SlideShare uma empresa Scribd logo

Ast 0111640 wp-7-must-haves-for-mobile-app-security

Piyush Bhavsar
Piyush Bhavsar

Android Mobile Application Security

TecnologiaNegócios
1 de 3
Baixar para ler offline
7 MUST HAVES FOR MOBILE APP SECURITY Overview Mobile devices are not just another type of endpoint. Inherent features (e.g., camera, accelerometer, proximity sensor, etc.) coupled with the always-connected, readily available nature of these devices represent an opportunity for improvement in enterprise user productivity. Enterprises can begin to realize this potential by allowing use of corporate data in both custom-built and commercially available mobile apps. Mobile workflows resulting from interactions between these apps can be faster and more intuitive than those on a PC. However, the need to always retain control over corporate data should give an enterprise pause before sanctioning the widespread use of sensitive business information on mobile devices. Having to trade usability against security puts enterprises in an unenviable position. Below are the minimum requirements that an enterprise must have in a mobile app security solution in order to transform the mobile user experience without compromising on security. #1 Data Protection on Any Device via Containerization New advanced app-level controls available in popular mobile OS platforms still require that the device be controlled via Mobile Device Management (MDM). While device management may very well be a key component in an enterprise’s mobility strategy, a company may not want to – or have the ability to – enforce its use in all scenarios. Scenarios include personally owned devices, devices used in the extended enterprise (e.g., business partners, distributors, board members, etc.), and devices used in regions with strong user privacy regulations. The heterogeneity of the mobile device landscape, supported by a myriad of mobile operating systems and versions, device form factors, inconsistent device management status and differing ownership models, all contribute to the IT management headache. What’s needed is a mobile security solution with next-gen app containerization that utilizes app-level device-independent encryption to secure corporate data. Such a solution will provide the same advanced protection regardless of device ownership (i.e., BYOD or corporate-liable) and management status (i.e., controlled by MDM software or not). #2 Consistent Security Across OS Platforms Mobile OS vendors provide security capabilities that are not common across OS platforms. In the corporate world, where the mobile device landscape is becoming increasingly heterogeneous, the lack of a common security paradigm across OS platforms causes unnecessary IT management overhead. A mobile app security solution that provides consistent security management across mobile OS platforms reduces IT administrative costs. Additionally, with the majority of mobile users having multiple devices, providing a familiar security experience across platforms and form factors allows users to continue working they way that they are used to, without impacting the productivity they derive from their mobile devices.
#3 Authentication To Match Your Security Requirements Mobile OS platforms, even those with app-level password controls, enable security with one device-level passcode. Ways to bypass this passcode continue to make the news. Complex passcodes, which provide greater protection, can be enforced on devices under MDM control but that impacts the user experience. Authentication in a mobile app security solution should be adaptable to address your enterprises security requirements. Apps and their data must be protected with passwords and cryptography that is independent of any underlying device-encryption. For devices under MDM control, this allows enterprises to enforce simple device-level passcodes so as to not impact the user experience. If the device passcode is hacked, the app data will still be encrypted – even if viewed via low-level file system access. When the device is not under MDM control, app-level device independent encryption still ensures protection. A mobile app security solution should also support 2-factor authentication for environments that have more stringent access requirements. #4 Mobile Business Workflows That Users Want While important, sharing of documents, photos, movies, etc., between apps just scratches the surface of what becomes possible with mobile devices. A mobile app security solution should also allow apps to securely share metadata, documents, and even services with each other, providing an efficient, streamlined workflow. For example, one app could call upon a print service that is actually part of another app, sharing both the document to be printed as well as the metadata to ensure the document will be printed on A4 paper, with a half-inch margin, and all the text in boldface. Such an approach allows for a variety of published services to be pulled together into a single app to provide users with desired workflows. A user can accomplish a multitude of different tasks – note creation, printing, emailing, instant messaging, file sharing, and web/URL launching capabilities – without having to manually navigate between one or more apps. #5 Control Over The Flow of Data Mobile devices typically contain a mix of corporate apps that will need enterprise management and unmanaged personal apps. A continuing concern for