Don’t Forget Security When Developing Corporate Mobile Apps – Time for Another Look

mobileapps

About a year ago, I wrote a post about the importance of security when developing mobile device apps. As part of the post, I also discussed the importance of security when evaluating the “bring your own device” to work (BYOD) phenomenon and the growth of the Internet of Things (IoT). Today, a year later, it’s time for another look.

If you’re creating an app, are you using tools provided by a managed service provider (MSP) allowing multiple people in multiple places to work on it? Does the MSP charge by the seat for the tools to be used, or is it a group license? Today, businesses try to offer apps on both the Android and iOS platforms, so you need to make sure that tools for both platforms are available. Most importantly, before launch, test your app over a wide range of devices and employ as many testers as possible.

Now, how many businesses have apps specifically designed for their industry? Recent developments, especially in the healthcare sector, require customized apps to better serve the needs of their stakeholders, in their case, patients and medical care professionals. In addition, healthcare organizations are also finding that off-the-shelf apps don’t always meet their needs. A side benefit to creating a customized app is that a business can release it in the general marketplace and create another revenue stream.

As the BYOD phenomenon further evolves, businesses are finding that apps may not exist that work both for their organization’s devices and their employees’ devices. This propels businesses to develop apps to perform on a myriad of devices.

Of course, this leads us to the elephant in the room: users’ privacy concerns. What information does your app require in order to download it? In an industry with compliance issues, one must be sure that the requirements for regulatory environments are met.

If you’re putting your app into the open market, how is cost determined? Is user information more carefully guarded if the app has a cost associated with it (data saved to the cloud) or some usability is deactivated if the app is offered for free? For example, apps that track your health and well-being: if the app is paid for, is the data being used offering real-time health status versus a free version of the app that may only provide limited use.

If your business has created an app, how do you measure its success? By the number of downloads? By the number of reviews? By the number of in-app purchases? Or by some other metric? However, don’t ever forget that you have an obligation to your users to protect their confidential information – regardless of if they paid for the app or got it for free.

Lastly, consider this scenario. What if your app is hacked? What measures are in place to protect your users’ information? Do you have a protocol in place to notify users of the breach? Do you have a procedure in place that will take the app down and rebuild it? Don’t enter the app market if these questions aren’t answered first.

Image Credit: KROMKRATHOG via FreeDigitalPhotos.net.

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Advertisements

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in BYOD, Data Breach, Data Security, Internet of Things, MSP, Privacy Rights and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s