ICSA Labs released a list of 5 mobile app security tips to help enterprises protect their data.
1. Dynamic analysis is a must. If deploying security tested mobile applications is required by your company’s IT organization, consider mobile applications that have undergone dynamic analysis. This involves testing a mobile application while it is running in a live environment including all the appropriate back-end systems with which the app normally communicates.
2. Conduct due diligence when selecting a mobile application developer. Make sure the mobile app developer is legitimate, trustworthy and has a history of quality app development. Another good due diligence step is to ask app developers if they have their own testing and certification practices.
3. Build an enterprise app store. If, as an enterprise, restricting certain mobile apps seems like a futile effort, build your own enterprise app store. The store should only include independently tested and approved mobile applications. Also, build and share a list of mobile apps from the enterprise app store, as well as other apps deemed secure. This can help prevent employees from downloading apps from other, possibly rogue locations.
4. Develop and share broadly your mobile device policy with employees. They need to know and understand the ground rules for bringing their own devices into the work environment, and know if this practice is forbidden. Be sure to develop and clearly communicate your policies. Nothing wreaks as much havoc on an organization as ill-informed employees.
5. Don’t fight a losing battle. Research and implement the right mobile device management solution that adequately supports the bring-your-own-device policy, so you are not swimming upstream. Enterprises should be in the driver’s seat when it comes to managing the mobile device environment. It is far easier to get ahead of the curve and then to make corrections after the fact.