businesses is preventing the breach of sensitive information. For example, credit card data, subject to PCI DSS, could be copied from an enterprise app to a consumer app that stores data unencrypted in the cloud. Additionally, businesses are also concerned about non-corporate information making its way into the enterprise domain, which could expose the corporation up to legal action. A mobile app security solution should allow a business to determine the flow of data in and out of the enterprise domain. Opening of data from a managed app to another app, managed or not, should be controllable – this can address data leakage via apps that write to the consumer cloud. Copy/paste of corporate information from a managed app to an unmanaged app should be preventable. Data being transferred between two managed apps should always remain encrypted, even when temporarily cached to disk. Opening of data from an unmanaged app to a managed app should also be preventable. This ensures clear segregation between personal and corporate data, critical when a remote wipe of corporate data is needed. #6 Happy Users For some mobile OS platforms, MDM controls can be used to toggle whether or not the device can be backed up to default cloud storage. Enterprises might choose to prevent this backup for managed devices because corporate data could then be synced to non-managed devices. Similar MDM controls can control syncing of contacts to the cloud. The downside of enabling these controls is that users of managed devices will not be allowed to backup their personal data or contacts. In mobile, the user experience is paramount. Security controls that hamper this experience, especially when a device is used for personal tasks, will incent users to find a workaround. That’s a potential threat to your data. With a mobile security solution that offers next-gen app containerization, an enterprise can permit backup of the device to default cloud storage. The user experience is preserved as personal apps and data can be backed up as usual. At the same time, corporate security requirements are met as next gen containerization ensures that data in enterprise apps is protected with device-independent encryption and therefore backed up securely.
#7 Supporting the Extended Enterprise Many enterprises are starting to think beyond the employee productivity improvements that are enabled by mobility. These enterprises are wondering how they can achieve similar benefits across their extended enterprise (e.g., business partners, distributors, board members). In the extended enterprise, MDM is not a realistic option for corporate data security. MDM leverages a users’ group membership in the corporate directory system (e.g., Active Directory) to automate policy and access controls. Adding non-employees to the corporate directory is not something that IT will easily permit. Additionally, there can only be one MDM profile on a device and so device management cannot support cases where a user needs to access sensitive business data from different enterprises – e.g., a director who sits on the board of many companies. Your mobile app security solution should be flexible enough to enable secure use of sensitive business information in the extended enterprise, while still ensuring that the enterprise has complete control over this information. Mobile app containerization that doesn’t require membership in the corporate directory system will enable broader use of corporate data, without adding unnecessary IT administrative overhead or compromising on enterprise security. Conclusion Enterprises should not have to compromise on usability in the name of security. Enterprises looking to secure their mobile apps should ensure that these seven must-haves are present in solutions that are being evaluated. If requirements are met, enterprises can help transform the mobile user experience by permitting the widespread use of corporate data in simplified, intuitive, mobile workflows safe in the knowledge that business information is always protected. About Good Technology Good Technology is the innovation leader in secure mobility solutions; enabling business to move freely and engage at the edge. Good’s comprehensive solution consists of a secure mobility platform, mobile device management, a suite of collaboration applications, and a broad third-party application and partner ecosystem that unlocks your mobile potential. More than 5,000 organizations in 130 countries use Good Technology solutions, including FORTUNE 100™ leaders in commercial banking, insurance, healthcare, retail, government, and aerospace and defense. Learn more at www.good.com. © 2013 Good Technology Corporation and its related entities. All use is subject to license terms posted at www.good.com/legal. All rights reserved. GOOD, GOOD TECHNOLOGY, the GOOD logo, GOOD FOR ENTERPRISE, GOOD FOR GOVERNMENT, GOOD FOR YOU, GOOD APPCENTRAL, GOOD DYNAMICS, SECURED BY GOOD, GOOD MOBILE MANAGER, GOOD CONNECT, GOOD CONNECTED CONTAINER, GOOD SHARE, GOOD TRUST, GOOD VAULT, and GOOD DYNAMICS APPKINETICS are trademarks of Good Technology Corporation and its related entities. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. Good’s technology and products are protected by issued and pending U.S. and foreign patents. 11/13 Rev-11192013 EMEA Headquarters +44 (0) 20 7845 5300 Asia / Pacific Headquarters +1 300 BE GOOD Global Headquarters +1 408 212 7500 (main) +1 866 7 BE GOOD (sales)

