| While mobile applications are increasingly adding to the | | | | encryption-decryption is a resource intensive function |
| workforce productivity, security in mobile applications | | | | especially if you rely on asymmetric algorithms. One |
| is posing challenges like never before. Security issues | | | | should take a balanced approach, for example one |
| are especially critical in those scenarios, where mobile | | | | can use symmetric algorithms for encrypting data |
| applications are interacting with sensitive back end | | | | and use asymmetric key for encrypting symmetric |
| core applications of an enterprise. | | | | key. |
| It is true that mobile applications enable only a subset | | | | 3. Data in Transit Issues: Data in transit (when data |
| of business functions for any enterprise as mobile | | | | moves from one system to another system) is |
| applications are meant for mobile workforce. The | | | | another critical aspect of data security. In the case |
| relatively less visibility of mobile applications as | | | | of mobile applications, there are so many |
| compared to the whole portfolio of enterprise | | | | intermediaries in-between. Ensuring the data |
| applications puts it in a neglected corner. | | | | confidentiality and data integrity in transit can pose |
| All this tends to make mobile applications more prone | | | | serious challenges. |
| to security risks. Let's look at some of the security | | | | 4. Device Management and Application Provisioning: |
| risks for mobile applications. | | | | As one can imagine, people move to different |
| 1. User Authentication: Due to the size limits of mobile | | | | departments within the same company. With the |
| devices, mobile applications tend to neglect password | | | | move, it is critical that their access to enterprise |
| policies of enterprise. The desktop application may be | | | | applications via mobile applications is provisioned and |
| following 8-10 character password policy but mobile | | | | de-provisioned in a controlled manner. Managing the |
| application may be allowing 4 characters PIN. One | | | | right level of mapping between mobile devices and |
| should carefully evaluate the effect of such | | | | mobile applications poses unauthorized access risk. |
| diversions from norms and come up with a pragmatic | | | | 5. Security Analysis and Monitoring: Monitoring security |
| approach keeping mobile device size and security in | | | | incidents such as password changes, failed logons, |
| perspective. | | | | unauthorized access requests, non-repudiations is |
| 2. Data Security on Device: Mobile applications tend to | | | | critical as they can help you identify risks in your |
| store data on local device for performance reasons. | | | | mobile application environment. A carefully structured |
| This can pose serious risks. One can think about | | | | approach towards mobile applications security |
| encrypting the data for local storage but then | | | | monitoring can help you to thwart these risks. |