The Goldilocks Approach for Mobile App Security
Apperian, one of our top partners, hosts a podcast series called LiME - Life in the Mobile Enterprise. If you are in enterprise mobility and do not know about this podcast series already, you should subscribe to the series on iTunes right away. They have a fantastic collection of topics and speakers!
John Aisien, our President and COO, was recently invited to this podcast to talk about the importance of uniting mobile app security with app usability. In the podcast, John discusses:
How Mobile App Security Measures Usually Hamper App Usage
The primary interaction tools for any mobile user are the applications on their device. John discusses how enterprises should ensure that mobile app security measures do not impede app usage.
The two drivers for security and usability coalescence in the enterprise are (a) end user expectations, and (b) business expectations of a high degree of security - this applies to data as well as the app itself.
The Goldilocks Model of Mobile Apps
Enterprises need to approach mobile app security and usability with a Goldilocks Model, in which users achieve the perfect balance between the two seemingly opposing forces mentioned above. John recommends one key consideration to achieve the Goldilocks level: alignment. The levels of data security and app controls have to be aligned with the type of data, transaction and user role.
Who, Other Than IT, Should Care About App Security?
Recently, I wrote a blog post that serves as an open letter to the enterprise in this podcast. In that blog, I discussed how NOT to become a Mobility Prevention Expert. In this context, John talks about how cross-functional teams, not just IT, should join forces in pursuit of app security. A strong partnership (in the form of a Mobile Center of Excellence (MCoE) between the following user groups is critical for success:
- Mobile app developers: they build the apps that end users need. They need the security burden to be lifted off their shoulders, so that they can focus on building usable apps.
- End users: though they might not emphasize the importance of security directly, they must be aware of the vulnerabilities and the consequences concerning app security.
- Business App Owners: securing the data stream from the app to the backend infrastructure (say, a CRM database) is extremely important for them.
- C-level Executives: modern enterprises have a new challenge. Too many CEOs, CIOs and CISOs are affected by data security breaches today.
Striking the Right Balance Between Security and Usability
To focus on securing what matters, enterprises must assume a zero-trust model. Securing a device is not sufficient any more. Assume that devices cannot be trusted, and instead secure the app and data stream that is being accessed; enterprise apps, however, must still be as usable as any consumer app (such as Twitter, Facebook or Uber).
In closing, John has these recommendations for enterprises that are in the "thick of it:"
- Be ambitious. Visualize the possibilities with mobility in your enterprise!
- Establish a constituency of users.
- Recalibrate quickly based on the usage patterns.
- Focus. The top objective should be to drive mobile app usage.