The mobile world has pretty much taken over our lives. To address operational concerns, we are seeing some activity in the space to enable multiple virtual environments to run on a single device, allowing individuals to possess a single device that can separate personal use from business use.
Still, each device brings with it a different network, a different platform, various operating system versions, and a new set of apps to run on them. This nearly infinite combination oftentimes leaves a path wide open for vulnerabilities or other weaknesses to be exploited. While we have yet to experience large quantities of widespread and widely publicized attacks against the mobile space, we have to accept the fact that it is just a matter of time before attacks against these mobile vulnerabilities or weaknesses are used to gain access to personal/business devices, the critical business systems they are connected to, and the sensitive information that they host.
Unfortunately, for most app builders, the security requirements fall to the bottom of the requirements bucket as a priority of being quick to market trumps all else. Quickly building a secure app designed to run on one or more platforms/devices can be extremely challenging if the wrong environment and tools are selected. The real challenge is balancing the right level of security with the right multidevice/platform strategy with the right time-to-market delivery.
To begin with, addressing security for each app built on a device-by-device basis is not the right answer. This requires too much time to design, implement, test and deliver, thereby impacting the ability to get the app to market quickly to the widest audience possible. Additionally, it can be nearly impossible for an app development team to truly understand the nuances of each device, operating system and security requirement while trying to keep up with the changes to each of them over time.
Alternatively, most developers will look for a way to write the code once and have it run on multiple devices. This is typically accomplished by building a wrapper app. However, leveraging a wrapper app as an attempt to secure the app across multiple platforms is not the right answer either.
Here's another consideration: If your organization is planning to build apps that run on multiple mobile devices, then it is critical to select a mobile development platform provider that offers a completely native development environment for each of the mobile applications.
This provider should support the delivery of a rich and secure cross-platform experience for both the development team and the applications' users such that the time-to-market requirements can be met.
The development environment should eliminate the producer's burden of having to configure for each individual device and operating system, such that multiple platforms and operating systems can be supported through a single release.The development platform provider must research and implement a secure development environment, such that the application itself is secure and will use each of the mobile device platforms and operating systems securely.
With these requirements met, your organization should find they are able to deliver releases with greater quality, quicker release times, improved application scalability and reliability, proper system security and data integrity.
If an organization chooses to address the security risks of each platform through a ‘write once, run anywhere' mobile development platform, the model of lowest common denominator security can be avoided and mobile apps can be brought to market both quickly and securely.
Sean Martin is the owner and directing consultant at imsmartin consulting.