To Achieve True Mobile App Security: Use the ‘Less is More’ Approach

by T.L. Neff, executive vice president of global client services for Verivo Software

Who would have thought that the ‘less is more’ approach has its place in achieving mobile app security? You would think the opposite holds true — better security can only come from adding more safeguards, more rules for users, or more third-party security tools.

But when you examine mobile app security through the lens of streamlined application design—‘less is more’ makes sense.

If you want to lower your risk of exposing sensitive data through compromised mobile app security, try designing mobile apps in such a way that you minimize the amount of data you expose in apps or allow in device downloads.

For example, you can design an enterprise mobile app so the sensitive data stays server-side, and is only viewable on the device while the authorized user is within coverage range.

Designers can also be more selective about what they really need to show within a mobile app. For instance, rather than mobilizing an entire customer relationship management system or big chunks of sensitive information, the IT team can mobilize only a handful of “must have” screens or functions.

We recently worked with one of our clients on this stripped-down approach and the app worked so well that even when users had secure access to the full-blown CRM system, they prefer to use their mobile device because it was faster and more effective than using a laptop.

So my suggestion would be to streamline the app, and you can often improve both usability and security. It just takes some forward thinking during the planning process about what data you want to expose on screen or to local device storage.

App design can make use of icons or color codes to limit the data you expose while also speeding up navigation.  A company might have three tiers of customers according to sales volume, but it’s probably not a good idea to spell out the full meaning of those tiers. Instead, a simple color code can clue the internal app user into what tier a particular customer is in, while adding an inherent safeguard should the user’s device get misplaced or stolen.

Even for less sensitive data, displaying a visual icon can convey information more quickly within a mobile app. For example, if a client has an upcoming birthday noted in the system, rather than having the app display a text reminder, the app design could display a “boxed present” icon if that client’s information is called up in the app. It all comes back to picking and choosing what you put in the app in the first place.

Of course, specific security mechanisms are still crucial. You must use a mobile platform with integrated security capabilities that will allow you to set up passwords, log-on, and authentication, or for handling data encryption for mobile apps. Some platforms allow an app to be set up so that enterprise data automatically times out and disappears, even if the network connection is turned off. This capability comes in handy especially if a device is lost or stolen.

There are some device management tools that effectively separate enterprise from personal data on a mobile device, allowing the enterprise portion to be wiped clean if the device is compromised.

Overall, users must include security factors while designing the app.  Sure, you can be conservative about what you expose in the first place.  Definitely consider some limits on what can be downloaded, and think about using graphical cues instead of text. By taking these kinds of steps, you’ll likely end up with apps that are more streamlined and user-friendly, and minimize security risks for your company.

The bottom line: don’t approach security as a set of utilities you put in place after apps are deployed. You’ll get better security through more of a life-cycle approach where you design with security in mind, and also test for security.

Read the original article.