ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Managing the Enterprise Mobile App Security Environment

Managing the Enterprise Mobile App Security Environment

Mohammed J. Khan, CISA, CRISC, CIPM
| Published: 7/25/2016 3:06 PM | Permalink | Email this Post | Comments (0)

Look around you and, in fact, at your own behavior, it is true that we are living in the age of mobility and it is getting more mobile every day. At first, it was an enterprise-driven mobile movement in the ‘90s, and soon after the Internet boom, consumer mobility platforms took over. We now see a parallel cross-integration between the consumer- and enterprise-driven mobile solutions in the workforce. This trend tells us that the chance of employees utilizing their own devices but conducting work-related activities will, in due time, result in a major financial loss, legal or governmental issues, or reputational risk because of the loss of a mobile device or data due to insecure mobile technology.

Unlike traditional enterprise software—such as web or desktop, where the enterprise server is controlling much of the security—mobile apps on a device are more prone to reverse engineering efforts by hackers and malicious actors out to steal data.

Mobile devices are unique due to the nature of the way we operate them; they are outside of the physical confines of the brick and mortar office building. Essentially, a mobile device is a walking liability and without the proper protection they demand, data could become lost and are bound to become an issue at the enterprise level. 

There are some basic steps each organization can take to properly secure mobile devices, whether they are employee owned or company issued devices:

  • Anti-malware software
  • Authentication controls
  • Securing enterprise software with secondary authentication
  • Specialized gateways for extremely sensitive apps
  • Secure mobile devices with tracking software (e.g., remote wipe)
  • Enable best practices at the enterprise level for mobile app development

These are just some ways one can secure their consumer- and enterprise-developed mobile devices; the enterprise environment requires such best practices.

Read Mohammed J. Khan’s recent Journal article:
Mobile App Security—Audit Framework,” ISACA Journal, volume 4, 2016.


There are no comments yet for this post.