Mobile developers, be they in the software or hardware field, have become a bit more focused on security in the past few years, as smartphones, tablets and other portable devices have been some of the most common sources of data breaches. Although devices have become a bit more inherently secure, with physical guards such as Apple's thumbprint biometric authentication tool starting to come to fruition, significant concerns regarding applications remain.
Without apps, BYOD initiatives would not have quite the same positive impact on a company's productivity, as these pieces of software power everything from email communications and other collaboration tools to reporting and data access. In fact, Gartner released a study earlier this month that forecast roughly 75 percent of mobile applications to not oblige some of the simpler security requirements most companies expect by the end of next year.
The analysts pointed out that a combination of poor configuration and a lack of awareness regarding what the apps' allowances and permissions entail on behalf of the user will represent a significant threat. With all of this in mind, it should only make sense that the big names in the IT sector have become a bit more focused on security, but many of the latest releases have actually come back with mixed reviews, largely because experts are not sure if these upgrades actually improve upon existing access management capabilities.
Android's latest addition
Jack Wallen, writing for Tech Republic, recently reported that Google's announcement the new Android "L" operating system will include a relatively impressive feature that automatically encrypts every piece of data that enters into its storage. Many experts will argue that data encryption is one of the most effective measures to protect information, especially when access management controls are infiltrated or compromised during some form of an attack.
However, the author argued that, while Android's new feature will take care of encryption by default, taking that responsibility out of users' hands, this does not mean that the data will be entirely safe from unsanctioned access. Wallen went so far as to compare these security upgrades from Google and Apple to the improvements made in the automotive industry, stating that even with these progressive creations, unsafe driving will lead to accidents.
His point was essentially that these security updates and improvements are certainly welcomed and good steps to take on behalf of developers and manufacturers, but protection will always be dictated by the end user. Wallen stated that Google's plan for Android L might make it the most progressive option out there, but that organizations and consumers will still need to take responsibility for their own data's protection.
What more can be done?
When it comes to mobility, half the battle will always be finding the right solutions to protect data and devices from the technological standpoint, while the other will be ensuring that users are following best practices and policies. For the former, businesses should consider leveraging a combination of encryption strategies and advanced access management controls, such as dynamic authentication that anchors an identity to a device.
This way, data at rest and in motion will be at least partially protected – remember that encryption never means complete protection – and the chances of files getting stolen will significantly decrease when compared to traditional credential systems.
With respect to awareness and end-user practices, organizations must consider deploying training and general education initiatives to get all employees up to speed on their responsibilities with respect to data and network security.
The most robust and intelligent strategies will tend to yield the strongest protection against breach.