IT administrators can mitigate a significant number of mobile data security risks associated with mobile applications and devices through security best practices and native security measures.
When smartphones originally emerged, they offered minimal built-in security. With its over-the-air device management and native encryption, BlackBerry was a noteworthy case and fostered expansive business adoption, driving different manufacturers to emulate BlackBerry.
When the Apple iPhone launched, for instance, it had no encryption or IT management hooks. Today, every Apple iOS gadget accompanies with an encrypted file system, can be locked with a long, complex passcode, and supports 150+ IT-configurable policies. Although such native capabilities fluctuate by device make and model, each of the four major mobile OSes — Apple iOS, BlackBerry, Microsoft Windows Phone 8, and Google Android — support those best practices.
Mobile data security best practices
Remote find and wipe
Most employers also need the ability to find a lost or stolen device remotely and, when warranted, wipe every single corporate data. Once more, all four OSes support remote find and wipe, however, wipe effectiveness differs. For instance, wiping an iOS device renders all encoded information difficult to reach. In contrast, wiping an Android device just resets it to factory default settings, which can leave recoverable data behind. Pairing remote wipe with applications that thoroughly encrypt their very own data makes remote wipe more viable.
Stored data encryption
Stored data encryption has become an enterprise must for mobile devices that store business information, including message attachments, screen snapshots, temporary files, cached Web pages, and other data that “leaky” applications create. Full device encryption is generally supported; however, noteworthy exceptions include Windows Phone 7 and Android 2.x. Further, a few devices can’t encrypt everything, regardless of whether the OS supports it. And even an encrypted device exposes information to a thief with a cracked PIN.
PIN or passcode
The first line of defense against the unauthorized utilization of a stolen or lost device is a strong PIN or passcode. All four OSes support numeric PINs and alphanumeric passcodes. The essential challenge is enforcing long, complex passcodes that users must re-enter as often as possible. Pairing shorter passcodes with secondary user authentication to open every sensitive business app is a useful method to reduce risk.
Here, best practices combine full-device encryption with software encryption by every application. To avoid leaks and enhance mobile app data security, application developers must be mindful to rigorously encrypt everything written to flash storage and to protect their encryption keys. New upcoming trends incorporate sandboxed apps that secure data containers to store IT-managed archives for offline access safely.
The above practices mainly focus on mobile app data security, but they can likewise deter malware, preventing Android malware from snatching documents on removable storage available to all applications, for instance. Furthermore, mobile OSes sandbox applications to protect them from each other and expect users to allow each application permission to get device features or shared data. Sadly, users frequently acknowledge those requests without understanding the outcomes. While Apple’s App Store policies have deterred iOS malware, the equivalent can’t be said for Microsoft’s or Google’s stores. Indeed, even BlackBerry users can install applications from less-reliable sources.
Best practices to prevent mobile malware are still rising, yet they incorporate monitoring for blacklisted apps or compromise, directing mobile traffic through cloud services that scan for malware, and running malware scanners on mobile devices.
Employers additionally worry about data in motion: that continuous stream of traffic to and from always-connected mobile and wireless devices. All four OSes natively support Transport Layer Security (TLS)-encrypted Web and email traffic, WPA2-encrypted Wi-Fi traffic, and virtual private network (VPN)-encrypted network access. Unfortunately, related settings and certificates are too complicated even to consider relying on the end-user configuration. Moreover, requiring secure Wi-Fi on-site doesn’t prevent users from exposing information at public Wi-Fi hotspots, and VPN configurations differ by gadget model. Thus, application developers should utilize TLS to encrypt their own traffic, independent of VPN or network security.
To guarantee that data can be restored after a device is harmed, wiped, or lost, take advantage of data backup abilities supported by each mobile OS. Native backup abilities typically include writing backup files to a desktop or laptop and regularly backing up data to cloud storage. The best practices include password-protecting access to cloud storage and backup files, encrypting those backups at every possible opportunity, and keeping business information from being backed up to personal storage areas. Some mobile app development companies and app developers might need to take advantage of native backup capabilities; however, they additionally need to consider the security implications of doing as such.
Mobile device management
IT can gain visibility into and control over tablets and smartphones with mobile device management (MDM). Methods include utilizing Microsoft Exchange ActiveSync to require encryption and PIN and using third-party MDM tools to configure and constantly enforce security policies. Supportable security policies change by mobile operating version, MDM tool, and device model, however, centralized security policy management is important to execute other practices like remote find/wipe, PIN/passcode, encryption, and even anti-malware, without relying upon compliant end users to consistently do the right thing.
As indicated, many mobile data security best practices use native mobile device and OS capabilities as an initial point, strengthened by combining those with application-explicit security measures. Building security into every mobile application not only decreases risk but also levels the still-uneven playing field of mobile platforms. Mobile OS security and management hooks will continue to improve, and new mobile devices will develop with new vulnerabilities.
Further, although we have focused here on the device, mobile data security, and OS, mobility involves numerous other components that must likewise be secured by IT, including the mobile messaging servers, cloud storage, and wireless networks accessed by mobile users. Understanding all of these mobile risks and looking for ways to offset them during mobile app development is an investment.