Are Enterprises Vulnerable to Security Breaches on Employees Devices? (Part 3 in a series title “Mobile App Security Should be a Top Priority”)
By Product Management | November 29, 2012
Recently, in an article written by Rob Friedman of Apperian, he says “Enterprise IT developers have the same issue when building mobile apps for their fellow employees to use. Building and maintaining apps is expensive and it is only worthwhile if the apps are continually used. Some apps will be used infrequently but are still necessary, for example, when checking on company benefits. You don’t do it frequently, but you appreciate it when you do. Other apps are there to help improve your work life and if they are not compelling, then users will give up on them. For example, if you build a sales dashboard, it must be attractive, easy to use, and provide timely and useful information. If you get it right, your users will continue to return. If you make it difficult to use or fail to provide good information, users won’t come back to it.
For enterprise mobile apps, security is particularly challenging. On PCs, security is a solved problem. As every laptop user knows, the corporate VPN is ubiquitous and identity is centrally managed. To access company resources, you must first connect and identify yourself. In many cases, you also use your secure key fob to provide an extra measure of identification. But on mobile apps, while these things are available, they feel very different and are not readily accepted by users. Starting a VPN every time you want to use a mobile app feels cumbersome and annoying, even though you don’t think twice about doing it on your laptop. If enterprise IT views mobile devices merely as tiny computers, their apps are doomed to fail.
Fortunately, there are ways to have your apps be secured and yet feel usable. For example, you can use app wrapping to enable in-app VPN. Your users will have to authenticate to the app but they won’t have to figure out how to run a VPN on the device. You can also choose how long to remember a user for before they have to log in again. Security is always a tradeoff and relaxing policies just a little can make mobile apps feel much more usable.