Recomendados

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Recomendados

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 

Mais conteúdo relacionado

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Destaque

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

Destaque (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

Ast 0111640 wp-7-must-haves-for-mobile-app-security

  • 1. 7 MUST HAVES FOR MOBILE APP SECURITY Overview Mobile devices are not just another type of endpoint. Inherent features (e.g., camera, accelerometer, proximity sensor, etc.) coupled with the always-connected, readily available nature of these devices represent an opportunity for improvement in enterprise user productivity. Enterprises can begin to realize this potential by allowing use of corporate data in both custom-built and commercially available mobile apps. Mobile workflows resulting from interactions between these apps can be faster and more intuitive than those on a PC. However, the need to always retain control over corporate data should give an enterprise pause before sanctioning the widespread use of sensitive business information on mobile devices. Having to trade usability against security puts enterprises in an unenviable position. Below are the minimum requirements that an enterprise must have in a mobile app security solution in order to transform the mobile user experience without compromising on security. #1 Data Protection on Any Device via Containerization New advanced app-level controls available in popular mobile OS platforms still require that the device be controlled via Mobile Device Management (MDM). While device management may very well be a key component in an enterprise’s mobility strategy, a company may not want to – or have the ability to – enforce its use in all scenarios. Scenarios include personally owned devices, devices used in the extended enterprise (e.g., business partners, distributors, board members, etc.), and devices used in regions with strong user privacy regulations. The heterogeneity of the mobile device landscape, supported by a myriad of mobile operating systems and versions, device form factors, inconsistent device management status and differing ownership models, all contribute to the IT management headache. What’s needed is a mobile security solution with next-gen app containerization that utilizes app-level device-independent encryption to secure corporate data. Such a solution will provide the same advanced protection regardless of device ownership (i.e., BYOD or corporate-liable) and management status (i.e., controlled by MDM software or not). #2 Consistent Security Across OS Platforms Mobile OS vendors provide security capabilities that are not common across OS platforms. In the corporate world, where the mobile device landscape is becoming increasingly heterogeneous, the lack of a common security paradigm across OS platforms causes unnecessary IT management overhead. A mobile app security solution that provides consistent security management across mobile OS platforms reduces IT administrative costs. Additionally, with the majority of mobile users having multiple devices, providing a familiar security experience across platforms and form factors allows users to continue working they way that they are used to, without impacting the productivity they derive from their mobile devices.
  • 2. #3 Authentication To Match Your Security Requirements Mobile OS platforms, even those with app-level password controls, enable security with one device-level passcode. Ways to bypass this passcode continue to make the news. Complex passcodes, which provide greater protection, can be enforced on devices under MDM control but that impacts the user experience. Authentication in a mobile app security solution should be adaptable to address your enterprises security requirements. Apps and their data must be protected with passwords and cryptography that is independent of any underlying device-encryption. For devices under MDM control, this allows enterprises to enforce simple device-level passcodes so as to not impact the user experience. If the device passcode is hacked, the app data will still be encrypted – even if viewed via low-level file system access. When the device is not under MDM control, app-level device independent encryption still ensures protection. A mobile app security solution should also support 2-factor authentication for environments that have more stringent access requirements. #4 Mobile Business Workflows That Users Want While important, sharing of documents, photos, movies, etc., between apps just scratches the surface of what becomes possible with mobile devices. A mobile app security solution should also allow apps to securely share metadata, documents, and even services with each other, providing an efficient, streamlined workflow. For example, one app could call upon a print service that is actually part of another app, sharing both the document to be printed as well as the metadata to ensure the document will be printed on A4 paper, with a half-inch margin, and all the text in boldface. Such an approach allows for a variety of published services to be pulled together into a single app to provide users with desired workflows. A user can accomplish a multitude of different tasks – note creation, printing, emailing, instant messaging, file sharing, and web/URL launching capabilities – without having to manually navigate between one or more apps. #5 Control Over The Flow of Data Mobile devices typically contain a mix of