How to Win in the Enterprise Mobility Market
Last year we exhibited SeaCat at the Web Summit in Dublin. On the second day I explored the venue visiting different exhibition booths in the Mobile Enterprise area and talking to the people there. Many of which have already developed mobile applications and other mobile solutions for enterprises and big companies. While these conversations were interesting, one thing in particular stood out. Regardless of the size, industry, or platform of the prospective client, they all had one thing in common — security, or lack thereof.
Surprisingly, the summit attendees had varying backgrounds ranging from developers, startups, and corporations yet they all responded similarly when I asked about the underlying security of their mobile apps and the back-ends. Their position is that they “are as secure as the infrastructure at our customers,” an alarming approach when discussing mobile applications that are more sensitive to security breaches than desktop applications.
CRM or BI data is traditionally accessed from office desktops. In this traditional environment the data remains within the internal network and is safe from threats. However, once CRM or BI data is accessed from mobile devices, it is beyond the protection of the enterprise network because the data is exposed to the outside internet.
Therefore, if you are an enterprise mobility vendor, your customers probably have not solved this particular security issue and rely on you as the developer to anticipate and respond to these threats. There is a potential risk of losing the client deal if you cannot show that have you aware of these threats. Even if you do get the deal, sooner or later you will be requested to fix the security part. That is not an ideal position to be in especially if you do not know to even solve the problem.
All hope is not lost. The solution lies in becoming educating on new security issues and establishing a protocol for addressing the same. Here are a few features you can employ to cover most basic security concerns as it relates to mobile applications and back-ends:
- Backend isolation
- Access control
- Automated client certificate request/renewal
- Protection of private key on mobile device
- Mutual SSL authentication
The above-referenced summit scenario is common given the rapid growth of mobile adoption. At the beginning of the mobile era, user experience and (visible) functionality were the only things that mattered. Today, security is becoming more crucial as more data breaches occur in organizations big and small. Naturally, enterprises try to avoid this kind of publicity so they are seeking developers who are knowledgeable about current security trends and requirements.
If you are in the mobile enterprise market, take security seriously. Do not rely solely on the skills and knowledge of mobile app developers because their underlying focus is on building a beautiful, functional application. Instead, use the best practices available and offer your customers not just functionality but also security.
Send us an email at firstname.lastname@example.org to get a free consulting session on your mobile solution and learn if there will be any potential risk to your data.
Photo credit Web Summit
Data encryption tool for GDPRMore information
You Might Be Interested in Reading These Articles
Securing data transferred between different endpoints is important not only through public networks but also in private networks. The data has to be protected if it is business critical or if modification or interception leads to a security incident with a high business impact.
Published on May 03, 2016
With the year on year rise in ecommerce, there is a corresponding rise in online fraud - in fact, according to Financial Fraud Action UK, this type of activity had increased by a quarter to £399.5 million in the first half of 2016. The most recent manifestation of this is the concept of “testing” - this is where the criminals try small purchases to check the validity of card details, before moving in for the kill.
Published on July 04, 2017
The official source of OpenSSL software is the OpenSSL website. One can download OpenSSL source codes archives and compile them for a given platform. The compilation work can sometimes be quite tedious, especially for exotic platforms. We, at TeskaLabs, set up this page because we frequently compile OpenSSL for various platforms for our internal purposes and this may save some time to other developers.
Published on July 20, 2017