Essential Guide

An admin's guide to mobile application security and delivery

A comprehensive collection of articles, videos and more, hand-picked by our editors

Mobile application security best practices to protect corporate data

You can mitigate mobile application security risks that threaten data, such as lost devices and malware, with good MDM and stored data encryption.

This Content Component encountered an error

Mobile applications can't perform well unless they're built on a rock-solid foundation. But practical mobile application security measures, such as good mobile device management and stored data encryption, can mitigate the risks of mobile app delivery.

Ultimately, mobile applications can be only as secure as the foundation on which they are built -- the mobile devices and operating systems on which they run. So it's imperative to understand the inherent risks associated with mobile devices, the native secu­rity measures built into mobile operating systems and best practices for mitigating mobile application security risks.

Lost or stolen smartphones and tablets pose significant risk. Phone theft is rampant, representing 14% of ma­jor crimes in New York City last year, as well as 38% of robberies in Washington, D.C. Employers are right to be concerned, since forensic analysis of resold devices can often recover some of a previous user's data. If no security is applied, a lost or stolen device can easily lead to a breach of stored business data, including email messages, contacts, customer records, passwords and more.

More on mobile application security

Malware and lost devices top mobile phone security threats

Facebook Home heightens mobile data security concerns

Mobile application security best practices

Moreover, missing mobile devices enable intrusion into corporate networks and services. A smartphone configured for corporate email, Wi-Fi or virtual private network access can be an unlocked back door into otherwise secure systems, bypassing perimeter security. While the same can be said for laptops, users lose smartphones and tablets far more often. They almost always contain saved passwords and are less likely to verify user identity with two-factor authentication.

These mobile application security and network risks are exacerbated by mobile malware. According to Nielsen, the average U.S. smartphone has 41 user-downloaded apps. While most apps come from reputable sites such as Apple's App Store and Google' s Play Store, mobile malware is grow­ing fast, especially for the open source Android OS. Even legitimate apps often have access to sensitive data and services such as contacts and location. A device running a malicious or overly inquisitive app, combined with access to corporate data, networks or services, poses substantial business risk.

In fact, malware spreads by exploiting mobile OS and application vulnerabilities. Mobile ecosystems lag well behind established desktop/laptop patch infrastructure. When malware writers find a new Android bug to exploit, a fix must work its way first through Google, then through device manufacturers and then through cellular network operators before being offered to mobile users. As a result, IT has little insight into and no effective control over mobile application security vulnerability management.

Finally, perhaps the biggest risk of all is the human hand holding a smartphone or tablet. End users often ignore suggested updates, permission warnings and passcode prompts. According to the Information Defense Corporation, 71% of chief information security officers say that mobile devices have contributed to security incidents, largely due to careless employees who lack security awareness. User behavior poses an even greater risk given the undersecured, mixed-use bring-your-own-device trend.

This was first published in April 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

An admin's guide to mobile application security and delivery

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseDesktop

SearchVirtualDesktop

SearchVMware

SearchCIO

SearchSecurity

Close