subject: Article on mobile application security [print this page] Article on mobile application security Article on mobile application security
While mobile applications are increasingly adding to the workforce productivity, security in mobile applications is posing challenges like never before. Security issues are especially critical in those scenarios, where mobile applications are interacting with sensitive back end core applications of an enterprise.
It is true that mobile applications enable only a subset of business functions for any enterprise as mobile applications are meant for mobile workforce. The relatively less visibility of mobile applications as compared to the whole portfolio of enterprise applications puts it in a neglected corner.
All this tends to make mobile applications more prone to security risks. Let's look at some of the security risks for mobile applications.
1. User Authentication: Due to the size limits of mobile devices, mobile applications tend to neglect password policies of enterprise. The desktop application may be following 8-10 character password policy but mobile application may be allowing 4 characters PIN. One should carefully evaluate the effect of such diversions from norms and come up with a pragmatic approach keeping mobile device size and security in perspective.
2. Data Security on Device: Mobile applications tend to store data on local device for performance reasons. This can pose serious risks. One can think about encrypting the data for local storage but then encryption-decryption is a resource intensive function especially if you rely on asymmetric algorithms. One should take a balanced approach, for example one can use symmetric algorithms for encrypting data and use asymmetric key for encrypting symmetric key.
3. Data in Transit Issues: Data in transit (when data moves from one system to another system) is another critical aspect of data security. In the case of mobile applications, there are so many intermediaries in-between. Ensuring the data confidentiality and data integrity in transit can pose serious challenges.
4. Device Management and Application Provisioning: As one can imagine, people move to different departments within the same company. With the move, it is critical that their access to enterprise applications via mobile applications is provisioned and de-provisioned in a controlled manner. Managing the right level of mapping between mobile devices and mobile applications poses unauthorized access risk.
5. Security Analysis and Monitoring: Monitoring security incidents such as password changes, failed logons, unauthorized access requests, non-repudiations is critical as they can help you identify risks in your mobile application environment. A carefully structured approach towards mobile applications security monitoring can help you to thwart these risks.