corporate apps that will need enterprise management and unmanaged personal apps. A continuing concern for businesses is preventing the breach of sensitive information. For example, credit card data, subject to PCI DSS, could be copied from an enterprise app to a consumer app that stores data unencrypted in the cloud. Additionally, businesses are also concerned about non-corporate information making its way into the enterprise domain, which could expose the corporation up to legal action. A mobile app security solution should allow a business to determine the flow of data in and out of the enterprise domain. Opening of data from a managed app to another app, managed or not, should be controllable – this can address data leakage via apps that write to the consumer cloud. Copy/paste of corporate information from a managed app to an unmanaged app should be preventable. Data being transferred between two managed apps should always remain encrypted, even when temporarily cached to disk. Opening of data from an unmanaged app to a managed app should also be preventable. This ensures clear segregation between personal and corporate data, critical when a remote wipe of corporate data is needed. #6 Happy Users For some mobile OS platforms, MDM controls can be used to toggle whether or not the device can be backed up to default cloud storage. Enterprises might choose to prevent this backup for managed devices because corporate data could then be synced to non-managed devices. Similar MDM controls can control syncing of contacts to the cloud. The downside of enabling these controls is that users of managed devices will not be allowed to backup their personal data or contacts. In mobile, the user experience is paramount. Security controls that hamper this experience, especially when a device is used for personal tasks, will incent users to find a workaround. That’s a potential threat to your data. With a mobile security solution that offers next-gen app containerization, an enterprise can permit backup of the device to default cloud storage. The user experience is preserved as personal apps and data can be backed up as usual. At the same time, corporate security requirements are met as next gen containerization ensures that data in enterprise apps is protected with device-independent encryption and therefore backed up securely.
  • 3. #7 Supporting the Extended Enterprise Many enterprises are starting to think beyond the employee productivity improvements that are enabled by mobility. These enterprises are wondering how they can achieve similar benefits across their extended enterprise (e.g., business partners, distributors, board members). In the extended enterprise, MDM is not a realistic option for corporate data security. MDM leverages a users’ group membership in the corporate directory system (e.g., Active Directory) to automate policy and access controls. Adding non-employees to the corporate directory is not something that IT will easily permit. Additionally, there can only be one MDM profile on a device and so device management cannot support cases where a user needs to access sensitive business data from different enterprises – e.g., a director who sits on the board of many companies. Your mobile app security solution should be flexible enough to enable secure use of sensitive business information in the extended enterprise, while still ensuring that the enterprise has complete control over this information. Mobile app containerization that doesn’t require membership in the corporate directory system will enable broader use of corporate data, without adding unnecessary IT administrative overhead or compromising on enterprise security. Conclusion Enterprises should not have to compromise on usability in the name of security. Enterprises looking to secure their mobile apps should ensure that these seven must-haves are present in solutions that are being evaluated. If requirements are met, enterprises can help transform the mobile user experience by permitting the widespread use of corporate data in simplified, intuitive, mobile workflows safe in the knowledge that business information is always protected. About Good Technology Good Technology is the innovation leader in secure mobility solutions; enabling business to move freely and engage at the edge. Good’s comprehensive solution consists of a secure mobility platform, mobile device management, a suite of collaboration applications, and a broad third-party application and partner ecosystem that unlocks your mobile potential. More than 5,000 organizations in 130 countries use Good Technology solutions, including FORTUNE 100™ leaders in commercial banking, insurance, healthcare, retail, government, and aerospace and defense. Learn more at www.good.com. © 2013 Good Technology Corporation and its related entities. All use is subject to license terms posted at www.good.com/legal. All rights reserved. GOOD, GOOD TECHNOLOGY, the GOOD logo, GOOD FOR ENTERPRISE, GOOD FOR GOVERNMENT, GOOD FOR YOU, GOOD APPCENTRAL, GOOD DYNAMICS, SECURED BY GOOD, GOOD MOBILE MANAGER, GOOD CONNECT, GOOD CONNECTED CONTAINER, GOOD SHARE, GOOD TRUST, GOOD VAULT, and GOOD DYNAMICS APPKINETICS are trademarks of Good Technology Corporation and its related entities. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. Good’s technology and products are protected by issued and pending U.S. and foreign patents. 11/13 Rev-11192013 EMEA Headquarters +44 (0) 20 7845 5300 Asia / Pacific Headquarters +1 300 BE GOOD Global Headquarters +1 408 212 7500 (main) +1 866 7 BE GOOD (sales)