Easing mobile app approval with security policies and MAM

The mobile apps that employees use to get work done can introduce malware and put corporate data at risk, but there are steps that IT shops can take to secure data without inhibiting workflows.

Malware has been around

    Requires Free Membership to View

since the invention of software, but the IT landscape has changed and continues to evolve. Today's IT administrators have to ensure the security and integrity of enterprise data and networks in the face of a growing mobile and application-driven workforce. And admins must defend corporate data without compromising end-user productivity.

The consumerization of the enterprise and bring your own device (BYOD) trends have changed users' expectations for how and when they can get work done. The reaction to malware and data security risks in some IT shops might be to completely lock down the network from interacting with unauthorized devices, but that's not always practical. A better approach to protecting corporate data and infrastructure takes more management and less dictation.

Here are three keys to successful mobile app approval in today's user-driven, BYOD-centric workplace:

Security policy

IT's most important concern should still be the risk that mobile device and application use pose to sensitive enterprise data. First, define what information is sensitive, who can access it under what circumstances and what to do in the event of a security breach. Specify these terms in a written security policy, then distribute and explain it to the people who need to know about it. Regularly reinforce the policy, and train or educate workers to help create a culture of security. Workers who are aware of the consequences of their habits might think twice about whether a given action, such as downloading a particular app, is acceptable or allowed.

Application reviews

There's no substitute for hands-on application testing and experience, but popular apps such as Dropbox have published reviews and many users have direct experience with the apps. Administrators should look into the reviews, talk to users about their experiences with particular apps and test the apps themselves when possible. With these reviews and local security policies in mind, IT can make a decision about banning or allowing an app. One thing that complicates app approval is that new releases appear frequently and without advance announcement. Admins will need to perform continual due diligence to make sure updated apps still follow the company's security policies.

MAM tools

One of the best ways to approve apps for employees' use and still guard against potential malware is to use mobile application management (MAM) tools that have two key elements: secure containers and a whitelist/blacklist function.

Containerization -- sometimes called sandboxing -- gives IT control of sensitive information because it restricts the way workers can interact with applications. Using secure containers can prevent actions, such as copy and paste, to certain applications. It can also keep corporate data separate from users' personal data, which lets IT wipe the corporate container without affecting workers' personal data. Sandboxing also limits the ways applications can interact with one another and with a device's operating system, which can keep applications with advanced permissions from accessing corporate data stored elsewhere on the device.

Whitelisting specifies the set of IT-verified applications that users may run, and blacklisting explicitly prevents workers from using applications that IT deems unacceptable. If admins have any doubts about the reliability of a given app, then that app should be blacklisted. The number of apps on the whitelist should be as small as is practical. This minimizes the possibility of security breaches and keeps the number of apps that IT has to keep track of manageable.

Good security establishes a balance between protecting information and enhancing the productivity of those using it. Ham-fisted approaches like device wiping are becoming obsolete, but with the right tools, security and approval policies can be very effective for app control.

This was first published in January 2014

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.