This was written by Gregg Ostrowski, Vice President of Samsung Business Services, and originally published on the Samsung Insights.
Mobile technology has rapidly taken over the enterprise and, unchecked, it can be a threat to corporate security. Across industries, workers expect their corporate devices to have the same speed of access, seamless user experience and choice of apps they enjoy on their personal smartphones and tablets. As these end-user and line of business demands for mobility become greater, the pressure on IT increases, as do the potential security risks. If line of business needs aren’t met, business units might bypass IT altogether and roll out improperly vetted and tested apps.
Such demands put IT departments in a tough situation and leave them scrambling to create a strategy as new apps hit the market. As a result, there’s increasing concern around malware and other security issues in many mobile apps that enter the enterprise.
To combat security issues without sacrificing user experience, follow these tips to boost your mobile app security while maintaining a successful, customer-like experience for your employees.
1. Build Security into the Development Cycle From the Start
Corporate security should begin in the initial phases of the mobile application development life cycle, not once the app goes live. A natural first step is to grant your security team access to your agile process throughout your development cycle.
To build security into your development cycle from the beginning:
- Make app security part your non-functional requirements early in the app planning cycle
- Augment your agile user stories with platform and enterprise specifics that impact app security
- Provide your security team with access to your agile project management platform
The simple act of being able to get questions answered and access peer reviews about security has the potential to save your enterprise from pressing security issues down the line.
A move to a DevOps platform enables automated auditing and control of who is doing what, and puts the right checks in place to ensure all your security parameters are set. It’s important for you to embed security testing into your regular development sprint, so you’re testing app security incrementally and mitigating issues along the way, not in some final harried sprint right before the app is due to launch.
2. Establish an Enterprise App Store
The application economy gave us mobile device management (MDM) and mobile application management (MAM), in which security focuses on the app level and not on ensnaring an employee’s device in unfriendly policies that drag down their customer experience. Make security a priority by establishing an enterprise app store, which is part of traditional MAM platforms and enables authorized users to download and install a list of secure mobile apps you curate for your employees. One of the most important benefits of an enterprise app store is its ability to control versions, so if a vulnerability is discovered in an app, the app store can be used to manage the application life cycle.
3. Inventory Your Current Corporate Mobile App List
Take control of the apps your employees are using by taking an inventory of which apps are in use across your business units. Which apps are critical, and which are “nice to have”? Speak to your end users to find out what they really want and need from an app, and analyze whether there’s a better way, a better app or a customization to fill their needs.
4. Use Analytics to Track Customer Experience
The application economy has flourished in the consumer world, partly due to consumer app developers using analytics to learn more about user behavior. Analytics help developers gain insight into the most used features and common bugs, and how customers use their apps.
With a MAM platform and enterprise app store in place, IT leaders can track much of the same data as consumer app vendors. When you enable analytics in your enterprise app store, you can follow your employees’ journey into mobile app adoption by monitoring the analytics from the dashboard of your MAM platform.
Such analytics enable you to better shape and control your own application economy. Use the data to help boost your customer experience in the following ways:
- Integrate analytics into a continuous testing regimen
- Redesign underutilized features based on user data
- Bolster budget discussions about security and mobile app development
You can also use the analytics data to feed more informed discussions with your user community and development team, as hard data helps remove personal opinions about usability and experience from the discussion.
5. Use Biometrics to Balance Security and UX
Security is often viewed as a prohibitor rather than an enabler. However, mobile technology advancements have made user experience (UX) the main priority. With the introduction of biometrics for fingerprint or even retina scanning, authenticating access to an application has never been easier or more secure. Now is the time where security professionals need to ensure they’re providing a quality user experience that meets their enterprises’ security needs.
While the corporate security threats posed by the application economy are very real to the enterprise, changes to your development strategy, app management and analytics will allow you to deliver secure mobile apps that please your users.
When it comes to mobile security, employees just might be your weakest link, which is why it’s crucial to develop a mobile strategy that prioritizes security without sacrificing efficiency.