According to a report released by Scallon Communications in October 2014, more than half of all South African organizations experienced mobile security breaches over the preceding year.
This isn’t surprising given the vast numbers of people who now use mobile devices at work. A study from Cisco last year revealed that half of all South African employees (52%) bring at least one of their own mobile devices to work, and almost two-thirds (63%) of employees are allowed to use their personal devices to access company servers.
Since mobile apps and devices are vulnerable, a single security approach is not enough. Security measures should be applied at the device, application and data level to mitigate threats.
Here are eight tips to keep your enterprise mobile apps secure:
1. Use Multi-Factor Authentication
Use of a username and password combination is considered single-factor authentication and is not strong enough. There are three common factors of authentication: Something you know (e.g. password, pin, etc.), something you have (e.g. smart card, digital certificate, etc.) and something you are (e.g. fingerprint, retinal pattern, etc.). By combining a username and password with another type of authentication, access is more secure.
2. Have More Restrictive User Rights
User rights can be defined based on employees’ established work schedules according to location and date or time of access. The more specific the security authorizations are, the less likely that a hacker will gain access. And in cases where a break in does occur, the damage can be limited.
3. Deploy Containerized Deployments with Built-in Security
Single and multi-app containers significantly enhance security by creating an enterprise workspace for apps on the mobile device, regardless of whether corporate owned or personal, and for all supported mobile platforms. Authorized users get seamless access to corporate data and apps with enterprise-grade security and deep integration with user rights management and user authentication/single-sign on (SSO) technologies built in.
4. Implement Multiple Encryption Algorithms
Malicious users can intercept and monitor exposed data transmitting across the Internet. When securing data transmitting across the Internet it is recommended to use more than one type of encryption algorithm. Symmetric encryption is fast and easy to use and consumes very few processor cycles whereas asymmetric encryption is much more computationally expensive and therefore slower. By combining the use of asymmetric encryption to encrypt the key and send the key over the wire, and then decrypting the rest of the data using fast and easy symmetric keys, efficiency, high security levels are achieved.
5. Use Mobile Device Management (MDM) Software
MDM software protects delivery and access to enterprise content; defines and enforces IT policy; applies virtual geographic limits for devices; and leverages powerful authentication, certificate management and data encryption capabilities. MDM software includes both monitoring and security capabilities that are essential for securing data on mobile devices. MDMs benefit enterprises seeking management of both corporate-owned, personally-enabled (COPE) devices and Bring Your Own Device (BYOD) devices. For this reason, MDMs need to be cross-platform and non-proprietary in design. Because of the diversity of manufacturers in the Android market, an MDM solution should support a wide cross-section of these manufacturers.
6. Use Mobile Application Management (MAM)
Mobile Application Management is the collection of centrally administered policies that control the security and lifecycle of mobile app deployments in the enterprise. MAM empowers IT administrators to distribute, update, manage and secure applications on shared, personal and corporate-owned mobile smartphones and tablets. IT administrators will typically access a centralized console that manages the deployment lifecycle of the applications in the enterprise environment from end-to-end.
MAM software helps an IT administrator to configure apps and provision users. Administrators can set privacy and security policies based on group rights settings and individual settings, authenticate access and enforce compliance. MAM also allows the administrator to monitor and track mobile apps as well as enable, disable or restrict apps according to security policies.
7. Protect Against Viruses
Android lacks firmware-level app authentication, allowing tactics such as hash collision, certificate forgery and inter-process communication abuse to occur. Google’s claims of scarcity aside, most IT security managers will still want to take steps to protect against Android malware even if viruses themselves are rare.
Your MDM and MAM solution should install malware protection on the device that scans and monitors the device file system and installed applications for known malware and viruses. If found, the software needs to quarantine infected or malicious applications and files on the device. Basic features should include the ability to schedule antivirus scanning, download virus definition updates, configure antivirus “whitelists” and execute quarantine management.
8. Exercise Web Security Procedures
Security procedures for maintaining a web server are an important part of your overall mobile security strategy. Administrators of web servers in support of mobile systems need to make certain to keep operating systems and web servers up-to-date with the latest patches and upgrades from the manufacturer. Monitor and read all vendor security alerts and follow best practices when configuring systems. It is recommended to enable needed services and apps only and disable unused services. Remove and disable any unneeded master accounts and super admin accounts.
Mobile devices and access to enterprise systems present new threats and vulnerabilities that must be assessed appropriately to safeguard valuable enterprise assets. By combining these eight important enterprise mobile security methods with a detailed plan and standard procedures, South African enterprises can secure their mobile enterprise apps and data.