Secure Mobile Application Platforms
In a relatively short period of time, the enterprise mobility landscape has transformed from a world where a privileged circle of Blackberry users enjoyed access to their email and calendars, to an environment where the entire corporate population can take advantage of mobile access to a wide array of enterprise resources. Many of these employees are even providing their own smartphones or tablets, and are paying for their monthly service. Allowing these devices to be used to streamline tasks and enhance productivity is to the advantage of everyone.
While email remains the most common mobile application, further access to items such as CRM data, intranet portals, individual work files, and corporate file repositories are quickly bringing the mobile device into parity with what can be accomplished on a desktop or laptop. As organizations begin to acquire individual solutions to meet their users’ needs, they are arriving at a growing collection of separate Web-based and standalone mobile applications.
The security models on which mobile applications are built vary greatly and some present corporate risk. There are differences between platforms, such as iOS vs. Android, and between the design of apps’ features and services. Some common areas of concern that vary from app to app include:
- Encryption – While some apps encrypt files that are stored within them, or leverage encryption provided by the device’s OS, others often store unencrypted files. In addition, it’s up to an app’s creator to design the app to use encrypted network communication, and some do not.
- Authentication model – Some apps allow the configuration of a lock code or password that must be entered when starting an app. A few even allow integration with Active Directory when accessing protected resources. Unfortunately, other apps provide no ability to secure access to the app itself.
- Data leakage protection – Most apps include features that allow their user to share information with others using email, file sharing services, or social networking sites. It’s typically not possible to disable these features.
When building a collection of corporate mobile applications, it’s quite common that one or more present enterprises with one of these security concerns. A relatively new type of solution offers the ability to alleviate this situation and empower enterprise IT to provide users with mobile applications that can be secured and managed. I like to call these solutions Secure Mobile Application Platforms.
Secure Mobile Application Platforms provide a framework from which mobile apps can be designed to use a common encryption, authentication and data leakage protection model. Solutions like MobileIron’s AppConnect and Good Technology’s Good Dynamics, make available a software development kit (SDK) that app vendors and internal corporate developers can build into their apps, allowing their apps to be managed and controlled by a centralized management system. This allows a collection of apps of mixed origins to require the same authentication method for access, to securely encrypt and exchange data, and to have restrictions applied to them that limit data leakage opportunities. Access to these apps can be withdrawn and data selectively wiped if the need arises. The management capabilities afforded by these platforms can even allow IT to deliver a powerful set of capabilities on devices that are owned and maintained by the employee, without requiring corporate control over the entire device.
Secure Mobile Application Platforms are a relatively new option and the applications available for use within them is sure to steadily grow. Selecting or building applications that are compatible with the platform of your choice can provide a stable security foundation for your enterprise’s suite of mobile applications.
With the release of version 4.3, Acronis’ mobilEcho mobile file management application is now compatible with both Good Dynamics and AppConnect. If you are searching for a solution to allow powerful, secure access to your corporate file servers, NAS, and SharePoint servers, mobilEcho can provide that ability; along with built-in security and management capabilities and the option to further integrate with Good Dynamics and AppConnect.
Share your thoughts and experiences on Secure Mobile Application Platforms!