Taking mobile security in hand
Mobile applications are obvious targets for hacking and malware. We look at how organizations can address security issues and avoid vulnerability to attack. Where companies strive for maximum reach and user interaction, the balance between more secure, but ever more accessible and empowering mobile apps, is one of the key challenges.
A new generation of mobile users is now increasingly dependent upon mobile applications to manage both their working and domestic lives. That said, when allowing flexible, convenient 24/7 access between users and the services of the organization in question, the issue of application security becomes paramount and complex, with potentially huge repercussions for getting it wrong.
Mobile enterprise apps, generally those connected with business in some way, are an obvious target for external security threats. These threats can come from organized groups seeking financial gain, maverick hackers wishing to gain notoriety in some way, or simply from people who use their mobile device for work but do not engage in proper mobile app security processes.
When a mobile application is compromised by malware, or a mobile user downloads a rogue app that isn’t actually officially launched, the user always stands a high risk of being a victim of a data breach or digital fraud. On a personal level, it may be credit card details stolen and resold or having private messages copied and scanned; on a company level, it can be the opening of access to business networks and the loss of confidential data.
Company reputation and consumer confidence – two victims of a security breach
For a business, fines and regulatory action can be detrimental and there is also the damage to reputation that may not be recovered easily, especially if the security breach happens more than once. Equally the implications for users, having personal health or financial information accessed by a third party, can lead to a loss of confidence and possible legal action.
Organizations developing mobile apps, either in or out of house, are increasingly aware that an unintentional error in coding – necessitating the need for comprehensive re-coding – could lead to a major security breach. Commonly, the vulnerability is brought about through not following ‘clean code’ principles, not adopting automated security checks in the process of development and using untested 3rd party code and libraries. The accumulation of a number of deficiencies, therefore, in the design and development of the mobile application can go on to create serious consequences as a whole. On the user side, biometric authentication measures are constantly being implemented and utilized on an OS level, along with data encryption at a data transfer and device storage level. However, with the uptake of mobile apps on such a vast scale, there is always the problem of ‘user-familiarity’.
Rogue applications can also be downloaded through lack of caution. However, app stores try to ensure app security via reviews and automated binary checks, which on Android or iOS can be overridden by the user – but less likely owing to measures such as Jailbreak. Yet on the company/app issuer side, it is estimated that a majority of organizations do not perform regular penetration testing on the mobile apps they have developed.
The stakes are high and, for certain, the mobile app is offering tremendous advantages to the organizations that get it right for their users. As such, security needs to be just as intrinsic to app development as the user experience. Security, in many ways, is part of UX and both development teams and security teams need to work closely together throughout the app development process.
Employees can be trained and educated on the risks and consumers can be advised to use caution whenever downloading a new app. Companies can guide development teams to incorporate solid encryption routines, behavioral analysis tools and traffic monitoring, whilst also pursuing a strategy of testing their apps for vulnerabilities.
It’s more than likely that consumers will be willing to accept the time taken, and extra precautions needed, for their favored brands to develop more secure applications if it results in simpler, yet more secure apps. For example, the financial services industry took some time to implement biometric authentication and automated testing ID, because they were concerned about security. Now these security innovations are a common part, not just of security per se, but of the user experience overall.