Venkatesh (Venky) Sundar is the co-founder and CMO of Indusface, a TCGF II (Tata Capital) funded, fast growing, profitable and award-winning Application Security SaaS company with over 2000+ global customers in more than 90 countries. He is a first-generation entrepreneur with over two-and-a-half decades of experience in technological services and entrepreneurship field. Venky has experience working as an individual contributor as well as in leadership/management roles in multiple functions across engineering, services, sales and marketing for cybersecurity products and spent most of his early stage in career in US/Canada.
An important aspect of our digital lives, especially in the post-pandemic scenario, is that we are now app-dependent for most things. With nearly 5 billion mobile phone users in the world, and majority of them switching to smartphones, mobile apps have become the key to exchange data and services. Over 90% of social media platforms such as Facebook are accessed through smartphones and billions of people are using WhatsApp for text communication. Mobile banking and online payments have grown exponentially in the wake of the pandemic, and people are shopping for almost all needs online through apps. While the app-based ecosystem is now all pervasive, this increased use of applications to deliver or avail crucial services, and the huge volumes of critical data exchanged online, has drastically altered the cybersecurity landscape.
Mobile applications prove to be a lucrative target for cyber attackers. Just like the typical OS and enterprise applications we use to work remotely, mobile applications also come with their own vulnerabilities. According to a study, over 60% of companies reported data breach due to poor mobile app security. This is despite the fact that 44% of them did not take any responsive action to secure the app and prevent future cyber-attacks. Going forward, such ignorance or laid-back approach towards mobile application security could be devastating for industries.
Depending upon the purpose they solve, mobile applications need access to a diversity of data including personal information, medical history, financial information, identity proofs and so on. Such user data can give unauthorized access to credit cards, bank accounts, email passwords, personal contacts, and sensitive social or corporate information. Cybercriminals target these apps to steal such crucial data and either steal money or demand ransom from the potential victims.
According to a study, over 60% of companies reported data breach due to poor mobile app security. This is despite the fact that 44% of them didn’t take any responsive action to secure the app and prevent future cyber-attacks. Going forward, such ignorance or laid-back approach towards mobile application security could be devastating for businesses.
Keeping the risks in mind, it is important to review and restructure the way application security is approached. Whether it is building a new framework or integrating tools that can make apps easier and safer for the users, there are some best practices that help in improving the safety of the online user experience.
Let us take a look at some of these.
Secure by Design – One of the best approaches is to integrate security measures, right into the DNA of a mobile app. Thinking like an enemy, evaluating every possible vulnerability or weakness that a hacker could exploit, would enable effective security integration from the design stage itself. Instead of pushing an app through and later on suffering the damages caused by a data breach, it is better to build the application by using a secure by design approach.
Mobile Device Management (MDM) – Online application security begins with the device that is used to access the application. Depending upon whether it is an iOS or an Android phone, data stored on a device can be made secure. Considering encryption methods like 256-bit Advanced Encryption Standard, to secure various forms of files, databases, and other forms of data. Apple has a very strict policy enforcement rules that helps iOS devices in MDM. To secure android phones, the challenge is greater. This is because being cheaper, these devices can cause security risks. Thus, it is ideal to have the right devices, updated mobile OS, and well-planned MDM, can make your mobile application safer.
App wrapping – App wrapping is the process which is usually provided by MDM providers as a default, and it allows defining the segmentation of the app from the rest of the device by wrapping it in a secure environment.
Robust user verification – To make an app secure, the fundamental option is to ensure robust user verification and access permissions. Nowadays, the two-stage verification process is becoming a key feature in this area.
Improving OS security – By making the OS more difficult to hack, application security can also be improved. For instance, Apple has been a leader in making its operating system impenetrable for hackers.
API security – API is one of the most useful tools for the mobile application developers. The data from app can be secured through APIs, and even data transfer can be made safer through an SSL with 256-bit encryption.
It must be understood that all mobile devices that access a mobile application will be insecure and vulnerable. Hackers would have the opportunity to steal the data being transferred to or from your app. In such a scenario, instead of paranoia, following the above mentioned as well as various other security enhancement features can help you keep the mobile application safer. While these tips can provide good first-level security, for enterprise applications carrying sensitive data, it is advisable to opt for a professional application security services provider.