Basic Mobile Device Applications and Security - dummies

Basic Mobile Device Applications and Security

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Variables that will impact your mobile device security strategy include the applications running on these devices. Each type of application comes with its own set of security concerns, such as the ability to control who gets access to the application (access policies), as well as the ability to restrict specifically what each individual user may access within each application (granular control).

E-mail and messaging

E-mail and messaging applications are among the most popular enterprise applications leveraged on mobile devices. The most common include e-mail send/receive, calendar, contact, and task synchronization. These applications are typically accessed via a Microsoft Exchange e-mail server (or similar).

Other messaging applications include chat or instant message, short message service (SMS), multimedia message service (MMS), and, potentially, video-conferencing applications.

The primary concern that enterprises have when enabling e-mail access from mobile devices is the loss or theft of the e-mail data. Enterprise e-mail can contain all types of sensitive information, from financial results to product designs. Sending that data to a mobile device that can easily be lost or stolen can be a scary proposition.

Web-based applications

Every smartphone on the market today includes a web browser for viewing web pages and for leveraging web-based applications. In some cases, the application developer has optimized special versions of the application for mobile device access; in other cases, the web content is the same whether it is viewed on a smartphone or on a desktop PC. Regardless, these applications are unique in that they are accessed exclusively through a web browser, with no installed device application or other client-side component.

Despite the fact that web-based applications are hosted on a server in the network, there are still exposure and security concerns that you need to be concerned with, including the following:

  • Some data might be downloaded and stored on the device.

  • There is the possibility of man-in-the-middle or other types of attacks that can hijack or intercept the web application session and leverage that to steal data or to download malicious code to the mobile device.

Client/server applications

Client/server applications are traditional fat client applications, which require that the device has natively installed software to run the application. These installed applications communicate with application servers running inside the corporate network.

As enterprises have embraced smartphones and tablets as productivity tools, and increasingly as primary devices, the need to allow users to access everything that they are able to access on their laptops and desktops has become prominent. As with other applications, these types of applications aren’t without their security issues, so when rolling these out, ensure that your security strategy can protect the data associated with these applications.

Standalone applications

Standalone applications are those that function on the device itself, with no server-side or backend component. There are many such applications. In the enterprise, the most common applications in this category are office or productivity applications. Many of these applications have a web-enabled component, but they are primarily used for viewing and editing spreadsheets, documents, PDFs, and presentations.

The issue is that these are the types of files that typically contain your most sensitive corporate data. Ensure that you are properly securing this data, both when it is stored on the device and when it is transmitted to or from the device.