Mobile Apps Must be their own Fortress to Withstand Attacks from Hackers

Book Cover

A #mobile app must be its own fortress and never assume platforms are encrypted, authenticated, use VPN or require a PIN for #security.

I guess developers can’t count on anything these days. How you deal with security is what separates consumer app developers from enterprise app developers. The best apps assume an insecure, unencrypted and completely compromised mobile platform. In a world of bring your own app (BYOA), this will differentiate consumer app developers from trusted enterprise app developers. Imagine the scenario where a logged-in device is left behind in a taxi and is stolen before device security kicks-in to log the device out. A window of time ranging from five to fifteen minutes of exposure is realistic.

So how does a mobile app take charge of its own security? On launch, it must prompt for enterprise credentials like a password, PIN, face or fingerprint before allowing a user inside the app. Eliminate the use of cached credentials and tokens or keep expiration times to a minimum. Next, the app must provide its own encryption for data at rest. This is accomplished through the use of a mobile platform’s crypto APIs. Oftentimes you can reuse login credentials as a password and salt value. Use this to encrypt all downloaded and user-entered data before saving to local storage. The app must use TLS or per-app VPN tunnels for all remote communication to secure data in transit. Lastly, trustworthy apps should never take dependencies on platform capabilities they don’t actually require.

Reduce risk to your business by insisting every enterprise app you build or buy provides its own comprehensive security capabilities. Is your company making app security a top priority?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!

Improve Employee Productivity at your Company by Implementing a Hybrid Identity Strategy

Book Cover

#Identity and Access Management is key to facilitating employee access to corporate and 3rd party resources from any #mobile device on any #network.

Most of you are well-versed at entering user names and passwords to access social media and banking sites from your desktop browser. Based on the identity you provide; you’re given access to those sites. Some of you in the corporate world might know what it means to join your computer to a Domain. Your company has you do this so you only have to enter your credentials once, while getting access to multiple servers. This is called single sign-on (SSO) and it uses a directory service.

With people moving to myriad mobile devices and enterprise workloads moving to the cloud, the SSO technologies of the past require retooling. To make this work in a heterogeneous world, security tokens using Security Assertion Markup Language (SAML) that work with any operating system are needed. A Secure Token Service (STS) is employed to issue tokens to clients on behalf of a secure software service.

Today, you need a cloud-based directory service to manage users, groups and roles. It must provide hybrid identity by synchronizing with on-premises directories so users can seamlessly authenticate whether they’re inside the corporate WLAN or roaming on mobile data networks. Additionally, it must provide users with SSO to apps and services residing in other clouds. Finally, this service must support multi-factor authentication (MFA) which requires something a user has (a phone), something they know (a PIN) or something they are (biometrics) to secure corporate resources.

Reduce risk and improve user productivity by restricting corporate access to those employees with credentials found in cloud and on-premises directories. What is your company doing to provide secure access to its business systems from any device?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!