February 11, 2016

You Can’t Afford to Make Mobile Security an Afterthought

Creating applications with security your users can trust, and planning for safe interaction throughout app lifecycles, should be a part of your business development strategy — not an afterthought.

Why Mobile Security is Business-Critical

Until now the expectation has been that users should be responsible for their own security once the product is in their hands. After all, users are often slow to install updates with vital security patches, create adequate passwords or steer clear of questionable wireless connections. That can hardly be blamed on the developer.

But companies need to take a more proactive stance in inspiring safer user behavior and ensuring continued product security. Why? Because it’s in the best interest of their business, frankly.

infographic regarding number of users deleting app following security concerns

Recent research indicates more than half of users would delete an app over security concerns, and a significant portion of users are avoiding questionable apps altogether because of increasing privacy and security concerns. As a result, a widely-reported security flaw could prove catastrophic for an app developer.

Additionally, big-name security breaches such as the iCloud celebrity photo hack have shown us that the division of responsibility between user and provider may be irrelevant. Users don’t care whether the breach came through the poor password management of a fellow user or an integral security flaw in the product — by the time the smoke clears, the product’s image will have taken a hit and its user numbers will drop.

Integrated & Collaborative Security Measures 

Some of these problems could be mitigated by employing new authentication measures. Our reliance on passwords and PINs (and the ability of users to keep those passwords safe) may be coming to an end. Biometric support may be one way forward, particularly for banking and enterprise applications that depend on airtight authentication measures.

Experts are also revisiting which user data is being collected, how it is collected and where it is stored. The GSMA recently released its first detailed report of security guidelines for IoT devices and applications. The report is the aggregated knowledge of every major player in the mobile space and begins by asking IoT service providers simply: “what data is needed/collected?”

infographic data gathering flowchart for mobile devices

The GSMA IoT Security Guidelines, February 2016

Many of these security issues are not necessarily technical in nature, as is addressed in an excellent new 2016 report, regarding the need to address non-technical security risks in mobile app development.

Forrester infographic showing different non-technical security issues

 

But what is certain is that this will be an ongoing battle. Mobile security concerns are simply woven into the fabric of the strange, exciting, connected world we find ourselves in.

Consequently, the focus should be on collaborating with the user in maintaining device security throughout the product’s lifespan and implementing built-in and continued security features that help build user trust.

Because security doesn’t need to be a necessary evil, in fact it can prove to be a key component in enterprise user acquisition strategy.

The way forward will include a series of interconnected measures such as:

  • Revisiting which user data you collect and the ways you manage it
  • Securing authentication and access control
  • Creating an environment where you support and guide user best practices
  • Making app security testing an integral part of your software development life cycle
  • Adopting stronger encryption of sensitive information being transmitted over the network
  • Using an Enterprise Mobility Management tool to control the ways employees use mobile devices in a business context

2016 is predicted to be a year of evolving security threats, as varied and sophisticated attacks focus on consumer, enterprise and service provider targets. Making mobile security the cornerstone of your 2016 game plan will help minimize risk and maximize user happiness.