Is Your Enterprise BI Mobile App Safe?: Asks Reena Sethy
According to Statista, an online statistical portal, close to one third of the world’s population owns a smart phone. However, penetration of Business Intelligence (BI) on mobile devices remains quite modest as reported by the DAS Mobile Computing / Mobile Business Intelligence Market Study. One of the most common reason behind this modest usage of BI is data security concern. Most of the BI users on mobile devices like tablets and smart phones are senior management and sales executives who access highly sensitive data to enable them to make decisions faster, empower their employees and teams and stay ahead of the market.
According to Forrester, ‘Mobile’ is now a feature for most BI solutions, so security measures are usually addressed through a combination of capabilities, as part of the underlying BI platform and by the application at the mobile devices level.
It is important to understand how mobile users are being managed in the application. Access to data must be determined on the user’s role and entitlement. It is very important for the administrator to manage access control from one place, for ease of manageability. Usually this is done as part of the overall BI platform that the Mobile application is part of.
Security measures for Data on network (between various entities of the mobile deployment):
Does the mobile solution support various complex deployments scenarios like involving DMZs, Firewalls, Reverse Proxy etc?
A DMZ, or De Militarized Zone provides an additional layer of security to an organization's local area network by secluding the threat to only the DMZ servers and not to the internal network. This ensures security from external attacks.
Since Mobile users are mostly on the move, it is recommended to have a reverse proxy server, which is an intermediary between the client and the Web Application Server. Reverse Proxy Server provides an external network with indirect access to the backend.
Another recommendation is to also use Hyper Text Transfer Protocol Secure (HTTPS) as the communication protocol between the client and server since HTTPS is more secure than Hyper Text Transfer Protocol (HTTP). This provides secure identification of the web server in the network and enables encrypted communication.
Mobile deployments should also add various authentication mechanisms as additional layers of security, like, basic authentication, form based authentication, certificate based authentication etc.
Security measures for Data at Rest (on Device):
To ensure mobile BI application is secure, it is important to understand how data is stored on the device. A few pertinent questions to ensure data security include- Is the data encrypted? What are the additional security mechanisms? Is there any caching of data? - if yes, what happens to the cached data? How does the application store user login credential? Is there any other data that’s getting stored as part of the application and how is it being handled?
Its recommended to have an additional password to access the mobile application after unlocking the device or support finger print access like Touch ID in iOS to provide secure access accompanied with ease of use.
Most customers use mobile offline access, so that their business users have access to data from anywhere without the need of internet connectivity, this increases security threats and vulnerability. In such cases, it is important to understand if the downloaded data is in an encrypted or plain text format. There are many sophisticated algorithms to encrypt data on the device. Other options include authorization checks to access offline data, administrator control on what can be downloaded, remote data wiping options, etc.
Many enterprise grade applications, especially the Business Intelligence Mobile applications offer a combination of various options mentioned so far. However, in some cases it is also worthwhile to explore advantages of third party security tools offered in the space of enterprise mobility management (EMM) space. Solutions such as Mobile App Management (MAM) and Mobile Device Management (MDM) are getting increasingly popular, because of their provisions of additional security layers and options. Using third party security tools increases the overall cost and requires specialized skillsets to manage the complete mobile infrastructure.
Hence before going ahead with any mobile BI solution it is important for an organization to have clarity on the minimum security requirement, data security policy and willingness to invest in terms of skilled resources, time and money.