Mobile Security: No Longer the Bane of the Enterprise App Developer
Join the DZone community and get the full member experience.Join For Free
It’s no surprise that enterprise app developers may envy their consumer counterparts – who have the opportunity to develop the next Instagram or YouTube or Pinterest. Mobile app developers strive to create the next killer app, and they obsess over innovating on features or delivering outstanding user experience. Still, others are drawn to analyzing factors, such as usage metrics. And they live for continuous innovation and improvement, which explains the never-ending procession of updates and new versions, each delivering more features and even greater usability.
That’s what they want. What they don’t want are the tedious, repetitive, or mundane tasks that are also part of the app development process.
So, let’s consider security. Every mobile app must be secured, but, in many ways, coding security is the antithesis of coding innovative features and functions. It takes a different skill set, and it can be so tedious that it leads to exasperation. Let’s face it: The developer’s desire for a seamless, effective, and compelling interface within apps is sometimes at odds with the enterprise's needs for security.
You may also like: 6 Best Practices for Mobile Device Data Security.
An Art in Itself
Security requires understanding how to encrypt data correctly. It requires understanding where data used by the app is stored, and how it is shared. Additionally, in securing mobile apps, developers must consider questions such as:
- Which API do I use, and am I using it the right way?
- How do I use vendor A's security versus vendor B's security?
- Where is the data used by the app stored, and where is it shared?
To a degree, mobile security is a puzzle. What if the app had been outsourced, and the in-house security team has just the binary? What if an outsourced app is not secured when it's handed back to the organization? And what can be done if the developer responsible for securing the app is not the developer who built it? What if the developer did not comment their code and has left the company? The ultimate question may be what to do if an app was created by multiple in-house developers working in parallel.
Safeguarding the data shared and stored by the app is virtually a prime directive: the value of the data on a device is hundreds to thousands of times the value of the device itself.
An Engine for Productivity
Many organizations think of mobility as an engine for productivity. That has a number of implications, but perhaps the most important implication for developers is that good design and innovation are critical to enabling productivity. For workers, it means being able to quickly access the data for their purposes. In fintech, it may mean analyzing banking data on an iPad. In healthcare, it may mean needing rapid access to CT scans and the data behind them.
To achieve that productivity, developers need to know how to make both data and security controls available from the device. Today, this is easier because both iOS and Android have made the device controls available in the devices themselves.
It might be the ultimate win-win: both innovative features and ironclad security have become easier to create, even though creating them requires mindsets that are often polar opposites.
MDM Tag-Teams With App-Level Security
Mobile Device Management (MDM) software first came to market in the early 2000s, providing the means to control and secure PDAs and smartphones that were flooding the enterprise. In the intervening years, MDM has become well understood and has become a mainstay with enterprise developers.
What’s less well known is that app-level security can be deployed along with MDM, and that it provides real benefits:
- For a corporate-managed device – whether it’s supplied by the organization or is a corporate-managed BYOD device, you need to have both device management and the security needed when uploading data.
- For a non-managed device in enterprise, there's no MDM profile. And yet, because it has app-level security, the organization can control data wherever it's being used by the team.
In short, MDM and app-level security can tag-team to ensure robust security. The greater benefit of app-level security is that the organization retains the intrinsic value of the data by securing the data, but also by ensuring the ongoing management of policies.
Imagine your organization has a mix of 50% corporate-managed devices and 50% unmanaged devices.
- For the former, you can provide different levels of access to data because MDM in tandem with mobile app security is more secure. That means users of corporate-owned devices can access more sensitive data.
- For the latter, with just mobile app security, the organization can restrict what data the user can access, but at the same time provide the user with sufficient access to data to remain productive.
But, how can we answer the questions about the startling frequency of app updates today – not to mention the need to secure them, which, as we know, is a challenging and tedious task. Well, the answer is that automated integration of updates to both apps and security changes the equation altogether, reducing weeks to integrate security to mere minutes.
A New Dawn for Mobility
Developers are learning that MDM in combination with app-level security can improve both app and device security. What they likely don’t know is that every new version of an app needs to be secured, and a change in the underlying OS also means the app needs to be secured again. Finally, what they may suspect – and they would be right – is mobile app security has become so complex that automation and no-code integration are fast becoming the only means available to organizations for supporting provisioning of new devices at a rapid-fire pace.
Opinions expressed by DZone contributors are their own.