5 tips to secure the enterprise from mobile app threats

by CXOtoday News Desk    Nov 15, 2013

mobile security

As the number of mobile devices continues to grow and companies develop unique apps to engage with employees and customers, security remains a major concern for IT departments. Experts agree these security threats will become more prevalent in the near future.

According to Jack Walsh, Mobility Program Manager, ICSA Labs believes with more mobile payment systems coming online, and as more devices connect to the cloud, we will begin to see an uptick in security threats to mobile devices. “Add to this the BYOD and BYOA (app) trends, and it’s easy to understand that mobile devices will be the next frontier for hackers,” he states.

ICSA Labs offers 5 tips to help enterprises stay ahead of the curve.

# 1. Dynamic analysis is a must. If deploying security tested mobile applications is required by your company’s IT organization, consider mobile applications that have undergone dynamic analysis. This involves testing a mobile application while it is running in a live environment including all the appropriate back-end systems with which the app normally communicates.

# 2. Conduct due diligence when selecting a mobile application developer. Make sure the mobile app developer is legitimate, trustworthy and has a history of quality app development. Another good due diligence step is to ask app developers if they have their own testing and certification practices, states Walsh.

# 3. Build an enterprise app store. If, as an enterprise, restricting certain mobile apps seems like a futile effort, build your own enterprise app store. The store should only include independently tested and approved mobile applications. Walsh believes that it is important to build and share a list of mobile apps from the enterprise app store, as well as other apps deemed secure. This can help prevent employees from downloading apps from other, possibly rogue locations.

# 4. Develop and share broadly your mobile device policy with employees. They need to know and understand the ground rules for bringing their own devices into the work environment, and know if this practice is forbidden. Be sure to develop and clearly communicate your policies. Nothing wreaks as much havoc on an organization as ill-informed employees.

# 5. Don’t fight a losing battle. Research and implement the right mobile device management solution that adequately supports the bring-your-own-device policy, so you are not swimming upstream. Enterprises should be in the driver’s seat when it comes to managing the mobile device environment. It is far easier to get ahead of the curve and then to make corrections after the fact.

 

In the process enterprises should not ignore the security basics, says Walsh. According to him, by layering on additional security proactively, enterprises will be in much better position to protect their assets.