Posts Tagged ‘security’

How safe is your mobile app?

February 9, 2011

2010 was, for many organisations, the year of the app. Executives across all sectors rolled out apps to provide a new channel for customer interaction. 

For many businesses, the aim has been to enhance relationships and engage clients. More and more customers have smart phones, powerful internet-enabled devices that allow users to work and play online from the palm of the hand. However as we move into a world of more devices and even more apps my concern is that are users and business acting responsibly when it comes to security?

There is quite a bit of “User Naivety”. How many mobile users set a strong password lock on their mobile phone, if they set one at all? This knowing that some apps and sites “stay logged in”, giving any user with access to the phone access to the app ! Not so bad for angry birds maybe, but what about mobile banking !

Then, when downloading apps it is surprising how freely access is given to phone functions to a vendor of an app that the user has never heard of or checked their reliability. For example many users do not realise that an app can access any phone function or data on the handset. It is very feasible to write an app that goes through your phonebook and sends email addresses to spammers, or one that automatically sends expensive premium rate texts in the middle of the night !

This kind of user naivety is similar to users on desktop PC accessing a supposedly secure site without checking SSL Certificates.

What about simple things like other people looking over your shoulder? What about if you lose your phone? What about when your ever-smarter phone becomes your electronic wallet? The security implications are huge !

Scare mongary? Well (see further reading) many USA banks have already see breaches in their mobile apps !

Some of the same fears can be repeated in the corporate arena. Do you really want people logging into native apps while they’re on the move? What if devices go missing? Could corporate firewalls be compromised?

Whilst some app stores provide some basic checks none of this can necessarily be relied upon, and it is only time before we hear of more regularly of mobile security breaches and virus’s.

Whilst solving the cross platform mobile apps issue, the impending move towards HTML5 based apps could see even further challenges as the web itself becomes an endless appstore of it’s own.

The app has been the web-based sensation of the last 12 months. But we have a long way to go before native apps and in the future mobile web apps can be considered a secure means to access confidential information. And for the enterprise environment, that day could be a long way off.

Further Reading

http://goingcellular.com/mobile-applications/citibank-discovers-security-breach-in-iphone-app-443045/

http://www.digitaltrends.com/mobile/major-mobile-banking-app-security-holes-uncovered/

http://www.drdobbs.com/security/226500191;jsessionid=IE0BUOZ53VALLQE1GHRSKHWATMY32JVN

Think online and offline to avoid getting stuck in the clouds

October 20, 2008

The Telegraph Media Group (TMG) recently announced it is not refreshing its current Microsoft Office, Exchange and Windows XP deployment and is instead moving about 1,400 internal users to cloud-based service Google Apps.

TMG’s decision to move into cloud computing – where IT-related capabilities are provided using internet technologies – could be indicative of a sea change.

More IT managers are considering a similar transition to desktop provision through the cloud, where employees can access applications and information through internet-enabled devices. For IT managers looking to the cloud, is there any major difference between online and offline provision?

The key benefits of an off-the-shelf package are well-rehearsed. Most employees will have spent most of their working lives adapting or using standard Microsoft Office packages.

Standardisation promotes usability, with workers able to benefit from working with an accepted format for spreadsheets or written documents. Such usability has helped cement Microsoft’s desktop dominance – until now.

Where as IT managers would previously have shied away from change, most now realise that best value requires an innovative and transformative approach.

Google Apps, for example, encourages collaboration. Users are able to benefit from a broad suite of applications, sharing and creating knowledge documents attached in Google Mail.

Cost is also an important factor. The Premier Edition of Google’s desktop service offers low-cost licensing and technical support, with bugs fixed and patches updated automatically.

Problems associated to storage are also removed, as information is stored in the cloud, rather than on a firm’s own resource-hungry servers.

But such a method can bring security concerns. Storing information centrally means IT managers need to be aware of potential dangers and ensure workers are trained.

And while TMG’s move into the cloud shows a leading-edge stance, mass adoption will rely on providers – such as Google – ensuring online applications have a familiar feel and high-specification functionality.

Working in the cloud also means users will need 24/7 access to the internet. Look for a provider that can match your demands, allowing workers to use cloud-based tools offline – because a drop in service availability can have damaging effects on productivity.

While the world gets carried away with rich internet experiences through Ajax and Web 2.0, users must remember the browser also serves a meaningful life offline – as well as online.

Google’s approach shows how businesses can create applications, whether workers are connected or disconnected – which has to a useful trick in helping your firm to stay ahead of the game.

And moving from the tried-and-trusted into the clouds should be all about increasing efficiency.


Digg!