, Richard Rabins focuses on strategy, sales, and marketing. Richard also served as CEO of SoftQuad International from 1997 to 2001, when it owned Alpha. In addition to his 30 years with the company, Richard played a key role as co-founder, and served as president and chairman of the Massachusetts Software Council (now the Massachusetts Technology Leadership Council), the largest technology trade organization in Massachusetts. Prior to founding Alpha, Richard was a project leader and consultant with Information Resources, Inc. (IRI), and a management consultant with Management Decision Systems, Inc. Richard holds a master's degree in system dynamics from the Sloan School at MIT, and a bachelor's degree in electrical engineering and master's degree in control engineering from University of the Witwatersrand in Johannesburg, South Africa. He has served on the boards of Silent Systems, Legacy Technology and O3B Networks, and is co-founder of Tubifi www.tubifi.com.

Related Posts
Survey Shows Mobile App Security Has A Long Way To Go
Survey Shows Mobile App Security Has A Long Way To Go
Alpha Anywhere Customer Receives Comprehensive Security Certification
Alpha Anywhere Customer Receives Comprehensive Security Certification
Role-Based Security for Business Apps
Role-Based Security for Business Apps

Comment

Subscribe To Blog

Subscribe to Email Updates