Welcome!

Michelle Drolet

Subscribe to Michelle Drolet: eMailAlertsEmail Alerts
Get Michelle Drolet via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Security Journal, Mobile Apps and Frameworks

Article

Four Signs Your Mobile App May Be at Risk | @CloudExpo #Cloud

How can you make sure the mobile apps you access are secure?

A security profile should be at the top of the developer's list when compiling a mobile app but that's hardly the case. That's a pity, because building a profile is easier to do during the dev phase. Are most mobile apps putting your data at risk? Most likely so. According to the most recent report from Lookout, the number of Android devices affected by malware is more than 6 million.

Luckily, there are telltale signs that indicate an insecure mobile app. Becoming the nose on a hound dog will let you sniff for clues of any potential harm of a data breach. Otherwise it will cost you. The Ponemon Institute's Cost of Data Breach Study says average costs for a single breach increased by 15% last year, reaching $3.5 million.

Data Leaks
One obvious sign that an app might have malicious intent is a sudden, uncommon data access pattern. These patterns are concerning because some apps record your unencrypted data so it can be sent to a designated server. Once there, ruthless business rivals or cyber-criminals may collect your data. This transfer of sensitive data is very common and frequently goes unnoticed.

Excessive data usage or unexpected charges on a cell phone bill may signify the presence of malware. You need to monitor the amount of data each app uses. If you find suspicious activity, flag it. If you establish an audit trail, you will have a clear picture of data usage.

Inability to Encrypt Corporate Data
It is unrealistic to think that employees will voluntarily follow a mobile device management (MDM) policy that prohibits them from installing apps on their devices. This is especially true if the device belongs to the employee. You can mitigate the data leakage problem and user installed malware issues by ensuring that all your corporate data is encrypted and remains inside a secure container.

Insecure Transfers
Although cloud-based services are a convenient option when transferring files, if your staff is using a third-party app there is no guarantee that your files are secure. According to a new Netskope report, 88% of cloud apps being used as part of the BYOD trend are unsafe. This report also states that 15% of employees' credentials have already been compromised.

If you do not have a system that secures the transmission and employs the encryption of your files, you may be unknowingly leaking data everywhere.

Unauthorized Users
This is an obvious risk to the security of your data. If you decide to allow mobile devices to access your network remotely, then you need to take the appropriate steps to authenticate the user.

Mobile Apps Are Not Tested to Ensure Security
Enterprise app development focuses on business value, as opposed to security. For this reason, you need to consider professional penetration testing. It can uncover vulnerabilities and weaknesses you may have overlooked.

Building effective security is much less expensive and easier to do during the development of an app. You should consult with an expert to ensure that security testing remains an important portion of your software development process from the beginning.

More Stories By Michelle Drolet

Michelle Drolet is founder of Towerwall, a data security services provider in Framingham, MA with clients such as PerkinElmer, Smith & Wesson, Middlesex Savings Bank, Brown University and SMBs. You may reach her at michelled@towerwall.com.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.