Solving the Gaping Security Hole Plaguing All Mobile Devices
Nikfar Khaleeli | Sep 30, 2019
Read any of the scores of columns or tip sheets on the “Top 5 BYOD Mistakes” to avoid, and app-level security is scarcely mentioned. That’s surprising because surveys show, over and over, the primary reason for app-level security is uncertainty over the ability to protect data flowing to and from personal devices.
Breaches of mobile phones have become legendary. A security flaw with an Android mobile operating system was reported earlier this month to have left over a billion Samsung, Huawei, LG and Sony smartphones vulnerable to cyberattacks. Researchers from Check Point said that “a remote agent can trick users into accepting new phone settings that, for example, route all their Internet traffic through a proxy controlled by the attacker.”
“The large majority of mobile application developers spend their time and money hoping to dazzle their customers with bells and whistles, not on protecting those customers,” noted a writer in Security Boulevard. “Their apps are feature rich and security poor.”
App-Level Security is Critical
With the recent spate of mobile phone breaches, it’s just now coming to light that encryption provided by a device’s OS is not enough to protect the data on those devices. Think of it this way: OS-based encryption, once hacked, can leave both apps and data on the phone open to intruders.
Thus, app-level security is becoming commonplace, and just in time. It provides an additional layer of security, should the device encryption itself be hacked. That’s an advantage for both a corporate-managed device, which already incorporates an MDM profile, or for a BYOD device.
But is it enough to secure an app once and apply that security each time a new device with that app is provisioned? In fact, it’s not. The app must be secured again every time it’s updated – or when the underlying OS is updated. That’s true for all mobile devices, whether they are enterprise-sanctioned and controlled devices or BYOD devices.
No-Code Automates Integration of App Security
With app updates, OS updates, new apps and increases in the numbers of devices accessing corporate network, the effect is like a one-two-three-four punch to organizations just trying to keep up. Add that to the growing shortage of software developers! Although it’s easy to claim there’s a single solution to the problem, one thing is becoming clear: no-code integration of app security is reducing the pain to a routine task of provisioning devices.
Developing code without actually writing code can accelerate go-live substantially. It allows the integration of essential policy compliance services into mobile apps – even on unmanaged devices – with no need to write or maintain integration code.
A no-code security integration solution can eliminate the errors that are the bane of developers who are charged with implementing app-level security. And no-coding can automatically embed military-grade encryption that ensures corporate data is always safe, even when the device isn’t under enterprise controls.
“Many frameworks exist for mobile platforms that cover security concerns and allow developers to abstract themselves from some of the more challenging decision/implementation woes,” according to Security Boulevard. While that’s true, written between the lines is this: mobile developers just want to focus on innovation, not on the drudgery and risks inherent in mobile app security integration. For those developers, no-code security integration is quickly becoming a standard.