The line dividing personal and business devices is long gone, and the prospects for walled-in systems are not good. This is the age of bring-your-own-device, and it is too late to turn back now.
Today, employees bring their personal devices to work since they are often more powerful and easier to use than the technology that IT departments approve for business use. This means that business-critical information, which used to be protected within internal network perimeters, now lives on consumer-oriented devices. Securing the devices themselves is not practical, so applications must protect the data being processed.
The most important task of mobile app designers is making sure that even if a device falls into the wrong hands, data is not compromised. This rings true for developers building proprietary apps for internal corporate use, as well as vendors serving industry markets. The most protective designs should apply to the default behaviors for key areas, including when all data is erased after use and when all files are encrypted for local storage.
Airplane mode creates a unique challenge since it suspends a device’s signal-transmitting functions. In this mode, files are stored locally on the device, and encryption keys are downgraded. Imagine if the requirements were presented in reverse, and engineers needed to develop an app that allows for local storage of all files but lacks a secure encryption key exchange mechanism, yet needs to be compliant with strict security policies. This is a situation known to many security architects and would require a total rewrite of the application.
This is a call to action. Let’s not repeat our mistakes. By building enterprise-grade security directly into mobile apps we can enable users to work from their personal devices securely and efficiently.