Wireless Infrastructure

12:11 PM
Andrew Borg
Andrew Borg
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

How To Keep Enterprise Mobile Apps Secure

Mobile apps must be treated as essential parts of an enterprise security ecosystem, extending from the device to the cloud or data center.

As Uncle Ben said to Peter Parker before Peter became Spiderman, "With great power comes great responsibility." So it is with enterprise mobile apps -- when properly implemented, they can bestow great benefits to an organization; yet to protect those benefits requires attention to a broad set of security measures.

A mobile software initiative (MSI) that starts and stops with mobile device management (MDM) hasn't done enough. Simply controlling the mobile device itself doesn't protect the data that the device accesses, transmits and stores. Nor is it enough to just implement mobile application management (MAM) without considering the security of wireless communications, the data center and cloud services.

A comprehensive approach to mobile app security is required -- where the mobile app is viewed as an integral part of a security ecosystem, reaching from the mobile device to the core of the cloud and/or data center.

The Essential Mobile App Security Ecosystem

EMM chart

Although an end-to-end security strategy is the goal, this column focuses on those security capabilities that center on the mobile endpoint, its apps and data -- as described in previous Aberdeen research on enterprise mobility management (EMM). These essential EMM security features include:

Environmental and Biometric Sensors in the device (such as video/still image capture, geo-location, sound, motion, fingerprint or iris scan, orientation, proximity, acceleration, ambient temperature, humidity, etc.) should comply with the organization's data capture policies, and their use should be selectively controlled by MDM (as described below).

Device Access Control protects physical access to the device by requiring successful recognition of a policy-defined password, pattern swipe, biometric scan, voice or facial recognition.

Content Management / Data Loss Prevention software uses encrypted on-device data storage ("containerization"), policy-defined cut-and-paste controls (to prevent data "leakage"), and/or website access control via URL filtering to restrict the intentional or inadvertent non-compliant sharing of protected content.

Encrypted Data Storage is cypher-encoded protected data (typically hardware accelerated to speed up access) stored on the device, whether in volatile memory, persistent memory or removable storage.

Application Management and Security uses MAM to secure access and deployment of approved enterprise mobile apps, including the ability to approve (whitelist) compliant apps, and quarantine (blacklist) non-compliant apps. MAM services, such as those from AirWatch, MobileIron and Apperian, typically incorporate an enterprise app store, which provides a central online location for distributing, downloading and tracking policy-compliant mobile apps for use by employees.

Device Management and Security uses MDM to define and enforce policies regarding control of the mobile device remotely, over-the-air. Typical services, available from BoxTone, SAP Afaria and Fiberlink, include over-the-air device wipe (erase all applications and data on the device), device lock (block device access) and remote device configuration.

User Authentication requires confirmation of the user's identity as described in a corporate directory service (e.g. Active Directory) before giving access to secured data or software. Two-factor authentication is typically recommended for confidential data -- such as a user name/password combination plus a successfully answered challenge question or positive fingerprint identification.

Device Authentication confirms the unique identity of the physical device. It must meet security and configuration requirements, independent of any of its users.

Antivirus / Anti-Malware uses software and/or a Web service to protect the mobile operating system and file system from loading, storing or spreading a computer virus or malware. Mobile anti-malware and antivirus software options are available from McAfee, Symantec, Kaspersky and Avast. It's worth noting that almost every product available focuses on the Android platform; iOS remains relatively virus-free so far.

Enterprise-grade mobile app security is so much more than MDM or MAM. It must incorporate each phase of data access and integration, from cloud core to mobile edge. To keep the valuable intellectual property of the organization protected, mobile app security should be every employee's concern and responsibility. It should not be implemented in an ad hoc manner, but as a well-coordinated strategy led by the internal experts: IT.

Complementary access is available to the full Aberdeen research report, "When is Enough Mobile App Security Actually Enough?"

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DavidS647
50%
50%
DavidS647,
User Rank: Apprentice
5/15/2014 | 11:12:54 AM
re: How To Keep Enterprise Mobile Apps Secure
You make many fine points.  Check out a book called "I.T. WARS" - it has some advice on how to balance burdens, when it makes sense to offload to a service vendor, etc.  Might be in the library, some college libraries have it (UofW had a course that used it); I know it's on Amazon.
DavidS647
50%
50%
DavidS647,
User Rank: Apprentice
5/15/2014 | 11:10:28 AM
Mobile Apps Security - Do what we did...
Do what we did - called ShuffleLabs (in Herndon, VA - DC Metro area).  If you can, let experts do security, especially in the mobile realm - if you're getting further and further into that as a serious support to business.
Muthu LeesaJ889
50%
50%
Muthu LeesaJ889,
User Rank: Apprentice
12/10/2013 | 11:34:09 AM
RE: How To Keep Enterprise Mobile Apps Secure
Great post Andrew! This detailed coverage on the basics of mobile app security will hold good for years to come. to add to your views, while developing the mobile strategy, it is advised that enterprises define assets and how mobile apps use these assets, identify and prioritize potential threats and enforce sound app security processes to prevent unauthorized code manipulation. A sound MAM and MDM strategies will only help to an extent. If you are looking for an absolute solution, follow the suite of Intel and SAP, implement private app stores. Read the detailed benefits of owning a private enterprise app store here: http://mlabs.boston-technology.com/blog/why-do-we-need-enterprise-mobile-app-stores
mattgray
50%
50%
mattgray,
User Rank: Apprentice
10/17/2013 | 11:21:11 AM
re: How To Keep Enterprise Mobile Apps Secure
This is an excellent article! Enterprise mobility is an emerging trend, and the security of Enterprise Applications is an important area...
http://www.aress.com/Software_...
Armor5
50%
50%
Armor5,
User Rank: Apprentice
10/3/2013 | 11:17:23 PM
re: How To Keep Enterprise Mobile Apps Secure
Great article! But I am wondering if the CIO/IT admin has the time/budget to carry out all these steps before rolling out a mobile program. And what about BYOD, where lots of these might not be possible to enforce (e.g. anti-malware on devices, MDM, device authentication)?

Isn't something simpler possible where the TCO and time to value is much lower? And what about user privacy. Is (s)he giving in to corporate controlling his/her device, the way the desktop/laptop was?

(We at Armor5 tend to believe we have a solution to these, but will like to hear from author and others if these are also points of consideration).
Hot Topics
13
Fall IT Events: On The Road Again With 10 Top Picks
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/29/2014
10
LTE Broadcast On The Horizon
Pablo Valerio, International Business & IT Consultant,  7/31/2014
6
802.11ac WLAN Sales Poised To Surge
Robert Mullins 7/28/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed