Story image

Interview: Building secure apps from the ground up

13 Nov 18
Sponsored

Digital transformation is allowing companies to automate many in-house processes and make them more efficient by building their own apps.

However, these apps need to have security built into them from day one, or they may unknowingly become another threat surface attackers can leverage.

Techday spoke to Mobile Mentor mobile security head Liz Knight about common threats they’re facing, how companies can secure their apps, and why this is important.

What are your roles and responsibilities as head of mobile security with Mobile Mentor?

I lead a team of specialised engineers that are experienced in deploying mobility solutions to government and enterprise customers.

We are trained and certified with the major Unified Endpoint Management (UEM) vendors as well as Google and Apple which gives a holistic understanding of the mobile ecosystem.

The team is responsible for designing and implementing mobility solutions that have integrations with customers cloud and on-premise infrastructure.

This includes securing devices with the latest vendor solutions including Apple Business Manager, Google Android Enterprise and Samsung KNOX, protecting devices from malicious applications and designing specialist configurations to meet customers’ security requirements.

We have unique knowledge and experience in how to deploy and secure enterprise apps, enabling Single Sign On (SSO) and access to remote systems.  

Why is mobile security important in app building?

Security should be a key consideration from the initial design phase before any build even begins.

Apps can be vulnerable to data leakage, malicious code insertion, privacy issues and other security threats.

Securing enterprise apps may be as easy as adding an SDK such as the Intune App SDK to containerise and encrypt app data or the ADAL library to enable SSO leveraging Azure Active Directory (AAD) during the build phase.

You don’t want to finish your app build and then realise the app is not secured and users can’t authenticate using their corporate credentials.

What are the security threats you've encountered and what other trends are you seeing?

While we don’t see much rooting or jailbreaking of devices these days, we do see threats from insecure networks, browsing and malicious apps.

Many older Android devices are not encrypted which means data leakage is a major concern.

Some apps look reputable but maybe sending data offshore to third-party servers and have access to the device KeyStore and other functions such as the microphone and camera.

We recommend customers use a Mobile Threat Defence (MTD) solution to get visibility of risky apps and integrate with an UEM solution to automate the quarantining of devices that have been detected with malicious apps installed.

 How does PowerApps factor in security from the app building stage?

PowerApps leverage Azure Active Directory for authentication out of the box which includes the ability to enable Multi-Factor Authentication (MFA).

MFA requires the user to provide an additional factor of authentication before access to an app is granted.   

Is there the possibility to integrate offerings from external security vendors? 

Yes, the best approach to PowerApps security is a layered approach.

Start by using an UEM solution such as Intune to secure the device layer, then leverage vendor solutions such as Apple Business Manager and Android Enterprise to apply policies and data loss controls around the deployed PowerApps and then leverage Azure AD and MFA to secure the authentication and user identity.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Cohesity signs new reseller and cloud service provider in Australia
NEXION Networks has been appointed as an authorised reseller of Cohesity’s range of solutions for secondary data.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.