Why Your Company's Mobile App Needs Better Security
Encryption has gone mainstream. The popularity of “mobile first” approaches to business is pushing workloads onto mobile apps, leading to new opportunities, as well as new challenges for organizations. WhatsApp’s recent end-to-end encryption rollout is just one part of a movement towards reassuring app users that their privacy is being protected. With the FBI-Apple conflict in its second round in the New York court system, the security of individuals’ and businesses’ private data has gone from a theoretical concern to one of the main criteria used to select apps.
While some people and businesses are not bothered by domestic government surveillance, there are also foreign governments, hackers, industrial espionage, and potential lawsuits to consider.
Unfortunately, some experts believe they are trumped by an even greater risk from unencrypted data. Discussing potential FBI v. Apple fallout with DC Inno, Eastern Foundry CTO Zachary Hanif said that “the real risk is the erosion of trust.”
The FBI-Apple battle may end with a precedent-setting blow to encryption systems, but developers and companies will reassure clients and end-users by turning to specialized information security providers to secure their apps.
Complex Problem, Simple Solution
Building advanced data-protection with robust encryption into your app is a big project – too big for the overwhelming majority of mobile app developers. While they may be able to do it in theory, in practice it is better for companies to have their developers working on their core, which is where third-party encryption providers like beame.io come in.
It is not yet clear what specialized provider or providers will be securing everyone’s information, but the IT industry is getting ideas. A tech startup with offices in the US and Israel, beame.io is about to launch as an encryption provider with a patent-pending technology that turns each mobile device it is used on into a software-networked SSL server.
That enables true end-to-end encryption, which skips the middle step in old-school connections, where information would traditionally be routed through a central server, and maybe even temporarily unencrypted and stored in plain text. End-to-end encryption means all data in transit is unreadable, even if it is somehow stolen or leaked.
For app developers, the beame.io SDK enables mobile-to-mobile communication, with all data encrypted from before it leaves the sender’s device until remaining that way until after it reaches the recipient’s device. To even attempt to break the encryption, a hacker would have to first have to find its route through the Internet, and then steal it – no small task when it is never written to a pre-ordained server along the way.
Developers Already Under Pressure
App developers are under constant pressure to meet ambitious release dates with “sticky” user experiences, and well-implemented encryption seems all too often beyond their capacity. A typical “quick check list” for testing mobile apps mentions the need for extensive security tests, but counts it as just one of ten necessary steps. SecurityWeek points out that a recent survey by the Penomon Institute found that three-quarters of those in the business consider securing their apps “very hard.”
“In the face of accelerating user demand, businesses are building mobile apps with speed-to-market and user experience in mind. What they are not doing, however, is validating that their apps are safe and secure enough for users to disclose the confidential information — such as billing details and personal information — the apps frequently require,” Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, wrote in a blog post.
The problem is hardly confined to indie developers and small business, as research shows banks are unable to secure their own mobile apps. The stakes are enormous, and the market is large and growing rapidly.
To make things easy for developers of browser-based applications, beame.io enables two-factor authentication, and synchronizes application context with one step. It covers all the licenses, certificates, and private keys necessary for storing sensitive data to a mobile device or the cloud. The technology works with any type of data, including media files, payments, and secure storage.
The ability to create secure network environments for apps with mobile devices has many potential uses in industries where technology collides with data security needs, like medicine. To demonstrate the potential, beame.io developed an extension for Buzz, a digital operating room information hub from medical tech company Brainlab, which allows it to deliver photos and videos to patient health records from a mobile-embedded SSL server.
Raising the Security Bar
An app that has all its security and encryption elements correctly implemented is protecting its user base. An app that has some, or that has them set up almost right is gambling its success on the actions of snoopers and the blind trust of its users. Apps without adequate security may even end up getting weeded out of app stores as the minimum security bar rises.
Even relatively security-savvy developers, therefore, are likely to turn to security providers like beame.io to give them the encryption and data protection technologies they need. That way, they can get back to making their application stand out from the crowd.
Edited by Peter Bernstein