Securing Mobile Applications – Enterprise MAM Security Options

By Robert Gerner

As mobile devices continue to infiltrate organizations, the demand for mobile applications is growing rapidly. Employees request applications that connect them to enterprise resources, increase their productivity and promote collaboration with employees. Smart organizations provide employees with company-approved public and custom-built internal applications.

To streamline the challenge of acquiring, distributing, securing and tracking mobile applications, enterprises can deploy a mobile application management (MAM) solution to easily manage internal, public and purchased apps across employee-owned, corporate-owned and shared devices from one central console.

With the rise in the demand for mobile applications in the enterprise, an increased number of organizations are utilizing solutions to secure mobile applications. Not only allowing, but encouraging employees to use apps at work can be intimidating without the right resources. However, resources such as app scanning, app wrapping, application software development kits and app catalogs can be deployed to manage mobile apps within the enterprise. Once an organization is armed with the correct tools for MAM, the company can empower employees with mobile apps while ensuring that corporate data and employee information is secure.

App Scanning

While applications present many benefits in the enterprise, apps also introduce risks if they are not properly secured. IT administrators must implement a plan to block malicious applications and ensure that internal and third-party apps meet their organization’s security standards. In addition to protecting organizations from publicly available malicious applications, administrators should address concerns around apps accessing personal data on employee-owned devices. Organizations should implement app scanning into their mobility initiative to address these concerns.

App scanning allows administrators to identify common app risks, such as access to privacy settings, exposing user contacts or geolocation information, insecure network connections, malicious code and more. IT can run app scans, view app analysis and use that information to assess whether an application is safe for business use or blacklist the application if it does not meet the minimum security standard.

Organizations must know what information an application is accessing to determine if the application is safe for employee use. Every company has different security needs and must evaluate applications based on the needs of the organization. For instance, while some companies may be able to utilize location-based apps, other enterprises may restrict them depending on the sensitivity of the data involved and mobile device policy agreements with employees.

App Wrapping

In addition to third-party applications, many enterprises are building internal applications for specific business and employee roles. However, IT must ensure the applications are secured and corporate data isn’t compromised, whether applications are installed on corporate-owned or Bring Your Own Device (BYOD) equipment.

Another solution to secure mobile applications is app wrapping, which gives existing internal applications an extra level of security and management capabilities, without further development or code change. With injected code, developers benefit by not spending time coding for additional features. Possible app wrapping capabilities include restricting application access and securing data at-rest with data encryption and in-transit. Data loss prevention (DLP) restrictions can prevent copy/ paste, printing, screen capture, Bluetooth and opening files in other applications. Administrators can restrict access to an app based on network connectivity like cellular connection or roaming status. IT can wipe local app data and block app access completely if a device is compromised. Additionally, a simplified user experience can be enabled with single sign-on user authentication.

Application Software Development Kits

Software development kits can provide developers with access to security, configuration and reporting features for developing internal applications. Sample features and functionalities offered by software developments kits include user authentication, compromised device detection, data loss prevention, certificates, branding, over-the-air app configurations and app tunneling.

Organizations can provide convenience and flexibility to employees by building internal mobile applications that are secure. For example, aviation companies are building unique apps to allow collaboration among cabin crews on routes and schedules, and retailers are developing apps to allow employees to indicate preferred work shifts.

App Catalogs

MAM solutions can often be integrated with public app stores such as the Apple App Store, Microsoft Store and Google Play store to allow access to public apps through an app catalog. Enterprises can select which applications are included in the organization’s app catalog and indicate whether apps are reimbursable or non-reimbursable.

Administrators can use the app catalog to push specific applications automatically when users enroll in mobile device management (MDM) or MAM and make applications available for on-demand installation. Users can typically view, browse, search and install public, internal, recommended and web applications within an app catalog.

Organizations can integrate the Apple Volume Purchase Program (VPP) with the company’s MAM solution to purchase apps, iBooks and custom B2B apps in bulk and easily manage the licenses. For example, education applications can be purchased by a school and pushed automatically to enrolled student, teacher or administrator devices to enhance the learning experience. Additionally, companies are able to use the program to purchase public applications and customer business-to-business apps to deploy to specific users, departments or enterprise-wise. As an added benefit, administrators can revoke an app license from a user or device and make the license available for another user or device. The license is always owned and managed by the organization, which contributes to app cost and distribution management.

When it comes to adopting mobile applications in the enterprise, the less time organizations spend worrying about security, the more they can focus on driving core business strategies. Therefore, understanding how to manage mobile applications is critical to any organization’s mobile strategy.

About the Author

Robert Gerner is the Enterprise Account Executive for AirWatch by VMware.