Aug 31, 2015
Driving Secure Usage of Enterprise Apps
A new episode, Secure Usage of Enterprise Apps, is now available on the “Life in the Mobile Enterprise (LiME)” podcast. Listen as I interview John Aisien, senior vice president at Mocana, about how to make sure your security measures don't get in the way of app usage. John also shares 3 considerations for your risk management assessment, who should care about making sure security is strong and transparent (and it’s not just IT), and he provides tips on how to strike the right balance of usability and security. Read on below to learn more about how to drive the secure usage of enterprise apps. Download the “2015 Enterprise Mobility Report” to read the referenced study, citing 67% of respondents report security as their top mobility concern. Tune in every week for “freshly squeezed ideas to make your organization successful on its enterprise mobility journey.”
Enterprise mobility is playing an increasingly prominent role as a business driver and support tool in many organizations, but concerns over its security remain. In a recent survey we conducted of IT professionals across a range of industries, over two-thirds of respondents specifically cited security concerns as one of the challenges they faced in achieving their mobility goals. A number of security breaches at high-profile organizations in recent years have highlighted the importance of maintaining a secure enterprise. While some may find security at odds with enterprise mobility—which aims to empower employees with mobile apps and tools—we’ve learned from experience that it is possible to foster the secure use of these applications if you strike the right balance between usability and mobile app security.
Data Security is a Business Risk Issue
The overlap between data security and business risk is growing. In a recent study by Gartner of employees at companies with annual revenues exceeding $50 million, 71% of respondents reported that IT risk management influences board-level decisions—a sign that larger organizations are starting to take IT and data security more seriously than ever before. This is perhaps in response to the numerous high-profile data security breaches that have made headlines over the past few years, notably that of Sony Pictures Entertainment. On November 24th, Sony Pictures Entertainment experienced every corporation’s worst IT security nightmare. Hackers unleashed malware into its global network and within a matter of hours it erased data from over 3,000 personal computers and nearly 1,000 servers. The following weeks saw a steady stream of cringe worthy emails, salary lists, and even Social Security numbers made their way onto the internet, turning it into a colossal—and costly—PR nightmare. However, security threats don’t just affect companies like Sony. Regardless of the size of your organization, it’s important to regularly step back and review your IT and data security policies. Carry out a risk assessment and learn from Sony’s mistakes. In the face of several tough years, they drastically reduced their spending across the board. The result was an outdated—and vulnerable—network. No company can afford to cut corners with data security. Respect the risk assessment process, measure your approach, and invest accordingly.
Security isn’t just for IT
The Sony hack not only sheds light on the value of IT security, but also the importance of supporting company-wide policies. While it is the responsibility of the IT department to design and implement policies, the modern work environment necessitates that all workers play their part in upholding them. In an age when employees and extended employees (contractors, freelancers, etc.) are increasingly integrating their personal devices into the workplace, managing security from the worker to the enterprise level is paramount. Companies supporting enterprise mobile applications need to not only safeguard their network, but ensure every device workers use is protected as well. The same security measures that work for servers will not work for employees with laptops, smartphones, and tablets. IT departments need to understand that security is not at the forefront of employee’s minds. They want a seamless experience across their devices and your security approach must be user-friendly in order for it to be effective. Review the range of devices your employees use and come up with measures for each tool that both keep your network secure and maintain the user experience.
The Sony hack should serve as a reminder to organizations of all sizes that IT and data security extends beyond the server room. Maintaining a secure environment requires a proactive approach that should address all data and devices in their own context. Furthermore, security is not something to be sacrificed as a cost cutting measure—the consequences of failing to maintain and comply with security standards are far greater than any organization can afford.
Understanding your end users
Developing a successful--and secure--product or service requires you to first understand your customer base. Mobile enterprise apps are no different, except in this instance it is your employees who are your customers. Reviewing your employees, their work habits, business functions, and their level of technical knowledge should help shape your approach to mobile app security as well as the scale and intensity of your training efforts. Employees using their personal devices with enterprise apps installed on them introduce several new variables into the equation. It would be unwise to assume that personal mobile devices are used in ideal situations at all times. At any point they may be lost or stolen, accessed by other users, or connected to insecure networks. In events like these, security features like run-time integrity checks are extremely useful and effective, as they are invisible to the user and are capable of disabling or wiping applications in the event the device is compromised.
Evaluating the criticality of your data
Your mobile app security approach should also address the criticality of your data. Enterprise applications are used for a variety of purposes and can access or hold a wide range of data—from publicly available marketing content, to confidential client information. The more critical the data, the more vital is it to have security measures in place. There are a number of ways to secure critical data in enterprise mobile apps that have little to no adverse affect on the user experience, such as encryption and Single Sign-On (SSO). In the event a device is lost, stolen, or otherwise compromised, the ability to remotely wipe data is also extremely useful. With an app-centric mobile application management (MAM®) approach, IT administrators are able to remotely wipe data from the application level rather than from the entire device—a feature that is essential in today’s BYOD work environment.
Getting usability just right
Usability and security are often pitted as opposing figures, but this does not need to be the case. Making sure your employees understand the need for security by presenting a transparent security plan can go a long way. Application-level features that can be managed from a central administration console give enterprises the flexibility to protect their data without compromising the user experience, allowing them to not only drive mobile app adoption, but drive it securely.