App Security in a Mobile World


As businesses strive to become truly digital enterprises, how people work has evolved in step. Mobile apps have become the new norm. As such, today’s IT organizations are tasked with supporting an increasingly mobile workforce (and customer base) with an experience that’s both productively seamless and highly secure.

That balance is not always easy to achieve. As organizations develop, source, and embrace new apps at a staggering pace, it’s important to remember the growing need for a comprehensive approach to mobile app security. This approach stretches well beyond the app itself; it looks more like a three-legged stool.

Keeping an eye on the device. For most organizations, the mobile device has become the workforce’s preferred conduit into the enterprise network and its mountains of data – making device-centric security a crucial component of any mobility strategy. Organizations can utilize several methods for protecting data at the device level.

Obviously, antivirus and anti-malware play at least a nominal role in drawing attention to a compromised device, yet they are often cursory when compared to other components. For instance, user and device authentication as well as access control play a pivotal role in ensuring that only authorized users gain access. Advanced authentication methods such as two-factor authentication, fingerprint identification, and pattern-swipe access control are becoming increasingly popular.

In instances of lost or compromised devices, having the ability to remotely wipe the device is also vital. This is often accomplished through some form of mobile device management solution or mobile app management service.

Surrounding the app. A robust mobile app management solution is the key to ensuring consistent app security. There are various MAM options ranging from containers to OS-native solutions that can come into play. Often proprietary in nature, containerization creates a secure environment on the device where business specific apps and data reside. App wrapping can also play a significant role by applying a policy-based management layer to any app to not only control app activity, but also place restrictions on data access capabilities. While containerization and app wrapping provide much-needed protection, the app use limitations these methods introduce is sparking increased interest in OS-native mobile app management strategies.

Staying mindful of data loss. The third layer of protection involves data loss prevention (DLP). Having comprehensive use policies in place as well as data encryption capabilities serve as the foundation for data protection. Leveraging a central application to securely access, store, update and distribute the latest documents from mobile devices can also play a role in controlling DLP.

Security plays a pivotal role in any enterprise mobility management solution. Defining what data users can access, as well as how they can utilize it, through their mobile devices will help protect enterprise assets in an increasingly mobile workplace.