Securing Enterprise Data in the Mobile Age: Best Practices for Singapore-based Businesses

Securing Enterprise Data in the Mobile Age: Best Practices for Singapore-based Businesses

What is Enterprise Mobile Security?

A mobile phone can do almost all the work of a laptop. That’s great news for employees, but a challenge for organizations because it’s yet another endpoint to secure. Some of those endpoints are for corporate-owned devices whose security, reliability, and durability are controlled by organizations. Others belong to personal mobile devices that employees use for personal and office work, and which they’re responsible for securing.

Data breaches are all too common these days. So, given how 80% of daily work is performed on a mobile phone that likely has business data, organizations need a strong mobile security strategy within their broader enterprise data security plan. This recognition has led to the emergence of enterprise mobile security best practices, services, and software to protect endpoints, applications, and data.

In this post, we explain what goes into securing enterprise data from a mobility perspective, before delving into our area of expertise – mobile app development and security.

Key Concepts in Mobile Security for Enterprises 

What exactly must be secured and why? In implementing mobile security, Singapore businesses consider these fundamental aspects:

Information governance

Information is a valuable business asset. Information governance implements the processes, roles, controls, and metrics for the safe and effective use, access, distribution, and retention of an organization’s information assets. It is the framework for how information is managed throughout its lifecycle or what is known as enterprise information management. Information governance is the backbone or ‘how’ while information management is the goal or ‘what’.

Elements of information governance:

  • Data repository, a set of corporate databases that collect and store data sets for analysis, sharing, and reporting. Depending on an employee’s role, he/she may not be able to access all the data in the data repository.
  • Identity and access management makes it possible for the right people to use the right corporate resources they need on their mobile devices. Mobile identity management allows enterprises to authenticate users in order to grant access to trusted devices and enterprise applications.
  • Mobile cloud security means protecting the data on the cloud from any attack on the user’s mobile device. Threats include a virus or malware attack on the user’s phone, or misuse of access rights to gain access to a cloud service used by the company, such as Dropbox, Google Drive, or Microsoft One Drive.
  • Records management is creating records required to do business, managing the records (directories and files) so that information can be found when needed, and disposing of the information in accordance with the schedules and policies of the organization.

Unified Communications

Unified communication is a framework to extend business communications to various communication tools. The modern enterprise uses telephone, email, videos, and chat to exchange information over laptops, desktops, mobile phones, tablets, and other devices. Much of the information exchange is possible and occurs through the public internet and private corporate nets.

Opportunities are ripe for cybercriminals to attack business communications happening over mobile devices. Social engineering is a heavily used tactic to mislead employees into downloading a malicious link or performing an action such as transferring money to an account or sending a sensitive business file.

Data Storage

Mobile devices store large amounts of enterprise and personal data. Securing all the data together can intrude on the employees’ privacy. Employees should be able to share their personal data with loved ones. At the same time, enterprises should ensure that company data isn’t shared, whether intentionally or accidentally.

A solution is to separate the enterprise data from personal data such that, during the sessions of accessing enterprise data, all data leakage and theft prevention policies on the email, internet, and USB are implemented. Enterprise data will be inaccessible from personal sessions and vice-versa.

There are enterprise mobility solutions in Singapore that help to prevent the mix-up of enterprise and personal data and provide other innovative ways to secure data storage on mobile devices. They can provide for various requirements, such as preventing unauthorized usage and access, malware attacks, corruption, modification and destruction of data, or improper sanitization after the end of use.

Enterprise Mobility Management (EMM)

Enterprise mobility management refers to services and technologies to secure corporate data on employees’ mobile devices. It has a broad scope and encompasses mobile device and application management, identity and access management, extending these features to new mobile devices, and designing productive mobile experiences for employees.

Mobile Device Management (MDM)

Mobile device management is both a technology and a practice. MDM policies dictate how the organization will manage mobile devices and govern their use, asking questions such as whether the devices should be password protected, geo-fenced, or require firewalls, and gateways. MDM software monitors the business data and behaviors on mobile devices issued to employees or used for office work. It includes role-based access, secure VPN, password-protected applications, and GPS tracking.

Mobile Application Management (MAM)

Mobile application management is also a technology and a practice. It determines the distribution, security, and governance of mobile apps in enterprises. The IT team can provide control and management features for individual applications. MAM software enables the distribution, security, and lifecycle management of apps on personal and corporate-owned mobile phones and tablets.

Enterprise App Development and Data Security Best Practices

Security is a critical consideration during app development. A fundamental practice is to integrate software testing into the app development process. Other best practices that Singapore businesses should explore are:

  • Define coding standards and quality controls
  • Comply with secure software development best practices
  • Perform a threat assessment
  • Scan for security vulnerabilities
  • Document vulnerabilities and actions taken to mitigate/eliminate them

The best practices for data security include:

  • Apply network security measures
  • Secure the data-in-transit
  • Implement file-level and database encryption
  • Secure the backend
  • Implement high-level authentication
  • Use the latest cryptography techniques

Security measures during app development do not exist in a vacuum – they also consider the overall user experience. For example, authentication should be robust but not overly complex, which can lead to a negative user experience. Plan app design such that the UX encourages safety.

For expert enterprise app development in Singapore, drop us a line. We respect security best practices in building enterprise apps for any business challenge or opportunity you may have.