App security should become a part of the design included in every new app release and should be part of the scope of a tender if you are engaging a third-party for development.
Here are some things to consider when you are introducing new apps to your network.
- Establish a risk profile for your apps -- consider the value of the information they may contain.
- Integrate industry standard best practices to build your application development security framework. This may require specialised staff or contracts.
- Realise what your security pain points are in your current applications and then develop a process and build the framework around these gaps.
- Develop secure APIs and if they're only for business, lock them down.
- Create a policy or procedure for pre-defined app development requirements. Applications should be designed and implemented with security in mind.
- Consider a mobile device management suite to secure devices and corporate apps.
I'm not suggesting an intrusive or disruptive complete overhaul. But consider seriously how you plan your mobile security and API development based on the risk that already exists.
Remember, the number of mobiles running corporate APIs to apps will increase the number of possible breach points into your network.
You simply can't trust third-party unsigned code or applications completely without verifying that the data and/or code has not been tampered with during transit, under execution or by design.
Mobilisation is a great move forward for many businesses. I am convinced it will minimise costs and create greater flexibility in the workforce. However, it must be leveraged within the context of the threat and possible damage to the brand and therefore the business.