Organizations are increasingly taking a mobile-first approach to business, but they also need to ensure that application security is front and centre, say mobile experts.
Cybercrime is making a move into mobile. According to Nokia’s Threat Intelligence Report, malware infections on mobile devices have risen by 400 per cent in the past year. Mobile applications provide another potential onramp for the type of data breaches that have made recent headlines.
“Customers want the convenience to use mobile apps anytime and anywhere,” says Shri Kalyanasundaram, head of Digital Identity at TELUS. “Organizations should have the right tools in place to let them do that with confidence.”
Mobile security essentials
Innovative mobile solutions can support always-on applications while maintaining control over sensitive data, says Kalyanasundaram. Here are seven key elements to look for when developing secure mobile applications:
Digital identity management. People tend to use the same passwords repeatedly, making it one of the most cumbersome and least secure ways to verify user identity. Instead, organizations can offer their customers a passwordless login experience using multi-factor authentication, says Kalyanasundaram. This confirms identity based on something the user has (the mobile device), something the user knows, such as a PIN, and who the user is.
Data encryption. Organizations should ensure the latest in encryption technology is used to protect data wither it is on a device, a server or in transit. This allows users to share messages and files knowing that their privacy is intact.
Digital signatures. Customers want to be able to complete their transactions on their devices. Mobile apps should use private key authentication and credentials to allow users to give legal digital signatures for any type of document or application.
Protection if devices are lost, stolen or altered. Mobile security tools should include the ability to automatically detect and disable devices if someone has tampered with the device or an application. If a device is compromised, lost or stolen, the tools should have the capability to remotely wipe the device to eliminate potential privacy breaches before they occur.
A clear audit trail. All digital transactions, including access to secure data or encryption keys, should be logged. This helps organizations demonstrate compliance with regulatory requirements, but also provides confidence to users.
Awareness programs. Every organization should have a security program to educate employees and customers on topics such as how to spot suspicious emails or applications that are not safe to download onto their devices.
Engage experts. Cyber security is a moving target since the hackers are always developing new methods of attack. Enterprises can reduce the risks associated with critical mobile applications by choosing a qualified security partner.
The future for secure mobile apps is bright
IDC statistics reveal that by the end of 2018, 60 per cent of new applications will be developed as “mobile first.” It’s no wonder since research also shows that almost half of global smart phone users are spending more than five hours a day on their devices. Organizations that can respond to the growing customer demand with convenient, yet safe, mobile applications will prove to have a winning combination, says Kalyanasundaram.
Learn more about TELUS Mobile Security Solutions here.