Skip to main content
App Management Individual Blog Image

This post is from the Apperian blog and has not been updated since the original publish date.

Last Updated Apr 18, 2011 — App Management expert

Security Questions Before Building Mobile Apps

App Management

The recent CSO Article, "8 security questions to ask before building mobile applications" got me to thinking.

The competing needs of users and security are very clear when building enterprise mobile apps to run on devices such as smart phones and tablets.

We need to make sure employees "eat the dog food" by presenting a “user friendly” face to Enterprise Apps. But how can a developer do this, while ensuring that user access is authenticated, that data is protected, and access is shut down when an employee leaves the organization?

Make Sure Users can Find and Use the Apps

Here are tips on making it easy for the users.

  • Make sure apps are displayed to users from an “App Store” like environment installed and run just like consumer apps.
  • Make it easy for users to install multiple apps from the company at the same time.
  • Provide a “starter kit” of corporate apps when someone joins a company. 
  • Make the apps fun to use and “consumer like” so folks will want to use them.

The point is, if you don’t make it easy for users to find and use corporate apps, and want to use them on a daily basis, you won’t get your ROI. If you make it too Draconian to use the apps, you’ll lose the value leveraging shared (individual-liable) devices.

OK - But What About Security?

  • Design apps to allow elements of a “Sandbox” — password authentication, encrypted transport, but only when required. For example, access to the “executive dashboard” would require authentication and encryption, but the product catalog could just open up based on basic authorization (i.e., if the user is still part of the organization).
  • Provide de-provisioning of apps when someone leaves the organization or moves groups. 
  • Do not rely on “Device Wipe” as your only solution. Incorporate the option to “brick” or remove the corporate apps — make them unusable and lock up the data.

Now that users are increasingly bringing their own devices, any enterprise apps and data to be removed must be done in a surgical manner, without messing with the user’s personal data and apps. Systems like EASE that provide app security management will include a developer SDK that can help with core functions like authentication, authorization, and version checking.

More from the Blog

View more
Apr 30, 2020

Mobile Application Management: A Forward View

App Management
  IT Is Adapting in the Midst of the COVID-19 Pandemic The Coron ...
Read More
May 19, 2019

Sneak Peek: How Are IT Leaders Driving Mobile App Adoption?

App Management
Apperian conducted the The Mobile Enterprise Application Survey to fin ...
Read More
Jan 30, 2019

Part 1: App Security Should Be an Integral Part of Your DevSecOps Process — Not an Afterthought

Application Security
What are the key considerations and components of DevSecOps? The in ...
Read More
Nov 19, 2018

Breaking Down the New California IoT Law

Application Security
Recently California passed legislation regarding the security of all I ...
Read More
Contact Us