Story image

Interview: Building secure apps from the ground up

13 Nov 2018
Sponsored

Digital transformation is allowing companies to automate many in-house processes and make them more efficient by building their own apps.

However, these apps need to have security built into them from day one, or they may unknowingly become another threat surface attackers can leverage.

Techday spoke to Mobile Mentor mobile security head Liz Knight about common threats they’re facing, how companies can secure their apps, and why this is important.

What are your roles and responsibilities as head of mobile security with Mobile Mentor?

I lead a team of specialised engineers that are experienced in deploying mobility solutions to government and enterprise customers.

We are trained and certified with the major Unified Endpoint Management (UEM) vendors as well as Google and Apple which gives a holistic understanding of the mobile ecosystem.

The team is responsible for designing and implementing mobility solutions that have integrations with customers cloud and on-premise infrastructure.

This includes securing devices with the latest vendor solutions including Apple Business Manager, Google Android Enterprise and Samsung KNOX, protecting devices from malicious applications and designing specialist configurations to meet customers’ security requirements.

We have unique knowledge and experience in how to deploy and secure enterprise apps, enabling Single Sign On (SSO) and access to remote systems.  

Why is mobile security important in app building?

Security should be a key consideration from the initial design phase before any build even begins.

Apps can be vulnerable to data leakage, malicious code insertion, privacy issues and other security threats.

Securing enterprise apps may be as easy as adding an SDK such as the Intune App SDK to containerise and encrypt app data or the ADAL library to enable SSO leveraging Azure Active Directory (AAD) during the build phase.

You don’t want to finish your app build and then realise the app is not secured and users can’t authenticate using their corporate credentials.

What are the security threats you've encountered and what other trends are you seeing?

While we don’t see much rooting or jailbreaking of devices these days, we do see threats from insecure networks, browsing and malicious apps.

Many older Android devices are not encrypted which means data leakage is a major concern.

Some apps look reputable but maybe sending data offshore to third-party servers and have access to the device KeyStore and other functions such as the microphone and camera.

We recommend customers use a Mobile Threat Defence (MTD) solution to get visibility of risky apps and integrate with an UEM solution to automate the quarantining of devices that have been detected with malicious apps installed.

 How does PowerApps factor in security from the app building stage?

PowerApps leverage Azure Active Directory for authentication out of the box which includes the ability to enable Multi-Factor Authentication (MFA).

MFA requires the user to provide an additional factor of authentication before access to an app is granted.   

Is there the possibility to integrate offerings from external security vendors? 

Yes, the best approach to PowerApps security is a layered approach.

Start by using an UEM solution such as Intune to secure the device layer, then leverage vendor solutions such as Apple Business Manager and Android Enterprise to apply policies and data loss controls around the deployed PowerApps and then leverage Azure AD and MFA to secure the authentication and user identity.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."